diff --git a/fogros2/fogros2/aws_cloud_instance.py b/fogros2/fogros2/aws_cloud_instance.py
index 0df13e2..0a248a0 100755
--- a/fogros2/fogros2/aws_cloud_instance.py
+++ b/fogros2/fogros2/aws_cloud_instance.py
@@ -117,6 +117,7 @@ def create(self):
         self.install_ros()
         self.install_colcon()
         self.install_cloud_dependencies()
+        self.do_wireguard_preconfig()
         self.push_ros_workspace()
         self.info(flush_to_disk=True)
         self._is_created = True
diff --git a/fogros2/fogros2/cloud_instance.py b/fogros2/fogros2/cloud_instance.py
index 7bc9743..fab80fe 100644
--- a/fogros2/fogros2/cloud_instance.py
+++ b/fogros2/fogros2/cloud_instance.py
@@ -129,6 +129,13 @@ def pip_install(self, args):
 
     def install_cloud_dependencies(self):
         self.apt_install("wireguard unzip docker.io python3-pip")
+    
+    def do_wireguard_preconfig(self):
+        self.scp.execute_cmd("sudo touch /etc/wireguard/wg0.conf")
+        self.scp.execute_cmd("sudo chmod 770 /etc/wireguard")
+        self.scp.execute_cmd("sudo chmod 770 /etc/wireguard/wg0.conf")
+        self.scp.execute_cmd("sudo chown root:wheel /etc/wireguard/wg0.conf")
+        self.scp.execute_cmd("echo '%wheel ALL = (ALL) NOPASSWD: /usr/bin/wg-quick' | sudo EDITOR='tee -a' visudo")
 
     def install_ros(self):
         # setup sources
diff --git a/fogros2/fogros2/vpn.py b/fogros2/fogros2/vpn.py
index 212f309..89f768b 100755
--- a/fogros2/fogros2/vpn.py
+++ b/fogros2/fogros2/vpn.py
@@ -102,8 +102,6 @@ def generate_wg_config_files(self, machines):
 
     def start_robot_vpn(self):
         # Copy /tmp/fogros-local.conf to /etc/wireguard/wg0.conf locally.
-        # TODO: This needs root. Move this to a separate script with setuid.
-        os.system("sudo cp /tmp/fogros-local.conf /etc/wireguard/wg0.conf")
-        os.system("sudo chmod 600 /etc/wireguard/wg0.conf")
+        os.system("cp /tmp/fogros-local.conf /etc/wireguard/wg0.conf")
         os.system("sudo wg-quick down wg0")
         os.system("sudo wg-quick up wg0")