How to set up wireguard to be connected to QEMU/KVM VM via WI-FI

How can i setup the wireguard vpn (HOST) to be connected to the (Virtual Machine) im on device wlp2s0 (Wireless) i did hear that you cant use the brctl commands to bridge the wireguard interface to the bridge br0 i also tried the brctl commands it didnt work

is there any way to connect my wireguard vpn (Host) to the (Virtual Machine) in a secure way

If the host goes through a VPN to connect then the client will go through that same connection. It's a matter of using NAT (default) on the client/VM. If the host connection fails then so will the client.

There are multiple options available for the VM though. You can play with those in the VM network settings tab.

what are the options and i installed wireguard-tools

i put this in with the wireguard tools i type these commands in on vm and host machine

wg genkey | tee privatekey | wg pubkey > publickey to generate a key pub/priv


Address =
PrivateKey =
ListenPort = 51820

PublicKey =
AllowedIPs =
Endpoint = <Virtual Machine's Public IP>:51820


Address =
PrivateKey =
ListenPort = 51820

PublicKey =
AllowedIPs =
Endpoint = <Host's Public IP>:51820

for the public ip the ip changes when i switch servers is there a way i can automatically get it to switch the host public ip instead of manually doing it

I'm not sure what you're aiming for there. Is there something very specific you want, like having the host go through the guest, using it as a gateway?

You can view a running VM like any other application looking for an external connection. It will use the available host connection and (by default) consider it a wired connection.
The connection will be as secure as the host is.

i want the connections on the vm to correspond with my host like virtualbox and vmware

i use the vpn client on my host i want the connection to go into my vm

im on nat on the internet settings on virtmanager

I haven't used "qemu" in a long time but I doubt it has it's own network interface going straight out.

The VPN is in use on your wl2ps0 and the only way in/out for the physical machine as well as the VM. If not set otherwise, the VM will use NAT to connect using the host as a gateway. That way all it's outside traffic will be tunneled accordingly and as secure as the host/gateway is.
The internal traffic (between host and VM) will not be encrypted but I doubt you'd want that unless you want set up the VM as i.e a "honeypot" ...... which I personally wouldn't recommend.

network interface where can i download that do i have any options i really need to get the vpn to work would it be easier to do openvpn if so can u show me

You can't ...... it's the hardware on the machine .... in your case "wlp2s0".

To clarify:
VPN is an encrypted tunne that sits between your machine and the internet. It will require another server/provider to do that tunneling for you (Think NordVPN and the likes). Anything behind that network interface will be duly tunneled and encrypted.
VPN is merely a way to keep outsiders from easily intercepting or reading your network traffic.
Now "wireguard" is a protocol like "openvpn" or "ipsec" used by VPN providers ..... it is NOT a server or go-between.
I use "NordVPN", it costs a yearly fee and there are others but be wary of "free as in beer" offers.
Their blog post on wireguard and how they use it, is simple and straightforward:

Of course you can create your own tunneling instance/server (like using a RaspberryPi to go through or if your gateway allows it) or even a virtual one .... a VM (and a bridged interface) but that would be quite a daunting enterprise. Where both options are as safe the person running hem is knowledgeable.

ill use a vm to make a tunneling instance server ill use vmware can u show me but im having issues with open-vm-tools which is why im using qemu i dont trust nordvpn or sponsored vpn

To do that I'd recommend asking on forums that are specifically geared on wireguard and VMs. Like I said, it's an extremely daunting task with very few security benefits for which you'll need multiple connections to multiple ISPs ...... I doubt you have that available albeit you could use something like the "tor network" which also has multiple downsides, especially lack of speed.

Distrust is good but keep in mind that ....... even if you do run your own VPN server, the traffic going out through your Wifi gateway is still clear text for your ISP, unless there's end-to-end encryption ...... you'll need to trust those too. :face_with_head_bandage:

It's a lot cheaper and easier to find an available VPN instance that you can trust ..... like i.e Switzerland based Proton VPN (they also run protonmail and offer a free single machine VPN option). If VPN providers start abusing trust it'll bite them extremely hard .... the thing that counts is the jurisdiction of the country they're based in (Llke NordVPN is Panama based) and the bandwidth (number of servers) they have available.
As for the free ones, just remember that there's no such thing as a free lunch ..... usually you're the product there.

Basically, there are three scenarios.

  1. Both your host and your guest (VM) use the same VPN.

  2. Your host uses a normal connection, while your guest (VM) is using a VPN.

  3. Your host and your guest are both using VPN, but each uses its own VPN service provider.


  1. If your host is connected to a VPN, then you would want to connect your guest via NAT.

Since the virtualization software will use its own virtual networking adapter, the guest will automatically get the internal IP provided by the DNS server of the virtualization software, and all the traffic will be automatically routed.

  1. If your host should use a normal connection but only the guest should connect over a VPN, then you would want to connect your guest via bridged mode.

In that case, the guest will behave just like a second, independent real computer, and in that case, you would install the VPN on your guest machine. That's the easy way because there is no need to route anything.

  1. If your host and your guest should both use VPN, then you would want to connect your guest via bridged mode but connect it to a second network card.

I guess that VirtualBox would be a more suitable virtualization software for you, as it has a nice GUI interface.

You shouldn't be using more than one virtualization software solution on one PC.


For occasional use like anonymous surfing, the Brave browser is the most convenient choice as it has TOR functionality already built in.

4 posts were split to a new topic: Brave vs Tor-browser