WireGuard is an open-source software and communication protocol that uses VPN solutions to establish point-to-point connections. In this article, we intend to teach you step by step How to Install WireGuard VPN Server on AlmaLinux. It should also be noted that if you intend to buy a Linux VPS server, you can visit the packages provided on the Eldernode website.
Table of Contents
2 Step to Setup WireGuard on AlmaLinux
Introdction to WireGuard
WireGuard is a modern Virtual Private Network technology with advanced encryption. Compared to other similar methods, such as IPsec and OpenVPN, WireGuard technology is faster, easier to configure, and better performing. The platform runs on almost any system, including Linux, Windows, Android, and macOS.
Wireguard works by creating a network on each device that acts as a tunnel. VPN traffic in WireGuard is UDP. Simply put, WireGuard is a free and open-source application software and a communication protocol that uses a virtual private network method to establish point-to-point communication in routing (network).
This program runs as a module in the Linux kernel, which aims to improve performance over OpenVPN and IPsec in the tunneling protocol.
Installing WireGuard VPN Server on AlmaLinux
After getting acquainted with WireGuard in the previous section, now we are going to explain how to install it on AlmaLinux. To do this, just follow the steps below.
In the first step, you should update the system by running the following command:
sudo dnf updateAfter the update, you must reboot the system with the help of the following command:
sudo rebootInstall the WireGuard packages that are not in the Almalinux repository using the following command:
sudo dnf install -y epel-release elrepo-releaseNow it’s time to install WireGuard and its required dependencies by running the following command:
sudo dnf install kmod-wireguard wireguard-toolsWhen installing the program, if you are asked a question, it is necessary to continue the installation process by typing y and then pressing enter.
How to Configure WireGuard VPN Server on AlmaLinux
After you learned how to install WireGuard VPN on AlmaLinux in the previous section, now we want to teach you how to configure it.
The first step to configure WireGuard VPN is to create a WireGuard working directory using the following command. It should be noted that doing this causes configuration files to be stored by WireGuard in that directory:
sudo mkdir /etc/wireguardHere you need to generate WireGuard public and private keys. You can generate private keys by running the following command:
umask 077 | wg genkey | sudo tee /etc/wireguard/wireguard.keyIn the next step, you need to confirm that the file is written in the above directory:
cat /etc/wireguard/wireguard.keyNow you need to generate the public key by running the following command:
wg pubkey < /etc/wireguard/wireguard.key > /etc/wireguard/wireguard.pub.keyAgain, you need to verify the contents of the public key file using the following command:
cat /etc/wireguard/wireguard.pub.keyNext, you need to create a network configuration for WireGuard:
sudo vim /etc/wireguard/wg0.conf[Interface] Address = 10.10.10.1/24 SaveConfig = true ListenPort = 51820 DNS = 8.8.8.8,10.10.10.1,1.1.1.1 PrivateKey = <SERVER-PRIVATE-KEY> PostUp = firewall-cmd --add-port=51820/udp; firewall-cmd --zone=public --add-masquerade; firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE PostDown = firewall-cmd --remove-port=51820/udp; firewall-cmd --zone=public --remove-masquerade; firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADETo enable IP Forwarding, you need to add the following line in the configuration file:
net.ipv4.ip forward = 1It should be noted that by enabling IP forwarding, packet routing will be allowed for VPN clients to their respective destinations:
echo “net.ipv4.ip_forward = 1” | sudo tee -a /etc/sysctl.conf
Finally, you can reload the sysctl configuration by running the following command:
sudo sysctl -pHow to Start WireGuard VPN Server on AlmaLinux
After you have successfully installed and configured WireGuard, in this section we will teach you how to start it on AlmaLinux. You can start WireGuard using the following command:
sudo wg-quick up wg0Now you can start the service by running the following command:
sudo systemctl start wg-quick@wg0You can also view the status of WireGuard by using the following command:
systemctl status wg-quick@wg0Conclusion
Using different encryption packages, WireGuard focuses on encryptions that appear to be among the most secure. Also, it makes security auditing easier by using a smaller code base than OpenVPN and IPsec (around 4000 code lines). In this article, we tried to be with you by teaching how to install WireGuard VPN Server on AlmaLinux. If you have any questions, you can share them with us in the comments section.
sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
Error: Unknown device type.
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device “wg0”
You can know your current kernel version in the first step by running the following command:
uname --kernel-release4.19.0-14-cloud-amd64You can then use the following command to see what is available:
apt list linux-headers-*In the next step, you can install the kernel headers by running the following command:
apt install linux-headers-cloud-amd64Finally, install the wireguard-dkms package and reboot the system:
apt install --reinstall wireguard-dkmsreboot