Categories
Articles Security

Setting Up WireGuard VPN on CentOS 8: A Step-by-Step Guide

WireGuard is a fast and secure VPN tunnel that can be used to protect your internet connection and encrypt your data. It is easy to set up and use, and it has a small codebase, making it easy to audit for security vulnerabilities.

In this article, we will show you how to set up WireGuard on CentOS 8.

Prerequisites

Before you begin, you will need the following:

  • A CentOS 8 server with a static IP address
  • The WireGuard package installed on your server
  • A client device (such as a laptop or smartphone) with the WireGuard client installed

Step 1: Install WireGuard on the Server

To install WireGuard on your CentOS 8 server, you will need to enable the EPEL repository. Run the following command to do so:

sudo dnf install epel-release

Next, install the WireGuard package by running the following command:

sudo dnf install wireguard-dkms wireguard-tools

This will install the necessary packages and dependencies for WireGuard on your server.

Step 2: Configure WireGuard on the Server

Now that WireGuard is installed on your server, you need to create a configuration file for the VPN. Run the following command to create a new configuration file:

sudo nano /etc/wireguard/wg0.conf

This will open a blank configuration file in the Nano text editor. Paste the following configuration into the file, replacing the placeholder values with your own:

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server private key>

[Peer]
PublicKey = <client public key>
AllowedIPs = 10.0.0.2/32

The Address field is the IP address that will be assigned to the server. The ListenPort field is the port that the server will listen on for incoming connections. The PrivateKey field is the private key for the server, which you can generate by running the wg genkey command.

The PublicKey field is the public key of the client, which you will generate later. The AllowedIPs field is the IP range that the client will be able to access when connected to the VPN.

Save the configuration file and exit the text editor.

Step 3: Start the WireGuard Service

To start the WireGuard service, run the following command:

sudo systemctl start wg-quick@wg0

To make sure that the service starts automatically on boot, run the following command:

sudo systemctl enable wg-quick@wg0

Step 4: Generate a Client Configuration

Now that the WireGuard service is running on the server, you need to create a configuration file for the client. Run the following command on the server to generate a client configuration file:

sudo wg genkey | tee client.key | wg pubkey > client.pub

This will generate a private key and a public key for the client. The private key will be stored in the client.key file, and the public key will be stored in the client.pub file.

Next, create a client configuration file by running the following command:

sudo nano /etc/wireguard/client.conf

Paste the following configuration into the file, replacing the placeholder values with your own:

[Interface]
PrivateKey = <client private key>
Address = 10.0.0.2/24

[Peer]
PublicKey = <server public key>
Endpoint = <server IP address>:51820
AllowedIPs = 0.0.0.0/0

The PrivateKey field is the private key for the client, which you generated earlier. The Address field is the IP address that will be assigned to the client.

The PublicKey field is the public key of the server, which you can find in the server’s WireGuard configuration file. The Endpoint field is the IP address and port of the server. The AllowedIPs field is the IP range that the client will be able to access when connected to the VPN.

Save the configuration file and exit the text editor.

Step 5: Connect to the VPN

Now that the client configuration is created, you can use it to connect to the VPN. On your client device, open the WireGuard client and import the client.conf file. Once imported, click the “Connect” button to establish a connection to the VPN.

You should now be connected to the WireGuard VPN and able to access the internet securely through the VPN tunnel.

Conclusion

In this tutorial, you learned how to set up a WireGuard VPN on CentOS 8. WireGuard is a fast and secure VPN tunnel that is easy to set up and use. With just a few simple steps, you can protect your internet connection and encrypt your data.

By Kevin Williams

Kevin is a Senior Tech at DataPacket. He's a talented Web developer and graphic designer. He is skilled in technical support and always exceeds expectations.

Leave a Reply

Your email address will not be published. Required fields are marked *