As per my previous post on OMV5 and OpenVPN, I decided to install Wireguard, a more performant VPN software.


To start, we need to install Wireguard on OMV5. So SSH into your box and run:

apt update
apt install wireguard

Verify that the Wireguard kernel module is functional:

/sbin/modinfo wireguard

Create a server keypair:

mkdir /etc/wireguard/
chmod 700 /etc/wireguard/
cd /etc/wireguard/
wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key

Install Wireguard on your client machine. With OSX, the keypair is generated for me, and I use the following configuration:

PrivateKey = xxx
Address =
DNS =,

PublicKey = xxx
AllowedIPs =
Endpoint = # use the IP of your Wireguard server

On linux you need to generate the key pair:

mkdir /etc/wireguard/
chmod 700 /etc/wireguard/
cd /etc/wireguard/
wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key

Then back to your Wireguard server. Output the private key of the server and public key of the client and copy into the command below:

cat vpn-server-private.key
cat > /etc/wireguard/wg0.conf << EOF
Address =
ListenPort = 55820
PrivateKey = # server private key from above
MTU = 1420

PublicKey = # public client key
AllowedIPs =

You will need to incorporate some firewall rules and enable ip forwarding:

# and modify /etc/sysctl.conf as well
sysctl --write net.ipv4.ip_forward=1
# eno1 represents MY internet facing interface
iptables --table nat --append POSTROUTING --jump MASQUERADE --out-interface eno1
# is my virtual machines' bridged network
iptables --table filter --insert FORWARD -s -d -j ACCEPT

Start the service:

systemctl enable wg-quick@wg0.service
systemctl daemon-reload
systemctl start wg-quick@wg0.service

Final Words

Wireguard is super simple to setup. However, you will not have an interface in the OMV5 GUI, but Wireguard is worth it.