Configuring WireGuard for Windows

A service-based installation without giving a user elevated privileges

Steps

  1. Download and install the installation file using https://download.wireguard.com/windows-client/
  2. Install the application using an Administrator account
  3. Go to dashboard.meter.com -> Client VPN
  4. Configure a new client VPN client

Add VPN client form

  1. Download the WireGuard configuration file to the user's computer

WireGuard configuration step 2

  1. Open the Wireguard Application using the Administrator account and upload the new config file to configure the tunnel and upload the downloaded file

WireGuard configuration step 3

WireGuard configuration step 4

  1. Press Activate to activate the tunnel
  2. Once the tunnel is confirmed working with the data transfer usage incrementing for received and sent traffic.

WireGuard configuration step 5

  1. If the tunnel is up we can now proceed to configure this task to be run automatically in the background when the user logs on.
  2. Create a local service Administrator service account for your preference. Lets use an example user called “wg_service_account”

WireGuard configuration step 6

WireGuard configuration step 7

WireGuard configuration step 8

WireGuard configuration step 9

  1. After creating the account, change the Account type to Administrator. This account will only be used for the Wireguard service and only an Administrator would have access to this or if there are other Service Accounts in your Active directory environment feel free to use that instead.

    Service account administrator configuration

  2. Configuring the Wireguard Application to run in the background using “Task Scheduler”

WireGuard configuration step 11

If you want the tunnel to auto-connect as soon as the WireGuard app is launched, regardless of user login:

  1. Press Win + R, type taskschd.msc, and hit Enter.
  2. In Task Scheduler, click Create Basic Task.
  3. Name it something like WireGuard AutoConnect.

 In the Security options section, select the Service Account previously created called “wg_service_account” to use when running the task.

WireGuard configuration step 12

  1. Create a new Trigger: Choose "When I log on" or "When the application is launched" (advanced step below).

WireGuard configuration step 13

WireGuard configuration step 14

WireGuard configuration step 15

  1. Action: Choose Start a program.

Browse to :C:\Program Files\WireGuard\wireguard.exe

WireGuard configuration step 16

In the Add arguments box, type: /installtunnelservice <tunnel-name>.conf

Replace <tunnel-name> with the name of your .conf file (do not include the full path unless needed). In this case we used hq_office.conf

This uses the WireGuard service mode to activate the tunnel as a service. You'll need admin rights.For the other Tabs Conditions and Settings please configure as you see fit for your organisation. 15. Log off the Administrator and login with the standard user that has basic user privileges on the computer.Once logged in with a regular user open the command prompt to check if the tunnel is created in the background, using “ipconfig”

WireGuard final configuration

  1. Validate the connection via pinging or accessing the resources you need to access via the VPN
Was this helpful?
PreviousCan I use LTE on the Meter Controller if my ISP goes down?NextHow Meter Uses LTE Connection to Maintain Connectivity During ISP Outage