WireGuard is a fast and secure VPN tunnel that can be used to protect your internet connection and encrypt your data. It is easy to set up and use, and it has a small codebase, making it easy to audit for security vulnerabilities.
In this article, we will show you how to set up WireGuard on CentOS 8.
Prerequisites
Before you begin, you will need the following:
- A CentOS 8 server with a static IP address
- The WireGuard package installed on your server
- A client device (such as a laptop or smartphone) with the WireGuard client installed
Step 1: Install WireGuard on the Server
To install WireGuard on your CentOS 8 server, you will need to enable the EPEL repository. Run the following command to do so:
sudo dnf install epel-release
Next, install the WireGuard package by running the following command:
sudo dnf install wireguard-dkms wireguard-tools
This will install the necessary packages and dependencies for WireGuard on your server.
Step 2: Configure WireGuard on the Server
Now that WireGuard is installed on your server, you need to create a configuration file for the VPN. Run the following command to create a new configuration file:
sudo nano /etc/wireguard/wg0.conf
This will open a blank configuration file in the Nano text editor. Paste the following configuration into the file, replacing the placeholder values with your own:
[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = <server private key> [Peer] PublicKey = <client public key> AllowedIPs = 10.0.0.2/32
The Address field is the IP address that will be assigned to the server. The ListenPort field is the port that the server will listen on for incoming connections. The PrivateKey field is the private key for the server, which you can generate by running the wg genkey command.
The PublicKey field is the public key of the client, which you will generate later. The AllowedIPs field is the IP range that the client will be able to access when connected to the VPN.
Save the configuration file and exit the text editor.
Step 3: Start the WireGuard Service
To start the WireGuard service, run the following command:
sudo systemctl start wg-quick@wg0
To make sure that the service starts automatically on boot, run the following command:
sudo systemctl enable wg-quick@wg0
Step 4: Generate a Client Configuration
Now that the WireGuard service is running on the server, you need to create a configuration file for the client. Run the following command on the server to generate a client configuration file:
sudo wg genkey | tee client.key | wg pubkey > client.pub
This will generate a private key and a public key for the client. The private key will be stored in the client.key file, and the public key will be stored in the client.pub file.
Next, create a client configuration file by running the following command:
sudo nano /etc/wireguard/client.conf
Paste the following configuration into the file, replacing the placeholder values with your own:
[Interface] PrivateKey = <client private key> Address = 10.0.0.2/24 [Peer] PublicKey = <server public key> Endpoint = <server IP address>:51820 AllowedIPs = 0.0.0.0/0
The PrivateKey field is the private key for the client, which you generated earlier. The Address field is the IP address that will be assigned to the client.
The PublicKey field is the public key of the server, which you can find in the server’s WireGuard configuration file. The Endpoint field is the IP address and port of the server. The AllowedIPs field is the IP range that the client will be able to access when connected to the VPN.
Save the configuration file and exit the text editor.
Step 5: Connect to the VPN
Now that the client configuration is created, you can use it to connect to the VPN. On your client device, open the WireGuard client and import the client.conf file. Once imported, click the “Connect” button to establish a connection to the VPN.
You should now be connected to the WireGuard VPN and able to access the internet securely through the VPN tunnel.
Conclusion
In this tutorial, you learned how to set up a WireGuard VPN on CentOS 8. WireGuard is a fast and secure VPN tunnel that is easy to set up and use. With just a few simple steps, you can protect your internet connection and encrypt your data.
