There is a feature I’ve seen on my ChromeOS Flex (104.0.5112.27) install which has been around for a while. There is native Wireguard support within the OS without the need for the Android client.

Under VPN there is the ability to fill in the GUI with the config details of your Wireguard server and usually, it works.

For whatever reason the configuration I’ve used previously and know works, after filling out the GUI the Connect button stays grey

As I use Wireguard to “phone home” this caused me a problem as there isn’t the option on Flex to use the Android app and even in the Linux shell Wireguard is doing stuff at a low level the container can’t work with it.

I did however find a Fix, it’s clunky however it works.

Open Crosh

What’s Crosh? It’s the Chrome Shell, not to be confused with the Linux Shell. It’s accessible by pressing CTRL ALT and T on the keyboard

This will either open a new Chrome Instance or a new tab if Chrome is open on the desktop and will look like this when it opens

From here we can run

help wireguard

A lot of help commands will display

Example Wireguard Config

In order to continue, you will need a Wireguard config to pull information out of it will look something like this

PrivateKey = OFRqEpL29W1cMwVv4Rt/99DKkdkdjfuCPUi3vJn2DJa3Xc=
Address =

PublicKey = uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=
PresharedKey = 7ji2RO7PsjThisThatTherThenjPTXSR/EENI=
AllowedIPs =, ::/0
PersistentKeepalive = 0
Endpoint =

Armed with this information you can move forward

Crosh Commands

Run the following commands

Create a new Wireguard Profile

wireguard new yourvpn

Set the Local IP Address

wireguard set yourvpn local-ip

Set the Private key

wireguard set homevpn private-key

You’ll be prompted to enter the private key, this keeps the key out of the crosh history

Next, we set the peer information using the peer public key

wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=

Next, add the preshared key

wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= preshared-key

Like the private key, this will prompt you to enter the preshared key for the peer and keep it out of the shell.

Set the allowed IP List

wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= allowed-ips

Add the remote endpoint

wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= endpoint

Finally set the keepalive

wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= persistent-keepalive 0

Then view the config using the command

wireguard show homevpn

This will display the Wireguard config

name: homevpn
  local ip:
  public key: 7peV+Goleuko9VNLiwcQ9rHz4s/LguY8HW7IGzrCf0Y=
  private key: (hidden)
  name servers:,,,

  peer: uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=
    preshared key: (hidden or not set)
    allowed ips:
    persistent keepalive: 0

The Wireguard VPN is now setup

Confirm in Gui

Within Settings open Network

Copen VPN

Click on Configure and you’ll see the config you entered in Crosh

The config should look like this

By davidfield

Tech Entusiast