Installing WG on CentOS 8 - lmkelly/Autoguard GitHub Wiki

Installation

[root@Wireguard-Srv ~]# yum update -y
[root@Wireguard-Srv ~]# yum install epel-release -y
[root@Wireguard-Srv ~]# yum config-manager --set-enabled PowerTools
[root@Wireguard-Srv ~]# yum copr enable jdoss/wireguard
[root@Wireguard-Srv ~]# sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
[root@Wireguard-Srv ~]# yum install -y wireguard-dkms wireguard-tools kmod-wireguard

Configuration

Creating empty config file

[root@Wireguard-Srv ~]# sh -c 'umask 077; touch /etc/wireguard/wg0.conf'

Generate Pub/private key pair

[root@Wireguard-Srv wireguard]# sudo sh -c 'umask 077; wg genkey | tee privatekey | wg pubkey > publickey'

Add config to wg0.conf

[Interface]
## VPN server private IP address ##
Address = 192.168.10.1/24

## VPN server port ##
ListenPort = 45376

## VPN server's private key i.e. /etc/wireguard/privatekey ##
PrivateKey = [Copy key]

## Save and update this config file when a new peer (vpn client) added ##
SaveConfig = true

Open port on firewall for WG

[root@Wireguard-Srv wireguard]# firewall-cmd --add-port=45376/udp --permanent
[root@Wireguard-Srv wireguard]# firewall-cmd --permanent --zone=public --add-masquerade

Add config to /etc/sysctl.d/99-custom.conf

## Turn on bbr ##
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
 
## for IPv4 ##
net.ipv4.ip_forward = 1
 
## Turn on basic protection/security ##
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
 
## for IPv6 - uncomment the following line ##
#net.ipv6.conf.all.forwarding = 1

[root@Wireguard-Srv wireguard]# sysctl -p /etc/sysctl.d/99-custom.conf

Add wg0 Interface to allow P2P connection

[root@Wireguard-Srv wireguard]# firewall-cmd --add-interface=wg0 --zone=internal
[root@Wireguard-Srv wireguard]# firewall-cmd --permanent --zone=internal --add-masquerade

Enable/start WG Service

[root@Wireguard-Srv wireguard]# systemctl enable wg-quick@wg0
[root@Wireguard-Srv wireguard]# systemctl start wg-quick@wg0 

Make sure everything is good

[root@Wireguard-Srv wireguard]# sudo systemctl status wg-quick@wg0
[root@Wireguard-Srv wireguard]# sudo wg
[root@Wireguard-Srv wireguard]# sudo ip a show wg0