See the setup .bat for setup. Key here is to set the service rights, so that anyone can restart the service.
See the restart script for how to restart. this is especially useful if the tunnel is "broken", because the peer is behind a dynamic dns service.
| REM replace <Tunnelname> as appropriate | |
| sc stop "WireguardTunnel$<Tunnelname>" | |
| timeout /t 10 | |
| sc start "WireguardTunnel$<Tunnelname>" | |
| timeout /t 3 | |
| sc query "WireguardTunnel$<Tunnelname>" | |
| pause |
| REM originally from https://administrator.de/contentid/603185#comment-1478311 | |
| @echo off | |
| :: restart elevated if needed | |
| net session >nul 2>&1 || (powershell -EP Bypass -NoP -C start "%~0" -verb runas &exit /b) | |
| :: read config path from user | |
| set /p tunnelconfig=Please enter path to wireguard *.conf file: | |
| :: get tunnel name from config file name, filename without extension | |
| for /f "delims=" %%a in ("%tunnelconfig%") do set "tunnelname=%%~na" | |
| echo Creating tunnel service with name "WireguardTunnel$%tunnelname%" | |
| "C:\Program Files\wireguard\wireguard.exe" /installtunnelservice "%tunnelconfig%" | |
| echo Setting service permissions for local "Users" group to allow service start/stop | |
| sc sdset "WireguardTunnel$%tunnelname%" "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CRRPRCWPDT;;;BU)" | |
| echo Setting service start mode to manual | |
| REM sc config "WireguardTunnel$%tunnelname%" start= delayed-auto | |
| sc config "WireguardTunnel$%tunnelname%" start= demand | |
| echo. | |
| pause | |
| REM "C:\Program Files\wireguard\wireguard.exe" /uninstalltunnelservice <TUNNELNAME> |