wireguard config - rhel-labs/instruqt GitHub Wiki

RHEL9

RHEL8

Update RHEL8 Image

yum update -y

Install Wireguard

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm

yum install kmod-wireguard wireguard-tools

Generate private and public keys.

cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey

Add the public key to the wireguard server wg0.conf

# satellite
[Interface]
Address = 192.0.2.1
ListenPort = 51820
PrivateKey = 6LXqhMZXv1vrZolWq2GpU5fCmDnFZgkBm6kkoCfIW3M=

# rhel1
[Peer]
PublicKey = tDS5lI+Dbf0I+p49bCjKJ+Q7QIrzwh3B1Zx3gxWXzFM=
AllowedIPs = 192.0.2.2/32

# rhel2
[Peer]
PublicKey = vZzGfBInJWpI7U1KwjNLdNn0z/rjVAeHJjJX093Dxys=
AllowedIPs = 192.0.2.3/32

# satellite-2
[Peer]
PublicKey = r4AnEsHQaftmMX27FRib6CK0NoMyjgUnxS6Pdbf5ZxQ=
AllowedIPs = 192.0.2.4/32

# capsule
[Peer]
PublicKey = uTwxPNMJEn0ArFXxZN8VhZIqo1xKc/mLJtkj86oJMWQ=
AllowedIPs = 192.0.2.5/32

Create wg0.conf file on host (satellite-2)

[Interface]
Address = 192.0.2.4/24
PrivateKey = OPrKoTtOa4mXnAfYcqrNui+mh5lUslMR9Kzfwfclq2E=

[Peer]
PublicKey = 1Y7yWRJZxLK3kKKwGLPffsSf/E2nw6mxHg+yvnfvOV4=
AllowedIPs = 192.0.2.0/24
Endpoint = 10.128.0.52:51820
PersistentKeepalive = 20

Capsule

[Interface]
Address = 192.0.2.5/24
PrivateKey = 8PElRmDB+qgplOZoFZX5JKRhXNrVKuu6HXL3CD9Yl10=

[Peer]
PublicKey = 1Y7yWRJZxLK3kKKwGLPffsSf/E2nw6mxHg+yvnfvOV4=
AllowedIPs = 192.0.2.0/24
Endpoint = 10.128.0.52:51820
PersistentKeepalive = 20

Create the wg0 interface.

nmcli con import type wireguard file /etc/wireguard/wg0.conf

Destroy and re-import wireguard file on wireguard server aka satellite

[root@satellite-server-advanced wireguard]# nmcli con del wg0
Connection 'wg0' (7307dac1-46cf-41f4-8d17-ce68ba06cacd) successfully deleted.
[root@satellite-server-advanced wireguard]# nmcli con import type wireguard file /etc/wireguard/wg0.conf
Connection 'wg0' (57a21226-fbc3-40e7-a086-1f0ae09b9c1f) successfully added.
[root@satellite-server-advanced wireguard]# nmcli con sho
NAME                UUID                                  TYPE       DEVICE
Wired connection 1  7c3f1870-02d8-36ad-8ee7-f3186b13a327  ethernet   eth0
wg0                 57a21226-fbc3-40e7-a086-1f0ae09b9c1f  wireguard  wg0

Capsule config

[root@capsule wireguard]# cat privatekey
8PElRmDB+qgplOZoFZX5JKRhXNrVKuu6HXL3CD9Yl10=
[root@capsule wireguard]# cat publickey
uTwxPNMJEn0ArFXxZN8VhZIqo1xKc/mLJtkj86oJMWQ=

Open 51820/udp on the server

firewall-cmd --add-port="51820/udp"