> For the complete documentation index, see [llms.txt](https://docs.islandrouter.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.islandrouter.com/island-router-cli-2.3.2/commands/vpn-peer/vpn-peer-generate-client.md). # vpn peer generate client ## Syntax ``` vpn peer generate client [local-only] [name ] [public-key ] ``` ## Syntax Description
KeywordDescription
idThe VPN identifier. Must be a number in the range 0-1022 or the string "auto".
local-only(Optional) If specified, only local routes on the Island are included in the client configuration file; otherwise, a default route is included.
name(Optional) A descriptive name for the VPN.
key(Optional) If specified, the VPN is created using the specified public key for the remote host; otherwise, a public/private key pair is generated.
## Defaults By default, the generated client configuration contains a default route through the VPN, and a public/private key pair is generated for the client. ## Usage Guidelines This command is used to create a VPN on the Island, and to generatate an associated configuration suitable for import directly into a WireGuard client. The generated configuration is displayed in the CLI where it can be copied and pasted into the WireGuard client, or pasted into a file that can be imported into the client. The VPN ID must be a number between 0 and 1022 that does not already exist on the Island, or the string "auto", which will automatically assign the next available VPN ID. By default, the command will generate a public/private key pair for the client to use, and will include the private key in the "\[Interface]" section of the client configuration. This makes client VPN configuration very easy since the generated configuration can be loaded into the client, and no other steps are necessary. However, because the configuration contains the private key for the client, **the configuration should be kept secure, and should be permanently deleted as soon as it has been loaded into the client**. Alternately, the public/private key pair can first be configured on the client, and the resulting public key included in the [vpn peer generate client](/island-router-cli-2.3.2/commands/vpn-peer/vpn-peer-generate-client.md) command using the `public-key` option. This requires extra steps to configure the VPN, but is more secure because the private key does not have to be communcated to the client. By default, a default IPv4 and a default IPv6 route is specified in the "AllowedIPs" directive in the "\[Peer]" section of the generated client configuration, so that all Internet traffic will be routed through the Island. If the `local-only` option is specified, only routes for local interfaces on the Island will be included in the client configuration. The name parameter is optional, but is useful to identify the client associated with the VPN. If a DDNS name has been set on the Island using the [ip ddns name](/island-router-cli-2.3.2/commands/ip-global-context/ip-ddns-name.md) command, the DDNS name will be used in the "EndPoint" directive in the "\[Peer]" section of the client configuration. A DDNS name is recommended in most cases because it islolates the client from changes in the Island's public IP address. If no DDNS name has been configured, the IP address of the highest priority WAN interface will be used instead. Likewise, the UDP port number in for the endpoint will be set to the value configured with the [vpn port](/island-router-cli-2.3.2/commands/vpn-port.md) command, or to the default port if a custom port number has not been configured. ## Examples ``` vpn peer auto generate client name terry-laptop local-only ``` ## Related Commands --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.islandrouter.com/island-router-cli-2.3.2/commands/vpn-peer/vpn-peer-generate-client.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.