Here's an example configuration file.
# This is a sample config file for TunSafe. It uses the same syntax as # WireGuard's wg-quick tool [Interface] # The private key of this computer. This is a secret key, don't give it out. # To convert it to a public key you can go to 'Generate Key Pair' in TunSafe. PrivateKey = gIIBl0OHb3wZjYGqZtgzRml3wec0e5vqXtSvCTfa42w= # Whether we want to bind a port to allow others to initiate connections to us. # Please ensure this port is mapped in your router. # ListenPort = 51820 # Switch DNS server while connected. Either IPv4 or IPv6. # DNS = 8.8.8.8 # Whether to block all outgoing DNS and force all DNS to go through the VPN. This # prevents leakage of what websites you visit. # BlockDNS = true # The addresses to bind to. Either IPv4 or IPv6. /31 and /32 are not supported. Address = 192.168.2.2/24 # Can be used to change MTU of the network adapter in Windows. We want this to # be lower than the default 1500 to ensure the WireGuard headers don't cause # fragmentation. # MTU = 1420 [Peer] # The public key of the peer. Do not use the private key here. Use the 'Generate Key Pair' # function in TunSafe to convert a private key to a public key. PublicKey = hIA3ikjlSOAo0qqrI+rXaS3ZH04Yx7Q2YQ4m2Syz+XE= # It's also possible to use a preshared key for extra security PresharedKey = SNz4BYc61amtDhzxNCxgYgdV9rPU+WiC8woX47Xf/2Y= # The IP range that we may send packets to for this peer. Specify 0.0.0.0/0 or ::/0 here # to also insert an entry in the routing table to tunnel all traffic through the VPN. AllowedIPs = 192.168.2.0/24 # Address of the server. Can be either IPv4 or IPv6. Endpoint = 192.168.1.4:8040 # Send periodic keepalives to ensure connection stays up behind NAT, in seconds. PersistentKeepalive = 25 # When the peer is used as default gateway, whether to forward multicast and broadcast # packets through the tunnel. # AllowMulticast = false