Howto wireguard: Difference between revisions
Jump to navigation
Jump to search
| Line 43: | Line 43: | ||
wg genkey | tee /etc/wireguard/client_private.key | wg pubkey | tee /etc/wireguard/client_public.key | wg genkey | tee /etc/wireguard/client_private.key | wg pubkey | tee /etc/wireguard/client_public.key | ||
create a wireguard configuration file /etc/wireguard/wg0.conf: | create a wireguard configuration file /etc/wireguard/wg0.conf: | ||
cat > /etc/wireguard/wg0.conf << EOF | |||
[Interface] | [Interface] | ||
Address = 10.10.10.2/24 | Address = 10.10.10.2/24 | ||
DNS = 10.10.10.1 | DNS = 10.10.10.1 | ||
PrivateKey = | PrivateKey = $(cat /etc/wireguard/client_private.key) | ||
[Peer] | [Peer] | ||
Revision as of 20:08, 17 August 2020
server configuration
install repos:
yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm yum install -y yum-plugin-elrepo yum install -y kmod-wireguard wireguard-tools
create wireguard config directory on etc:
mkdir /etc/wireguard
create a public/private key pair:
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey | tee /etc/wireguard/server_public.key
create a wireguard configuration file /etc/wireguard/wg0.conf:
[Interface] Address = 10.10.10.1/24 SaveConfig = true PrivateKey = kLmHUf4LNmxtz1uA3riC7MMXzwBFjJrSWE/Lb4p+4Ec= ListenPort = 51820 [Peer] PublicKey = 75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA= AllowedIPs = 10.10.10.2/32
fix wireguard config directory permissions:
chmod 600 /etc/wireguard/ -R
enable ip forwarding:
nano /etc/sysctl.d/99-sysctl.conf
add the following line at the end of this file:
net.ipv4.ip_forward = 1
apply changes:
sysctl -p /etc/sysctl.d/99-sysctl.conf
start and enable wireguard service:
systemctl start wg-quick@wg0.service systemctl enable wg-quick@wg0.service
an alternative way to start or stop wireguard:
wg-quick up wg0 wg-quick down wg0
client configuration
install repos:
yum install -y epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm yum install -y yum-plugin-elrepo yum install -y kmod-wireguard wireguard-tools
create wireguard config directory on etc:
mkdir /etc/wireguard
create a public/private key pair:
wg genkey | tee /etc/wireguard/client_private.key | wg pubkey | tee /etc/wireguard/client_public.key
create a wireguard configuration file /etc/wireguard/wg0.conf: cat > /etc/wireguard/wg0.conf << EOF
[Interface] Address = 10.10.10.2/24 DNS = 10.10.10.1 PrivateKey = $(cat /etc/wireguard/client_private.key) [Peer] PublicKey = vxyo4l4I3jWK+KZquNIDJF/hzQq29DOIxSUOrfNZZCs= AllowedIPs = 0.0.0.0/0 Endpoint = 12.34.56.78:51820 PersistentKeepalive = 25
fix wireguard config directory permissions:
chmod 600 /etc/wireguard/ -R
start and enable wireguard service:
systemctl start wg-quick@wg0.service systemctl enable wg-quick@wg0.service
show information about the vpn connection:
wg show
references
- https://blog.stigok.com/2018/10/08/wireguard-vpn-server-on-centos-7.html
- https://www.linuxbabe.com/centos/wireguard-vpn-server-centos
- https://www.cyberciti.biz/faq/centos-8-set-up-wireguard-vpn-server/
- https://medium.com/opsops/starting-with-wireguard-d17518869a60
- https://linuxhint.com/enable_ip_forwarding_ipv4_debian_linux/