Hi,

if there is possibility to hide private key in wireguard config? I am setting up wireguard connection on Windows and i just find out, that i can export whole config and set it up on different machine. Thats huge problem in our situation. Our employees can export whole config to their private laptops and do some dmg to our networks...

Thank you for some answers.

Weird on my iphone all I see is the public key generated.
Just reviewed a video and damn your right.

Now, they would be connecting with their WG IP address so the perpetrator of issues would be 'trackable' but you want prevention vice cleanup.
Sadly nothing can be done except fire the employee that does so.

Now, they would be connecting with their WG IP address so the perpetrator of issues would be 'trackable'

Not necessarily, because WG IP can be easily changed.

Your response is illogical.
What if the server has a different interface for each remote user?

Even if there is only one wireguard interface on the Server Router, the only thing true is that the public key for the server peer on the remote work laptop and the truant laptop settings will be the same........... Since the private key on the server in this case generates one public key that is sent to all mobile devices connecting to that wg interface.

If the WG IP is changed by the user and it falls outside the WG network of the server, there will be no connection.
The user may choose a different WG IP that is within the subnet and may be lucky enough to match someone elses IP, but guess what!!!
The public key expected by that peer setting on the server router will be different and again no match.

The only way this works is if the user uses the same wireguard IP assigned to the individual and the same public IP supplied to the Server router from the user.