A WireGuard client is a computer or mobile device that will use the VPN. When a client is added, a config file is created.
For a mobile device, WireGuard can display the config as a QR code for scanning. I'm using PowerShell 7 which does not display the codes correctly.
Alternatively, the QR code can be saved as a PNG. But, because this is an Ubuntu server with no desktop, there is no baked-in way to display PNG. My easiest option is to copy the PNGs to my PC where I can easily display them - hence PuTTY.
For a computer client, you can display the config in Linux. From here you can copy-paste to a local file on your computer. But since I already need PuTTY, I'll use it for the config files as well.
- Go here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
- Install the full package.
When you create a Lightsail instance, the SSH key you download is a .pem file. To use with PuTTY, convert this file to .ppk using PuTTYgen.
- Launch the PuTTYgen app.
- Click the Load button and select your
my-key.pemfile. - At the bottom, under Parameters:
- Type of Key to Generate = RSA
- Number of Bits = 2048
- Click Save Private Key
- Save to
C:\Users\user\.ssh - Save as as
my-key.ppk.
- Save to
The command to copy a file from Linux to Windows looks like this.
# Change permission of configs dir
# Mine was root - needed to be ubuntu (user)
sudo chown -R ubuntu:ubuntu /home/ubuntu/configs
# In a separate PowerShell not SSHed to Ubuntu
pscp -i C:\Users\user\.ssh\aws-vpn-root.ppk ubuntu@site.com:/home/ubuntu/configs/my-client.png D:\WireGuardInstead of PowerShell, you can use PuTTY.
- Launch the PuTTY app.
- Session
- Hostname = site.com
- Port = 22
- Connection Type = SSH
- Connection
- Enable TCP keepalives = True
- Connection > SSH > Auth
- Browse to
my-key.ppk
- Browse to
- Important Session
- Enter a session name.
- Click Save Session.
- Click Open.
- Accept the warning.
- Login as = ubuntu (username on server)