Set up multiple simultaneous Wireguard tunnels that auto-connect on boot in Windows.
Install the Windows version of Wireguard and import the two tunnel .conf files.
Set the following key to a DWORD with value 1:
`Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wireguard\MultipleSimultaneousTunnels`
(docs)
After the machine boots up, Wireguard still only activates one of the two tunnels.
To fix this, there are two solutions:
You can use the PreUp section of one tunnel to activate the other tunnel.
For this to work, set this additional registry key to a DWORD with value 1:
`Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wireguard\DangerousScriptExecution`
Assuming the tunnels are called wg0 and wg1, edit them and add the following to their [Interface] sections:
Tunnel wg0 activates wg1:
[Interface]
...
PreUp = (wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\wg1.conf.dpapi") ^& exit 0
Tunnel wg1 activates wg0:
[Interface]
...
PreUp = (wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\wg0.conf.dpapi") ^& exit 0
Note how ^& exit 0 ignores errors that occur if the other tunnel is already running.
It's also possible to add the following .bat script to the computer's startup items to activate the tunnels:
rem Wait for 5 seconds
timeout /t 5 /nobreak > NUL
rem Connect only the tunnels that are not already connected
wg | findstr wg0 || (wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\wg0.conf.dpapi" > nul 2> nul)
wg | findstr wg1 || (wireguard /installtunnelservice "C:\Program Files\WireGuard\Data\Configurations\wg1.conf.dpapi" > nul 2> nul)
Install the script as a startup application, or use Task Scheduler to create a task that runs after the user logs in.
The script has to be run with administrator privileges. Make sure that the .bat file cannot be edited by normal users.