Replacing OpenVPN with Wireguard via systemd-networkd
I use a VPN for an extra layer of privacy, whether that be between me and my ISP, or while using a public Wi-Fi network. Up until this point I’ve used OpenVPN. WireGuard is the new kid on the block destined to replace OpenVPN; in this blog post I’ll show how I replaced OpenVPN on my main PC. The standard way I’ve seen people do this is via
wg-quick, from the wireguard-tools package.
systemd-networkd has native support for WireGuard, meaning that all one needs is the WireGuard kernel module (which itself is part of the kernel as of Linux 5.6!).
/etc/systemd/network/. This is where you’ll create the configuration files. I used
systemd-networkd to manage my Internet connection already, so I already have one file in this directory.
First create a file called
wg0.netdev. This is what mine looks like:
[NetDev] Name=wg0 Kind=wireguard Description=Wireguard VPN [WireGuard] PrivateKey=REDACTED FirewallMark=51820 [WireGuardPeer] PublicKey=REDACTED AllowedIPs=0.0.0.0/0,::/0 Endpoint=REDACTED
Endpoint have all been redacted, but anyway this is where you’ll want to fill in your details here.
With that file created, create a
wg0.network file. Again, this is what mine looks like:
[Match] Name=wg0 [Network] Address=REDACTED [Network] Address=REDACTED [Link] MTUBytes=1420 [Route] Source=::/0 Table=51820 [Route] Source=0.0.0.0/0 Table=51820 [RoutingPolicyRule] InvertRule=yes FirewallMark=51820 Table=51820 [RoutingPolicyRule] SuppressPrefixLength=0
And again, just fill in your details here. Now, if you do
sudo systemctl start systemd-networkd, you should find that you get a working VPN connection in no time at all :).