Skip to content

VPN Wireguard connection

VPN Gateway

Before configuring WireGuard VPN connections, review the information about the VPN Gateway.

After registering an account in the VPN service, one VPN Gateway is created by default.

The steps below describe how to create a WireGuard VPN connection and add devices.

Before Start

Before creating a WireGuard VPN connection, prepare and define the following information:

  • Device Subnet Address (Subnet)
    This is the virtual network where the devices connecting to the VPN will reside.
    Example: 192.168.47.0/24
    The first address of this subnet will be used as the Gateway IP in the connection settings (e.g., 192.168.47.1).

  • Need for IP Address Masking (NAT)
    Decide whether to hide (mask) the real IP addresses of connected devices behind the VPN server’s address.
    This option can be enabled using the Enable NAT for the subnet checkbox.
    Enabling NAT simplifies network configuration — VPN-connected devices will be able to access target virtual machines without the need to manually configure routes or security rules.

  • Device Name
    Create a name for your client device that will make it easy to identify the endpoint connecting to the VPN.

  • Public Key from the installed WireGuard client

  • Private Key from the installed WireGuard client

Creating a New Connection

To create a connection in a pre-created VPN Gateway:

  1. Go to VPN Gateways.
  2. Click on the existing gateway.
  3. In the opened window, click Create connection.

In the connection creation form, fill in the following fields:

  • Connection Name;
  • Device Subnet – the IP address of the VPN Gateway within the client connection subnet.
    Specify the previously selected subnet (for example: 192.168.47.0/24);
  • Gateway IP – the IP address of the gateway (for example: 192.168.47.1);
  • Port – UDP port on the public IP address;
    It is recommended to use the 2200/udp port for the first connection, as it is preconfigured and allowed. For subsequent connections within the same account, contact support to configure additional ports.
  • MTU (Maximum Transmission Unit) – the recommended maximum value is 1420.

After filling in the fields, click Save.

Route creation

To allow devices connected via VPN to access virtual machines in other account networks, you need to add a new route for the specified connection subnet to the list of VPC routes.

  1. Go to VPC NetworksRoutes tab.
  2. Click Create Web Route.

In the route creation modal window, specify:

  • Subnet – in this case, 192.168.47.0/24;
  • Gateway – the internal address of the previously created VPN connection (in this example, 198.18.0.2).

The created web route will be displayed in the general list of routes.

Device adding

To start using this VPN connection, you need to add your device to the list of connections.

  1. Open the created connection.
  2. Click Add device.

Fill in the following fields:

  • IP – the automatically suggested available address (from the subnet specified when creating the connection), in this case 192.168.47.2;
  • Public Key – the user’s WireGuard public key;

The Routes Subnets and Keep Alive fields are optional.

Configuration Setup

To complete the setup, generate a WireGuard configuration file to activate the VPN connection on your device. In the side menu of the selected device, go to the Configs section.

In the opened modal window, enter your WireGuard Private Key and click Proceed.

Follow the built-in instructions for your operating system. Use the generated configuration file or QR code to establish the connection.

After completing these steps, the WireGuard VPN connection is considered configured.

Connection Check

To verify that the device is successfully connected to the VPN, run the ping command with the gateway address:

ping 192.168.47.1