wg genkey | tee privatekey | wg pubkey > publickey, then paste them here.
[Interface]
[Peer]
Routes all traffic through the tunnel (full-tunnel). Using just the VPN's own subnet instead (e.g. 10.0.0.0/24) routes only that subnet through the tunnel (split-tunnel).
Recommended when the client is behind NAT.
How is a wg0.conf file structured?
A WireGuard configuration file has two sections: [Interface] defines this device's own settings (its private key, its tunnel IP address, an optional DNS server); [Peer] defines the remote endpoint you connect to (its public key, its address, and which traffic should be routed through this tunnel). One important nuance: the roles are mirrored — a client's config has a single [Peer] block (the server), but the server-side config has its own [Interface] block and lists a separate [Peer] block for every connected client. So "Peer" is not an absolute role, it just means "the other side of this tunnel."
AllowedIPs = 0.0.0.0/0, ::/0 specifies which destination IPs, when reached via this peer, should be routed through the tunnel; since 0.0.0.0/0 and ::/0 cover the entire IPv4/IPv6 address space, this effectively means "send all traffic through the VPN" (a full-tunnel VPN — including your general internet access). Using just the VPN's own subnet instead (e.g. 10.0.0.0/24) means only traffic destined for that subnet goes through the tunnel, while everything else (including your regular internet access) takes its normal network path — this is called split-tunnel.
PersistentKeepalive = 25 is the value WireGuard's own documentation recommends whenever the client sits behind NAT (true for almost all home and mobile connections). NAT devices silently drop the port-mapping entry they hold for a connection once no traffic has passed for a while; without a keepalive, once that mapping expires the server can no longer reach the client through that NAT, and the tunnel effectively becomes one-way until the client itself sends traffic again. An empty keepalive packet sent every 25 seconds keeps that mapping alive, guaranteeing the server can always reach the client.
When should you use WireGuard Config Generator?
The KEYDAL WireGuard Config Generator tool is a browser-based utility that developers, system administrators, SEO specialists and enterprise technology teams use in their daily operations. It requires no installation, is free, and produces results instantly. It is designed so local teams can run audits without connecting to server environments and run analyses without touching production.
Typical scenarios include: post-migration verification, comparing domain or hosting providers, diagnosing customer issues, security auditing (pre-pentest reconnaissance), root-cause analysis of email deliverability problems, validating CDN or proxy configuration, surfacing technical audit data for SEO teams, and rapid information gathering during incident response. You can copy results as text and share them or paste them into internal documentation.
The KEYDAL infrastructure team provides web hosting, VPS, dedicated server management, server hardening, DNS configuration and SSL/TLS deployment services from Türkiye. Beyond these tools, we deliver server setup and operations support across Hetzner, OVHcloud, Contabo, DigitalOcean and Turkish providers.
Your queries are never stored on our servers
KEYDAL tools run stateless: domain names, IPs, URLs or other inputs are not persisted to any database. Logs are kept only for security purposes (rate limiting, abuse detection) and deleted within 30 days. For tools that handle sensitive data (tokens, API keys, JWTs), processing happens entirely in your browser — nothing is sent over the network. See our Privacy Policy for details.
All tools run over HTTPS with TLS 1.3 support. KEYDAL is a Türkiye-based technology company and complies fully with local data-protection regulations (KVKK) and GDPR principles.
You may also be looking for
The KEYDAL free tools collection includes DNS lookup, WHOIS lookup, SSL certificate checker, HTTP headers analyzer, IP geolocation, uptime checker, JSON formatter, JWT decoder, Base64 encode/decode, QR code generator, meta tag analyzer and robots.txt tester. All browser-based, free, no installation.
If you are comparing server prices, see our web hosting, VPS, VDS, cloud hosting, dedicated server and storage pages. See all tools →