How to Secure Windows Remote Desktop (RDP) with Wireguard VPN

There have been more and more RDP brute force hacks and subsequent ransomeware attacks. However, since the pandemic it's important to have remote access to your infrastructure.

Luckily securing RDP with WireGuard is pretty easy. Plus there is a WireGuard app for most platforms. Windows, , , , , etc..…


Setup firewall rules (just as you would for a Linux server setup: open and forward ports 51820, configure ddns etc)

You can use the handy graphical tool for setting up the VPN with Wireguard for Windows. Simply download, and install the Windows version, and run Wireguard.


One feature I like is that the Windows version of WireGuard remembers the VPN connection state. When you reboot Windows while WireGuard is connected to the server, the software automatically reconnects and re-establishes the VPN tunnel when it starts up. This prevents you from accidentally connecting without a VPN.

My server conf

PrivateKey = 
ListenPort = 51820
Address =

PublicKey = 
AllowedIPs =

PublicKey = 
AllowedIPs =

To add another user just add another [Peer] section.

Then install your client App.

My client conf:

To generate a keypair for your client I use:

wg genkey | tee privatekey | wg pubkey > publickey

To turn your conf file into a qr code use:

Point your remote desktop software to instead of the server's public IP.

Don't forget to close the RDP port if it's still open to the .

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.