What's WireGuard? From Wikipedia:
WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface.
To simplify, it's a secure and fast network protocol uses in many leading VPN providers. Then, if that's the case, why can't we just use the clients from the providers? Well, you should use the client if:
- It is officially released for your system, thus eliminated any chance of compatibility issues, or the hassle of setting it up.
- It is open source, or at least the source code is available, so its behaviors are verifiable through public review by anyone who can read the code.
Otherwise, it's better to just connect to the VPN through WireGuard config file.
If your VPN provider neither provides open source/source available client nor support the usage through WireGuard config file, it's certainly a time to switch to another provider.
Do not forget that you'll have to trust them enough to run all of your connections through their servers.
Nevertheless, there are some providers that I do recommend, as each of them provide top-notch security and privacy for their users:
- They offer obfuscation technology called Shadowsocks (hiding the fact that you're using a VPN to reroute your traffic), but it doesn't work on mobile currently.
- They own 168 servers in 9 countries.
- Email is not required, and they accept anonymous payment like cash, Monero, etc.
- The service comes at a reasonable price. The fact that it's the only one without any long-term payment scheme, combining with all the features and the quality of the service, I considered their pricing to be the fairest (which also made their price to be the cheapest IMHO) out of any VPN providers in the market.
- They offer obfuscation technologies called Obfsproxy and V2Ray, which doesn't work on Android yet (iOS has beta support).
- The client comes with a firewall, but it is still having an issue with Flatpak apps, though.
- They own and manage all of 91 servers in 37 countries.
- Email is not required, and they accept anonymous payment like cash, Monero, etc.
- The pricing is hard to swallow, though. But considering the variety of obfuscation technologies the client offers (still missing on Android), it might be worth the price.
- They offer obfuscation technology called Stealth, but only available on mobile and macOS. There's a request for this feature in their Windows client opening. On Linux, unfortunately, it is not going to have this feature soon, at least, not before they implemented WireGuard in their Linux client first. So, if your focus is on mobile, especially if you're using Android, Proton VPN is the only option with obfuscation technology.
- Although, Proton VPN is banned in China since 2019, but with Stealth, according to a Reddit user, it seems like it's working in China again.
- They own and manage 106 servers in 68 countries, of which they called Secure Core.
- WireGuard is not supported in their Linux client yet. However, they implement OpenVPN DCO in their Linux client, which they claim to be as fast as WireGuard.
- Email IS required. They accept anonymous payment only in cash through Proton credits, which can be purchased after you crated the account with them.
- Port forwarding is supported, hence torrenting is at full speed here. It's only available in paid plans, though.
- Media streaming (Netflix, Prime Video, Disney +, etc.) is supported. See streaming servers list.
- Their pricing is the same as Mullvad IF you pay them in advance for a year. It could be cheaper through their usual promotions on holidays.
- They also offer 📌 free VPN.
---
Let's connect to the VPN using WireGuard config file
The main advantage of using VPN with this method is that it's 100% compatible with any system out there, as it doesn't rely on the compatibility of the providers' clients. For example, you can use Proton VPN on openSUSE with this method. Note, I do not recommend Proton VPN app on Flathub, as it's not verified by, affiliated with, or supported by Proton AG.
Without further ado, let's see how to use them. To follow this walkthrough, you can create a free account with Proton and download WireGuard config file from there.
1. Install WireGuard
For example, on openSUSE:
sudo zypper install wireguard-tools
For other systems, see the installation instruction from the official doc.
2. Move the config file to /etc/wireguard
On Linux, the only place to put your WireGuard config files is in /etc/wireguard. Note, the config's filename cannot exceed 15 characters.
3. Register the Config File and Connect to the VPN through WireGuard
For example:
sudo wg-quick up /etc/wireguard/ProtonUSF993019.conf
At least, on openSUSE Tumbleweed, wg-quick can't seem to find my config file in /etc/wireguard unless it's registered with a full path. After the registration, you can run the command without the path:
sudo wg-quick up ProtonUSF993019
4. Close the Connection Properly
To close the connection, it's easy and predictable enough 😂:
sudo wg-quick down ProtonUSF993019
However, to close it properly... Imagine, if you have many configs in /etc/wireguard, you could've connected to any connection in there. So, how do you close the ongoing connection regardless of the connection/config name? Here's how:
sudo sh -c "for f in /etc/wireguard/*.conf; do wg-quick down $(basename -s .conf "$f") ; done"
- The use of
sh -ccommand helps you run the script without having to create a script file. - The command in the quote (
"") iterates through each file ending with .conf in/etc/wireguarddirectory. Each iteration is saved in a variablef, which can be used again with$f. - The semicolons (
;) are used to write multiple commands on the same line. basenamecommand extracts the filename without the extension (.conf).- The loop then calls
wg-quickdown with the extracted interface name.
5. Starting the Connection Properly
Starting WireGuard connection with wg-quick is easy. However, to start it properly, you might want to disconnect from your ongoing WireGuard connection first (if there's any). For example:
sudo sh -c "for f in /etc/wireguard/*.conf; do wg-quick down $(basename -s .conf "$f") ; done; sudo wg-quick up ProtonUSF993019"
Basically, you close all the connection first. Only then, you start a new connection.
6. Using MenuLibre to Create Desktop Files (optional)
If you don't want to type a lengthy command, you can create a desktop file that you can use to run the command with a single-click instead.
A desktop file can be easily created using MenuLibre app, as shown in the screenshot below:
---
If you like this article, please let me know in the comment section below. Bye 💨
---
Cover Photo by Girl with red hat on Unsplash
