Wednesday, 06/03/2026

自由档案馆

思想自由|言论自由|为沉默的声音发声

自由档案馆

思想自由|言论自由|为沉默的声音发声

订阅RSS

    Free Archive | WireGuard One-Click Installation Script (Chinese Version)

    自由档案馆010 mins

    WireGuard one-click installation tutorial:

    Project address: https://github.com/iwantruncom/WireGuard-install-cn

    Thanks to the original authors Angristan and Comrade Zhang Gousheng.

    🚀 One-click installation 📱 Automatically generate QR code 🧰 Chinese guide 🔒 Generate keys locally 💻 Supports multiple platforms

    1. Who is this tutorial suitable for?

    Many beginners want to build their own VPN, but when they see words like Linux, ports, firewalls, keys, and client configuration, they feel it’s very complicated.

    In fact, if you only use it yourself, or configure a private WireGuard node for your phone or computer, you don’t need a high technical threshold. The WireGuard Chinese one-click installation script introduced in this article has simplified the complex installation process into a Chinese guide, and most options can be completed by simply pressing Enter.

    • Suitable for users who want to build their own private VPN
    • Suitable for beginners who are not familiar with Linux commands
    • Suitable for people who want to quickly connect by scanning a QR code with their phone
    • Suitable for people who want to create nodes for their phones, computers, and tablets separately

    2. What is WireGuard?

    WireGuard is a lightweight, efficient, and modern VPN protocol. Compared to traditional VPNs, it is simpler to configure, faster, and uses fewer resources, making it very suitable for individuals to build private VPNs on VPS.

    Fast Simple protocol, good performance.
    Simple configuration The client can be used by importing the configuration.
    Multi-platform support Supports Windows, macOS, iOS, Android, and Linux.

    3. What do you need to prepare before installation?

    1. Overseas VPS It is recommended to use a KVM VPS that supports UDP.
    2. SSH tool Used to log in to the server to execute installation commands.
    3. WireGuard client Install the official client on your phone or computer.

    VPS Recommended Configuration

    Project Suggestion
    CPU 1 core is enough
    Memory 512MB or more
    Hard disk 5GB or more
    Traffic The more the better
    System Debian 12 or Ubuntu 22.04 is more suitable for beginners
    Virtualization KVM preferred
    Note: It is not recommended to use OpenVZ, LXC containers, domestic servers, or VPS that cannot open UDP ports. WireGuard uses the UDP protocol. If the service provider does not support UDP forwarding, the problem of “connected but unable to access the Internet” may occur.

    4. Which systems are supported?

    This script supports common Linux distributions, but it needs to be run with root privileges.

    System Minimum version requirement
    Debian 10 and above
    Ubuntu 18.04 and above
    Fedora 32 and above
    CentOS / AlmaLinux / Rocky 8 and above
    Oracle Linux 8 and above
    Arch Linux Latest version
    Alpine Linux Latest version
    Beginner’s suggestion: Prioritize Debian 12 or Ubuntu 22.04, these two systems have better compatibility, and there is more information available online.

    5. How to SSH login to VPS?

    After purchasing a VPS, you need to prepare the following information:

    • Server IP address
    • SSH port, usually 22
    • Username, usually root
    • root password, or SSH private key

    Assuming your server IP is 1.2.3.4, and the username is root, you can use the following command to log in:

    SSH login to the server 
    ssh [email protected]

    The first time you log in, the terminal may prompt:

    First connection confirmation 
    yes

    6. WireGuard one-click installation command

    After SSH logging into the VPS, please confirm that you are the root user. If you are not the root user, you can first execute:

    Switch to root user 
    sudo su

    Then execute the following three lines of commands:

    WireGuard Chinese one-click installation command 
    wget https://raw.githubusercontent.com/iwantruncom/WireGuard-install-cn/main/wireguard-install-cn.sh
chmod +x wireguard-install-cn.sh
./wireguard-install-cn.sh
    Explanation: These three lines of commands are: download the script, add execution permissions, and run the installation script.

    7. How to choose during the installation process?

    After running the script, a Chinese installation guide will appear. Generally, beginners do not need to modify too many parameters, and most of them can be completed by pressing Enter directly.

    Server public IP address If the IP automatically recognized by the script is the same as that displayed in the VPS background, just press Enter directly.
    Public network card name Common names are eth0, ens3, etc., generally the default is fine.
    WireGuard interface name The default is usually wg0, just press Enter directly.
    Server-side intranet IP The default is usually 10.66.66.1, just press Enter directly.
    WireGuard listening port The script will randomly generate a port, such as 51413. This port needs to be forwarded in the VPS firewall later.
    DNS settings The default is generally 1.1.1.1 and 8.8.8.8, beginners can directly press Enter.
    Important: Please remember the WireGuard port displayed during installation. You must forward this UDP port in the VPS security group or firewall later.

    8. What will be done automatically after installation?

    The script will automatically complete most of the configuration, and you don’t need to manually edit the WireGuard configuration file.

    Automatically install dependencies Install WireGuard, iptables, qrencode and other components.
    Automatically generate keys Server-side and client-side keys are generated locally.
    Automatically generate QR code The phone WireGuard App can scan the code to import the configuration.
    Automatically start the service Start wg-quick and set it to start automatically on boot.
    Automatically create configuration Generate client .conf configuration files.
    Support management menu You can add, view, and delete clients, and you can also uninstall.

    9. How to connect WireGuard with your phone?

    iPhone users

    1. Open the App Store
    2. Search for WireGuard
    3. Download the official WireGuard App
    4. Open the App, click the + in the upper right corner
    5. Select “Scan QR code”
    6. Scan the QR code displayed in the server terminal
    7. Save the configuration and turn on the switch to connect
    If you are using a Chinese Apple ID, you may not be able to find WireGuard. You can switch to the US, Hong Kong, Taiwan and other non-mainland China App Stores to download.

    Android users

    Android users can search for WireGuard on Google Play, or go to the WireGuard official website to download the APK.

    WireGuard Official Client Download https://www.wireguard.com/install/

    X. How to connect WireGuard on a computer?

    Windows, macOS, and Linux users can install the official WireGuard client and then import the .conf configuration file generated by the script.

    WireGuard Windows / macOS / Linux Official Client https://www.wireguard.com/install/

    The client configuration file generated by the script is usually in:

    Client configuration file path example 
    /root/wg0-client-your client name.conf

    XI. How to download the configuration file on Mac?

    If you are using a Mac, you can execute the scp command in the local Mac terminal to download the configuration file on the server to the local download directory.

    Mac download configuration file 
    scp root@your server IP:/root/wg0-client-your client name.conf ~/Downloads/

    For example:

    Example command 
    scp [email protected]:/root/wg0-client-phone.conf ~/Downloads/

    After the download is complete, open the WireGuard client and import this .conf file.

    XII. How to download the configuration file on Windows?

    Windows beginners recommend using WinSCP to download the configuration file, the interface is more intuitive.

    WinSCP Official Website https://winscp.net/
    Open WinSCP Protocol selection SFTP.
    Fill in the server information Host name fill in your VPS IP, username is usually root, port is usually 22.
    Login to the server Enter the server password and log in.
    Enter the /root/ directory Find the wg0-client-xxx.conf file.
    Download and import Download to your computer and import it with the WireGuard client.
    WinSCP login information example 
    Protocol: SFTP
Host name: Your server IP
Username: root
Password: Your server password
Port: 22

    XIII. How to add nodes to multiple devices?

    If you have already installed it, and you want to add nodes to a second phone, computer, or tablet in the future, you don’t need to reinstall the system, just rerun the script.

    Open the WireGuard management menu 
    ./wireguard-install-cn.sh

    You will see a similar menu:

    Management menu 
    Please select an operation:
  1) Add a new client
  2) View client list
  3) Delete client
  4) Uninstall WireGuard
  5) Exit
    It is recommended that each device create a separate client configuration, do not share the same configuration for multiple devices. For example, use iphone for iPhone and macbook for MacBook.

    XIV. Most common problem: connected, but unable to access the Internet

    This is the most common problem for beginners. After many people install it, the phone WireGuard shows that it is connected, but cannot open the webpage, or the Rx receiving data in the WireGuard App is always 0 B.

    Focus: This situation is probably not a script problem, but the security group or firewall of the VPS service provider has not released the UDP port of WireGuard.

    Correct inbound rules

    Item Setting
    Type Custom
    Protocol UDP
    Port WireGuard port displayed during installation, such as 51413
    Source 0.0.0.0/0
    Firewall rule example 
    UDP 51413 0.0.0.0/0
    Do not choose TCP. WireGuard uses UDP. If you only release TCP, the phone may show connected, but it cannot access the Internet normally.

    XV. How to determine if it is a firewall problem?

    Open the WireGuard App and look at the traffic data.

    Typical phenomenon 
    Tx has data
Rx is always 0 B

    This usually means that the phone has sent a request, but the server has not returned data. Common reasons include:

    • The VPS security group has not released the UDP port
    • The VPS system firewall intercepts UDP
    • WireGuard port is filled incorrectly
    • Server IP is filled incorrectly
    • VPS service provider blocks UDP

    Prioritize checking the security group or firewall in the VPS background.

    XVI. Common check commands on the server side

    If you can’t connect, you can SSH log in to the server and execute the following commands to check the WireGuard status.

    View WireGuard service status 
    systemctl status wg-quick@wg0
    View WireGuard current connection status 
    wg
    Restart WireGuard service 
    systemctl restart wg-quick@wg0

    XVII. Where is the configuration file saved?

    File Path
    Server-side configuration /etc/wireguard/wg0.conf
    Client-side configuration /root/wg0-client-client name.conf
    Parameter file /etc/wireguard/params
    It is not recommended to delete the /etc/wireguard directory at will, otherwise the WireGuard configuration will be lost.

    XVIII. How to uninstall WireGuard?

    If you don’t want to continue using it, you can rerun the script and select uninstall after entering the management menu.

    Open the management menu 
    ./wireguard-install-cn.sh

    Then select:

    Uninstall option 
    4) Uninstall WireGuard
    Uninstalling will delete the WireGuard configuration file and all client information. If you want to keep the configuration, please back up the /etc/wireguard directory first.

    XIX. Security instructions

    • The script components are installed from the system’s official software source
    • The script does not collect or upload user data
    • WireGuard keys are generated locally on the server
    • The client configuration file is saved on the server machine
    • The configuration file permissions are set to root readable
    Do not send the server password, client configuration file, and WireGuard private key to strangers. Once the client configuration is leaked, others may use your VPN node.

    XX. Complete process summary

    Purchase VPS It is recommended to choose an overseas KVM VPS that supports UDP.
    Choose a system Beginners recommend Debian 12 or Ubuntu 22.04.
    SSH login to the server Log in to the VPS using the root user.
    Execute the installation command Run the WireGuard Chinese one-click script.
    Release UDP port Release the UDP port displayed during installation in the VPS background security group.
    Scan the code or import the configuration Scan the code with your phone, import the .conf file on your computer.

    Twenty-one, one-click installation command summary

    After SSH login to the server, execute:

    Complete installation command 
    wget https://raw.githubusercontent.com/iwantruncom/WireGuard-install-cn/main/wireguard-install-cn.sh
chmod +x wireguard-install-cn.sh
./wireguard-install-cn.sh

    After installation, if you need to manage the client, execute:

    Manage client 
    ./wireguard-install-cn.sh

    More tutorials

    For more tutorials related to VPN, WireGuard, VPS, and circumvention, please visit:

    https://iwantrun.com/freevpn

    You can also visit the Free Archives:

    https://iwantrun.com/

    For beginners, the biggest difficulty with WireGuard is not the protocol itself, but the server, firewall, port, and client configuration. This Chinese one-click installation script has automated most of the complex steps. As long as the VPS supports UDP and correctly releases the port, it can usually be set up in a few minutes.

    Discover more from 自由档案馆

    Subscribe to get the latest posts sent to your email.

    相关新闻