Question about Wireguard on Linux set up via terminal. Please help & clarify!

General Computing Tech Support
3

Wow thanks for the detailed info!

I am not sure I am this tech savvy to understand all of this and implement this on my end. I was only able to set up wireguard via terminal following simple step by step guidelines from the support pages from Proton and Mullvad.

That said, I will definitely try to implement this but I also don’t want to break/brick/mess with networking too much or to a point where I make a mistake and I have no internet at all. I do want to learn!

Follow up questions:

  1. Do you mean, I should add this in the config file that’s in the etc and wireguard folder?

  2. Do I add this in the end or the beginning of the interface section?

  3. Do I simply copy-paste your code and save the file or do I have to make any changes to what you have in your comment? Correct me if I’m wrong but this is the same as what I see on the Mullvad’s support page?

  4. Will I simply and still be able to disconnect from the VPN with the sudo wg-quick down command after doing this?

  5. Is killswitch for a VPN set up with wireguard via the terminal even needed? I do want to ensure all traffic goes through my VPN but I don’t know under what circumstances traffic will go outside of it if one doesn’t have killswitch enabled.

  6. Do these instructions apply for Fedora too? I’m guessing these wireguard instructions are not distro specific.

Once you clarify again - I’ll try this with confidence. Thanks again for your help!

Edit: Mullvad has an extra line for each in addition to what you have:

PostUp  =  iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show  %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show  %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

Which one should I follow? I do have a ProtonVPN confid file but wireguard should work the same no matter the VPN so I’m guessing it should be okay - please clarify.