How to set up a manual WireGuard® connection on Linux?

Follow the steps below to set up a WireGuard® connection on your Linux device via Network Manager.

The following steps are needed for a Network Manager setup:

1. Get your key pair
2. I have a key pair
3. I don't have a key pair
4. Choose a Surfshark server
5. Download WireGuard® and connect to the VPN

 
Get your key pair

There are two ways we can go from here. You might have generated a key pair, and you'll be able to use it. Or, we will have to generate one.

If you have a key pair already, continue the tutorial as usual. If you do not, you should move on to the I don’t have a key pair section.

I have a key pair

1. Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Desktop or mobile option and click on WireGuard.
   
   
   
2. In the next window, click on I have a key pair.
   
   
   
3. Name your key pair and click Next.
   
   
   
4. Enter your public key and hit Save.
   
   
   

I don't have a key pair

1. Go to Surfshark's login page and log in. Then, visit VPN > Manual setup. Choose the Desktop or mobile option and click on WireGuard.
   
   
   
2. In the next window, click on I don't have a key pair.
   
   
   
3. Name your new key pair.
   
   
   
4. Click on Generate a new key pair.
   
   NOTE: Copy and store the generated key pairs on your device. You will not be able to check them here again.
    
   

Choose a Surfshark server

Once you have your key pair, you should see a Choose a location button. Click on it. Here, you'll find the list of available locations to connect to. Select one and keep this window open, as we'll need it for later.




NOTE: You will need the Server public key highlighted above later in the Network Manager setup.

Download and install WireGuard®

Follow the steps below to install the WireGuard® package, which we will then configure on the Network Manager.

1. Begin with running the following command in the Terminal if you are using Ubuntu, Mint, Debian, Kubuntu, Lubuntu, Xubuntu, MX Linux:
   

   sudo apt install wireguard

   
   If you are using Arch or Manjaro:
   

   sudo pacman -Syu wireguard-tools

   
   If you are using Fedora, Redhat:
   

   sudo dnf install wireguard-tools

    

2. Open Network Manager, or as it is sometimes referred to, Advanced Network Configuration. The window you see may be different depending on the Linux distribution you are using.
   
   You can also open Advanced Network Configuration via terminal by typing in the following command:
   

   nm-connection-editor

   
   
   
   
3. Click the + button.
   
   
   
4. In the following window, select the connection type. In the dropdown menu, choose WireGuard under the Virtual tab.
   
   
   
   
5. Fill in the details as seen in the window below:
   

   Connection name: Any name you like (we recommend naming it as the server you're connecting to) Interface name: surfshark_wg Private key: Enter your private key (refer to Get your key pair section in this article) Listen port: 32 Fwmark: 51820 MTU: 1280

   
   
   
   
6. Next, configure the Peers. Press Add in the Peers section.
   
   
   
7. Fill in the following information:
   

   Public key: Server public key (refer to Choose a server section in this article) Allowed IPs: 0.0.0.0/0 Endpoint: example.prod.surfshark.com:51820

   
   
   
   
8. Click Apply.
   
   
9. Now, click on the IPv4 Settings.
   
   
   
10. Enter the following information:
    

    Address: 10.14.0.2 Netmask: 16 Gateway: leave the field empty DNS servers: 162.252.172.57, 149.154.159.92 Search domains: ~.

    
    
    
    
11. Click Save.
    
    

Connect to the VPN

1. At the top right corner of your screen, press on the network icon.
   
   
   
2. Select your VPN connection.