One way of how to setup a Wireguard VPN

Some lovely wholesome developer has included: connmanctl.

Which really makes it easy to setup a wireguard vpn.

connmanctl watches: /storage/.config/wireguard

And has its own config system, just create a: nano myvpn.config in that directory.

Type = WireGuard
Host = (The IP of the VPN Server. Ping its hostname)
Domain = ThisMustHaveANameAndByGawdANYNAME
WireGuard.Address = The VPN internal server IP (ends with 24 or 32 usually)/32
WireGuard.PrivateKey = yourPrivateKeyHere
WireGuard.PublicKey = yourPublickeyThere
WireGuard.DNS = DNS_IP1, DNS_IP2
WireGuard.AllowedIPs =
WireGuard.EndpointPort = TheServerPort
WireGuard.PersistentKeepalive = 25

(There shall be no () in the config!)
Then you save it.
Type connmanctl whack enter.
Now you should be able to see it by typing: services (and whack enter)
If everything is ok, it should be listed.

Now you can type:
connect (first letter of config & press TAB) autocompletedConfigname
Likewise, you type disconnect to disconnect.

And then it should say: Connected
Type: quit to Quit.

You can check your external ip by:

If you wish, you can setup so that it starts on boot by:
config VPNNAMEByTAB autoconnect yes

Enable the service:
systemctl enable connman

Now, I hope to use my N2 as a gateway (see thread), so that the local network can use wireguard at the same time. Seems to be iptables that’s missing.

1 Like

I guess wireguard can not be setup with zomboided vpn manager?

1 Like

It seems to utilize openvpn only.

Still connman does not work properly when you set AllowedIPs to NOT “”.
It breaks routes then.

Hm. Strange.

If I open a conf from my VPN provider it says
Have not tested anything else, as it’s the right value for my vpn connection.

There is no “right” value for AllowedIPs parameter.
This parameter defines which addesses should route through wireguard. means everything should come through wireguard.

But if you want to setup Wireguard, but use it for specific situations or bind some applications to this network interface only, you will fail.
Because connman is always routing everything through wireguard interface.
This bug is reported long time ago, but still no changes with that.


Sorry for asking such a stupid question since i newbie in this. which addon should i use to type the connmanctl?

There is no stupid questions, big things have small beginnings.

You have to use an SSH-application (i.e putty for windows), then you find out what IP your coreelec machine has (it can be seen in system info).

Open putty insert your ip and user:root and the password (coreelec is default, if you have not changed it).

Read up on ssh, what is linux terminal, what is nano and take it from there.

1 Like

hi thank you for your reply, i just manage to install putty on windows and connect to my device. quick question, how can i got all the information required from subscription vpn. im using vyprvpn.

If you look in the windows-wireguard client, one can edit the configs for the different VPN’s one can connect to. There is all the info you need.

Hey, helping out is the FLOSS way. Pass it forwards.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.