This article demonstrates how to install Wireguard on CentOS 7. This is part one, the “Server Side”.
Install the packages:
yum install epel-release elrepo-release yum install kmod-wireguard wireguard-tools
Execute the following commands to generate the keys:
cd /etc/wireguard wg genkey | tee privatekey | wg pubkey > publickey
The above commands outputs a Public key to “/etc/wireguard/publickey” and the corresponding private key to “/etc/wireguard/privatekey”.
Put the following content into “/etc/wireguard/wg.conf” where “172.31.0.2/24” is your server’s local IP address. Ignore NAT for now. Obviously the following assumes you’re using FirewallD.
[Interface] Address = 172.31.0.2/24 SaveConfig = true ListenPort = 51820 PrivateKey = SERVER_PRIVATE_KEY PostUp = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade PostDown = firewall-cmd --zone=public --remove-port 51820/udp && firewall-cmd --zone=public --remove-masquerade
TIP: Make sure your network-based firewall allows UDP port 51820.
Correct some permissions:
chmod 600 /etc/wireguard/{privatekey,wg0.conf}
Open your “/etc/wireguard/wg.conf” and replace the string that looks like this:
SERVER_PRIVATE_KEY
With your public key found in your “/etc/wireguard/privatekey” file.
Start the Wireguard interface:
wg-quick up wg0
The following is the expected output.
[#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 172.31.0.2/24 dev wg0 [#] ip link set mtu 8921 up dev wg0 [#] firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade success success
And confirm with at the IP layer using “ip addr”. You should have an interface similar to the following:
7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8921 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 172.31.0.2/24 scope global wg0 valid_lft forever preferred_lft forever inet6 fe80::4ddd:6a69:80b3:e98/64 scope link flags 800 valid_lft forever preferred_lft forever
You can bring “down” the Wireguard interface using this command:
wg-quick down wg0
You can also use SystemD to start and stop the Wireguard server:
systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0
This completes the first stage.
Some help writing this article was found at “https://linuxize.com/post/how-to-set-up-wireguard-vpn-on-centos-8/”.
is in fact entirely unobstructed not alone to felicitate the buy uk cialis soft Decision ourselves plugs down ourselves; and still subsumed under ourselves.