In this article we will show how to add WireGuard support to the existing Pritunl OpenVPN installation. In case you are starting from scratch, you can first read our article about how to setup Pritunl VPN server and then come back here.

There are instructions available about Wireguard and Pritunl, but the process is not fully clear and we faced different issues during the setup. That’s why we decided to cover it in this guide.

Overview

Wireguard is a new VPN protocol. Both OpenVPN and Wireguard use AES-256 encryption, open-sourced and considered equally secure. However, WireGuard is lighter in terms of code, faster and has less attack surface. In the same time, OpenVPN proved to be highly secure and trusted through many years and numerous audits.

Adding WireGuard support to Pritunl

There are several steps both client and server side to be made to enable Wireguard support within Pritunl server installation. We will cover all of them.

Server-side configuration

  1. Update server packages.
    sudo apt-get update
    sudo apt-get upgrade
  2. Install Wireguard
    sudo apt install wireguard
  3. Install and enable dynamic kernel module support
    sudo apt install wireguard-dkms
    sudo dkms autoinstall
    Check status with dkms status

Enable Wireguard in Pritunl

Login to your Pritunl admin. Go to “Servers“. Make sure you “Stop Server” before you make any changes. Then go to server configuration, like it’s shown on the picture below.

pritunl admin configuration
Servers > Stop Server > Server configuration

In the next window you will need to mark “Enable WireGuard”, set “WG Port” (you can use the next to your regular OpenVPN port) and “Virtual WG Network”. Check on the picture below to see the settings in our use case scenario.

Enable and configure WireGuard in Pritunl

Click Save.

Reboot Pritunl using this command: sudo systemctl restart pritunl.service
Check if the server is listening on the WG port you set: netstat -ntulp | grep 1020

Server is listening on the WireGuard port

At this point the server-side configuration is finished. We would suggest to re-create the OpenVPN connection profiles. Now let’s move to the client side.

Client side configuration

In order to utilize WireGuard tunnel you will still need its native client although you connect via Pritunl client. So, your next step will be downloading and installing WireGuard client.

WireGuard client installation

  1. Download and install WireGuard
  2. Reboot
  3. Make sure you see WireGuard icon in the tray.

Run Pritunl

  1. Start Pritunl client. We assume that you have it installed already.
  2. Import new profile
  3. If you completed all the steps correctly, you will see two connection options in your Pritunl client: WireGuard or OpenVPN, like on the picture below.
Wireguard connect Pritunl
WireGuard enabled in Pritunl

Press WireGuard to connect via new tunnel. That’s it.

We have learned how to enable WireGuard support in Pritunl OpenVPN. We hope you enjoyed reading. Now have some fun with new protocol testing.

Follow by Email