eoffice-logo
Back to blog

WireGuard: Explanation of All Interface and Peer Configuration Fields

May 20, 2025

WireGuard configuration

Introduction

WireGuard is known for its simplicity and efficiency, but it's important to understand every item in the configuration to avoid mistakes and ensure a stable connection. A WireGuard configuration file (wg0.conf or similar) consists of 2 parts that define the interface and peers (other participants in the VPN network). Here's the basic structure:

Complete Configuration Example

[Interface]
PrivateKey = BAsdfasJf38slfs93fsdf89sd8f==
Address = 10.0.0.1/24
ListenPort = 51820
DNS = 1.1.1.1

[Peer]
PublicKey = KJhsd9s8d9s8d8s7f9s8s9d8f9sd8f98sd9f8sd=
AllowedIPs = 10.0.0.2/32
Endpoint = vpn.example.com:51820
PersistentKeepalive = 25

Explanation of [Interface] Section Fields

PrivateKey

Description: The private key of the WireGuard interface (server or client). Important: This is a secret key and must not be shared! It is generated using wg genkey.

Address

Description: The IP address(es) used by the interface within the VPN network. Example: "10.0.0.1/24" means the interface uses IP 10.0.0.1 and expects a /24 network. Note: Multiple addresses can be entered, separated by commas.

ListenPort

Description: The port on which WireGuard listens for incoming connections. Example: "51820" is the default port, but it can be any open UDP port. Note: Only required on the side that receives connections (e.g., the server).

DNS

Description: The DNS server to be used when the VPN tunnel is active. Example: "1.1.1.1" or "8.8.8.8" Note: Effective when used with a WireGuard client that supports this option.

Explanation of [Peer] Section Fields

PublicKey

Description: The public key of the remote peer. Important: It must match the private key of the other side. It is shared publicly.

AllowedIPs

Description: Networks/IP addresses that are routed through this peer. Example: "10.0.0.2/32" means that traffic destined for 10.0.0.2 will be sent to this peer. Special: If you enter "0.0.0.0/0", you create a "full tunnel" – all traffic goes through the VPN.

Endpoint

Description: The address and port of the remote peer. Example: "vpn.example.com:51820" Note: Used only on the client side or the side that initiates the connection.

PersistentKeepalive

Description: How often the client sends a packet to keep the connection alive. Example: "25" seconds is typical for devices behind NAT. Useful: Prevents the tunnel from "dying" due to inactivity.

Conclusion

  • The configuration is stateless — there are no "sessions"; everything is based on keys and routing.
  • On the server, you can have multiple [Peer] sections — one for each client.
  • On the client, there is usually only one [Peer] (the server).

WireGuard interface and peer configuration may look simple, but every field has a significance that directly affects functionality, security, and connection stability. Understanding these options helps your VPN run smoothly, whether it's used for office network access, site-to-site connectivity, or a secure internet connection from remote locations.

Need IT support?

Contact us for a free consultation.

Contact form
Back to blog