on
Replacing OpenVPN with Wireguard via systemd-networkd
I use a VPN for an extra layer of privacy, whether that be between me and my ISP, or while using a public Wi-Fi network. Up until this point I’ve used OpenVPN. WireGuard is the new kid on the block destined to replace OpenVPN; in this blog post I’ll show how I replaced OpenVPN on my main PC. The standard way I’ve seen people do this is via wg-quick
, from the wireguard-tools package. systemd-networkd
has native support for WireGuard, meaning that all one needs is the WireGuard kernel module (which itself is part of the kernel as of Linux 5.6!).
Navigate to /etc/systemd/network/
. This is where you’ll create the configuration files. I used systemd-networkd
to manage my Internet connection already, so I already have one file in this directory.
First create a file called wg0.netdev
. This is what mine looks like:
[NetDev]
Name=wg0
Kind=wireguard
Description=Wireguard VPN
[WireGuard]
PrivateKey=REDACTED
FirewallMark=51820
[WireGuardPeer]
PublicKey=REDACTED
AllowedIPs=0.0.0.0/0,::/0
Endpoint=REDACTED
The PrivateKey
, PublicKey
, and Endpoint
have all been redacted, but anyway this is where you’ll want to fill in your details here.
With that file created, create a wg0.network
file. Again, this is what mine looks like:
[Match]
Name=wg0
[Network]
Address=REDACTED
[Network]
Address=REDACTED
[Link]
MTUBytes=1420
[Route]
Source=::/0
Table=51820
[Route]
Source=0.0.0.0/0
Table=51820
[RoutingPolicyRule]
InvertRule=yes
FirewallMark=51820
Table=51820
[RoutingPolicyRule]
SuppressPrefixLength=0
And again, just fill in your details here. Now, if you do sudo systemctl start systemd-networkd
, you should find that you get a working VPN connection in no time at all :).