Use wg-quick to make your Wireguard tunnels easy and persistent on Linux.

Here’s a way on how to make your Wireguard tunnels survive reboots. Not only that, it also makes it easier to start and test your tunnels.

In order to do this, make sure that your wg0.conf file, for example, is located preferably in the /etc/wireguard directory. Also you can make the configuration file more secure by running the following command:

chmod og-rwx wg0.conf

It is recommended that you only allow the root user to have access to these files. The other user should never ever have any sort of access to this file as it will allow an malicious attacker to get ahold of the entire VPN tunnel and compromise your entire network(s).

In order to quickly test your Wireguard configuration file. You can simply run it like this:

wg-quick up wg0 /path/to/wg0.conf

This will bring up the interface wg0 and attach it to the configuration file /path/to/wg0.conf. You can also bring it back down with ease:

wg-quick down wg0 /path/to/wg0.conf

In order to make your tunnels survive reboots and be brought back up automatically, we are going to use systemd to add wg0 as a service:

systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0

The configuration located in /etc/wireguard will be loaded into wg-quick systemd and started.

Your tunnel should now always be running.