WireGuard is a modern VPN solution that runs on state-of-the-art cryptography such as the Noise protocol framework, and Curve25519. It provides a much faster experience and outperforms its competitors, such as IPsec and OpenVPN. It provides all this power in a simple and easy to use framework. All it takes to start a VPN connection is the exchange of public keys, just like SSH keys.
WireGuard is available on multiple platforms, including Windows, macOS, iOS, Android, and Linux. Today, we will guide you on how to install and set up WireGuard VPN on your CentOS 8 machine. Let us get started.
Before we start with the installation, make sure that you have root access on your CentOS 8 server.
1) Add the repositories
To install WireGuard VPN, you will have to add the Epel and Elrepo repositories to your server. To do that, run the following command in the terminal:
‘sudo dnf install epel-release elrepo-release’
2) Install WireGuard
Now to install WireGuard, run this command:
‘sudo dnf install kmod-wireguard wireguard-tools’
If you are prompted for anything during the installation, press ‘y’.
After the installation is done, we will be able to run a WireGuard VPN server on our machine. Now it is time to configure it, so the traffic goes through it.
3) Configuration
To configure the WireGuard, we will be using the command line tools “wg” and “wg-quick” provided by the WireGuard packages.
To store the configuration, you need to manually a “/etc/wireguard” directory, or you can run this command:
‘sudo mkdir /etc/wireguard’
4) Generate the keys
We need to generate WireGuard private and public keys now. These will be used to start a VPN connection. The private key should always be kept somewhere safe and should never be shared with any third-party.
To generate the keys, run the following command:
‘wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey’
5) Create a configuration file
Now, we need to create a new configuration file, do that with the following command:
‘cd /etc/wireguard/ && sudo nano wg0.conf’
In this file, you need to paste the following:
[Interface, could be named anything you want]
Address = [A list of IP addresses for the wg0 interface such as 10.0.0.0/8]
SaveConfig = true
ListenPort = [Port number you want WireGuard to listen to]
PrivateKey = [Your private key, run ‘sudo cat /etc/wireguard/privatekey’]
PostUp = firewall-cmd –zone=public –add-port [ListenPort]/udp && firewall-cmd –zone=public –add-masquerade
PostDown = firewall-cmd –zone=public –remove-port [ListenPort]/udp && firewall-cmd –zone=public –remove-masquerade
6) Change permission for the configuration file
You need to make sure that the configuration file and the private key cannot be accessed by anyone other than the admin. Run the command:
‘sudo chmod 600 /etc/wireguard/{privatekey, wg0.conf}’
To check the interface state and the configuration for your WireGuard server, you can run the commands:
‘sudo wg show wg0’ or ‘sudo wg-quick show wg0’
7) Enable to wg0 to start at boot
Run the command:
‘sudo systemctl enable wg-quick@wg0’
8) Enable IP forwarding
This is the last step in the set up of your WireGuard VPN. We need to create a new config file. Run the command:
‘sudo nano /etc/sysctl.d/99-custom.conf’
And paste the following into the file:
‘net.ipv4.ip_forward=1’
Now, we need to save the file and apply the changes, do that by running this command:
‘sudo sysctl -p /etc/sysctl.d/99-custom.conf’
With that, the configuration of the WireGuard VPN is complete on your CentOS 8 server.
Have you used WireGuard before? Share your experiences and feedback in the comments section below!
Related Posts:
- Have you ever visited the web’s busiest hosting forum? LowEndTalk awaits. - September 27, 2022
- Grab the deals first by subscribing to our new deal alerts - September 16, 2022
- LowEndBox is on Instagram and TikTok! - August 5, 2022
From my experience the server needs a reboot to bring up the tunnel successfully.