WireGuard is an open-source software and communication protocol that uses VPN solutions to establish point-to-point connections. In this article, we intend to teach you step by step How to Install WireGuard VPN Server on AlmaLinux. It should also be noted that if you intend to buy a Linux VPS server, you can visit the packages provided on the Eldernode website.
2 Step to Setup WireGuard on AlmaLinux
Introdction to WireGuard
WireGuard is a modern Virtual Private Network technology with advanced encryption. Compared to other similar methods, such as IPsec and OpenVPN, WireGuard technology is faster, easier to configure, and better performing. The platform runs on almost any system, including Linux, Windows, Android, and macOS.
Wireguard works by creating a network on each device that acts as a tunnel. VPN traffic in WireGuard is UDP. Simply put, WireGuard is a free and open-source application software and a communication protocol that uses a virtual private network method to establish point-to-point communication in routing (network).
This program runs as a module in the Linux kernel, which aims to improve performance over OpenVPN and IPsec in the tunneling protocol.
Installing WireGuard VPN Server on AlmaLinux
After getting acquainted with WireGuard in the previous section, now we are going to explain how to install it on AlmaLinux. To do this, just follow the steps below.
In the first step, you should update the system by running the following command:
sudo dnf update
After the update, you must reboot the system with the help of the following command:
Install the WireGuard packages that are not in the Almalinux repository using the following command:
sudo dnf install -y epel-release elrepo-release
Now it’s time to install WireGuard and its required dependencies by running the following command:
sudo dnf install kmod-wireguard wireguard-tools
When installing the program, if you are asked a question, it is necessary to continue the installation process by typing y and then pressing enter.
How to Configure WireGuard VPN Server on AlmaLinux
After you learned how to install WireGuard VPN on AlmaLinux in the previous section, now we want to teach you how to configure it.
The first step to configure WireGuard VPN is to create a WireGuard working directory using the following command. It should be noted that doing this causes configuration files to be stored by WireGuard in that directory:
sudo mkdir /etc/wireguard
Here you need to generate WireGuard public and private keys. You can generate private keys by running the following command:
umask 077 | wg genkey | sudo tee /etc/wireguard/wireguard.key
In the next step, you need to confirm that the file is written in the above directory:
Now you need to generate the public key by running the following command:
wg pubkey < /etc/wireguard/wireguard.key > /etc/wireguard/wireguard.pub.key
Again, you need to verify the contents of the public key file using the following command:
Next, you need to create a network configuration for WireGuard:
sudo vim /etc/wireguard/wg0.conf
[Interface] Address = 10.10.10.1/24 SaveConfig = true ListenPort = 51820 DNS = 184.108.40.206,10.10.10.1,220.127.116.11 PrivateKey = <SERVER-PRIVATE-KEY> PostUp = firewall-cmd --add-port=51820/udp; firewall-cmd --zone=public --add-masquerade; firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE PostDown = firewall-cmd --remove-port=51820/udp; firewall-cmd --zone=public --remove-masquerade; firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE
To enable IP Forwarding, you need to add the following line in the configuration file:
net.ipv4.ip forward = 1
It should be noted that by enabling IP forwarding, packet routing will be allowed for VPN clients to their respective destinations:
echo “net.ipv4.ip_forward = 1” | sudo tee -a /etc/sysctl.conf
Finally, you can reload the sysctl configuration by running the following command:
sudo sysctl -p
How to Start WireGuard VPN Server on AlmaLinux
After you have successfully installed and configured WireGuard, in this section we will teach you how to start it on AlmaLinux. You can start WireGuard using the following command:
sudo wg-quick up wg0
Now you can start the service by running the following command:
sudo systemctl start [email protected]
You can also view the status of WireGuard by using the following command:
systemctl status [email protected]
Using different encryption packages, WireGuard focuses on encryptions that appear to be among the most secure. Also, it makes security auditing easier by using a smaller code base than OpenVPN and IPsec (around 4000 code lines). In this article, we tried to be with you by teaching how to install WireGuard VPN Server on AlmaLinux. If you have any questions, you can share them with us in the comments section.