{"id":9447,"date":"2021-07-04T10:19:44","date_gmt":"2021-07-04T07:19:44","guid":{"rendered":"https:\/\/kifarunix.com\/?p=9447"},"modified":"2024-03-18T19:52:09","modified_gmt":"2024-03-18T16:52:09","slug":"install-wireguard-vpn-server-on-rocky-linux","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-wireguard-vpn-server-on-rocky-linux\/","title":{"rendered":"Install WireGuard VPN Server on Rocky Linux"},"content":{"rendered":"\n<figure data-wp-context=\"{&quot;uploadedSrc&quot;:&quot;https:\\\/\\\/kifarunix.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/install-wireguard-vpn-on-linux.png&quot;,&quot;figureClassNames&quot;:&quot;wp-block-image size-full&quot;,&quot;figureStyles&quot;:null,&quot;imgClassNames&quot;:&quot;wp-image-20054&quot;,&quot;imgStyles&quot;:null,&quot;targetWidth&quot;:1043,&quot;targetHeight&quot;:585,&quot;scaleAttr&quot;:false,&quot;ariaLabel&quot;:&quot;Enlarge image: Install WireGuard VPN Server on Rocky Linux&quot;,&quot;alt&quot;:&quot;Install WireGuard VPN Server on Rocky Linux&quot;}\" data-wp-interactive=\"core\/image\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"1043\" height=\"585\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/install-wireguard-vpn-on-linux.png?v=1707237999\" alt=\"Install WireGuard VPN Server on Rocky Linux\" class=\"wp-image-20054\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/install-wireguard-vpn-on-linux.png?v=1707237999 1043w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/02\/install-wireguard-vpn-on-linux-768x431.png?v=1707237999 768w\" sizes=\"(max-width: 1043px) 100vw, 1043px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge image: Install WireGuard VPN Server on Rocky Linux\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on-async--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"context.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"context.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewBox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n<p>Follow through this tutorial to learn how to install WireGuard VPN server on Rocky Linux. According <a href=\"https:\/\/www.wireguard.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">wireguard.com<\/a>, <em>WireGuard\u00ae is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry<\/em>.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-wire-guard-vpn-server-on-rocky-linux\">Installing WireGuard VPN Server on Rocky Linux<\/a><ul><li><a href=\"#install-epel-repos\">Install EPEL Repos<\/a><\/li><li><a href=\"#install-el-repo-rpm-repository\">Install ELRepo RPM repository<\/a><\/li><li><a href=\"#install-wire-guard-vpn-server\">Install WireGuard VPN Server<\/a><\/li><li><a href=\"#configuring-wire-guard-vpn-server-on-rocky-linux-8\">Configuring WireGuard VPN Server on Rocky Linux 8<\/a><\/li><li><a href=\"#create-wire-guard-configuration-directory\">Create WireGuard Configuration Directory<\/a><\/li><li><a href=\"#generate-wire-guard-private-public-keys\">Generate WireGuard Private\/Public Keys<\/a><ul><li><a href=\"#generate-wire-guard-private-keys\">Generate WireGuard Private Keys<\/a><\/li><li><a href=\"#generate-wire-guard-public-keys\">Generate WireGuard Public Keys<\/a><\/li><li><a href=\"#generate-both-private-and-public-key-at-once\">Generate Both Private and Public Key at Once<\/a><\/li><\/ul><\/li><li><a href=\"#generate-wire-guard-server-configuration-file\">Generate WireGuard Server Configuration File<\/a><\/li><li><a href=\"#enable-ip-forwarding-on-wire-guard-vpn-server\">Enable IP Forwarding on WireGuard VPN Server<\/a><\/li><li><a href=\"#running-wire-guard-vpn-server\">Running WireGuard VPN Server<\/a><\/li><\/ul><\/li><li><a href=\"#configure-wire-guard-vpn-clients\">Configure WireGuard VPN Clients<\/a><ul><li><a href=\"#generate-wire-guard-vpn-clients-private-public-keys\">Generate WireGuard VPN Clients Private\/Public Keys<\/a><\/li><li><a href=\"#install-and-setup-wire-guard-vpn-client-on-rocky-linux-8-ubuntu-debian\">Install and Setup WireGuard VPN Client on Rocky Linux 8\/Ubuntu\/Debian<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-wire-guard-vpn-server-on-rocky-linux\">Installing WireGuard VPN Server on Rocky Linux<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-epel-repos\">Install EPEL Repos<\/h3>\n\n\n\n<p>WireGuard packages are not available on the default Rocky Linux repositories. To install them, you need EPEL repositories.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install epel-release -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-el-repo-rpm-repository\">Install ELRepo RPM repository<\/h3>\n\n\n\n<p>ELRepo RPM repository provides some of the required WireGuard Modules. You can install ELRepo rpm repository by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install elrepo-release -y<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-wire-guard-vpn-server\">Install WireGuard VPN Server<\/h3>\n\n\n\n<p>To install WireGuard and the required modules, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>yum install kmod-wireguard wireguard-tools<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>Dependencies resolved.\n============================================================================================================================================================================\n Package                                   Architecture                     Version                                                  Repository                        Size\n============================================================================================================================================================================\nInstalling:\n kmod-wireguard                            x86_64                           4:1.0.20210606-1.el8_4.elrepo                            elrepo                           110 k\n wireguard-tools                           x86_64                           1.0.20210424-1.el8                                       epel                             125 k\n\nTransaction Summary\n============================================================================================================================================================================\nInstall  2 Packages\n\nTotal download size: 235 k\nInstalled size: 641 k\nIs this ok [y\/N]: y\n<\/code><\/pre>\n\n\n\n<p>The command installs two WireGuard VPN utilities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>wg<\/strong>: is the configuration utility for getting and setting the configuration of WireGuard tunnel interfaces.<\/li>\n\n\n\n<li><code><strong>wg-quick<\/strong><\/code>: Use to set up a WireGuard interface. Refer to <strong><code>man wg-quick<\/code><\/strong>.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-wire-guard-vpn-server-on-rocky-linux-8\">Configuring WireGuard VPN Server on Rocky Linux 8<\/h3>\n\n\n\n<p>Once the installation is done, you can now proceed to configure WireGuard VPN server on Rocky Linux 8.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-wire-guard-configuration-directory\">Create WireGuard Configuration Directory<\/h3>\n\n\n\n<p>WireGuard dont create any configuration files by default. So first off, create WireGuard configuration directory;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>mkdir \/etc\/wireguard<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-wire-guard-private-public-keys\">Generate WireGuard Private\/Public Keys<\/h3>\n\n\n\n<p>Next, you  need to generate WireGuard based64-encoded private and public keys.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-wire-guard-private-keys\">Generate WireGuard Private Keys<\/h4>\n\n\n\n<p>Private keys can be generated using <strong><code>wg genkey<\/code><\/strong> command as follows:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>umask 077<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg genkey<\/code><\/pre>\n\n\n\n<p>The command will print the private key to stdout. To write to a file, simply run;<\/p>\n\n\n\n<pre id=\"block-d41492a7-b691-41ff-8fa9-ce85825bd2ff\" class=\"wp-block-preformatted\">wg genkey &gt; \/etc\/wireguard\/wireguard.key<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-wire-guard-public-keys\">Generate WireGuard Public Keys<\/h4>\n\n\n\n<p>Public keys can be generated from the privates using <strong><code>wg pubkey<\/code><\/strong> command. The command similarly prints the key to standard output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg pubkey &lt; \/etc\/wireguard\/wireguard.key<\/code><\/pre>\n\n\n\n<p>To write to a file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg pubkey &lt; \/etc\/wireguard\/wireguard.key &gt; \/etc\/wireguard\/wireguard.pub.key<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-both-private-and-public-key-at-once\">Generate Both Private and Public Key at Once<\/h4>\n\n\n\n<p>You can run the command below to genereate WireGuard private key and public key at the same time;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg genkey | tee \/etc\/wireguard\/wireguard.key | wg pubkey &gt; \/etc\/wireguard\/wireguard.pub.key<\/code><\/pre>\n\n\n\n<p>Below are the contents of my private and public keys;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/wireguard\/wireguard.key<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>cPjxCJPn6YRZQh4wn4jN2LAPlYOjT2b4v0N+qsu5+1U=<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/wireguard\/wireguard.pub.key<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>60UScq0EQ7ZHXIdHcOnjFYK6N\/TLtmtPGTBqLwLd0WY=<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-wire-guard-server-configuration-file\">Generate WireGuard Server Configuration File<\/h3>\n\n\n\n<p>Once that is  done, you can now generate WireGuard configuration file, <strong><code>\/etc\/wireguard\/INTERFACE.conf<\/code><\/strong>.<\/p>\n\n\n\n<p><em>Recommended <strong>INTERFACE<\/strong> names include &#8216;wg0&#8217; or &#8216;wgvpn0&#8217; or even &#8216;wgmgmtlan0&#8217;. However, the number at the end is in fact optional, and really any free-form string [a-zA-Z0-9_=+.-]{1,15} will work. So even interface names corresponding to geographic locations would suffice, such as &#8216;cincinnati&#8217;, &#8216;nyc&#8217;, or &#8216;paris&#8217;, if that&#8217;s somehow desirable.<\/em><\/p>\n\n\n\n<p>You can simply run the command below to create a config file, named, <strong><code>\/etc\/wireguard\/wg0.conf<\/code><\/strong>.<\/p>\n\n\n\n<p><strong>Be sure to replace the private key<\/strong> accordingly.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt; \/etc\/wireguard\/wg0.conf &lt;&lt; 'EOL'\n[Interface]\nAddress = 10.8.0.1\/24\nSaveConfig = true\nListenPort = 51820\nDNS\t   = 8.8.8.8,10.8.0.1\nPrivateKey = cPjxCJPn6YRZQh4wn4jN2LAPlYOjT2b4v0N+qsu5+1U=\nPostUp = firewall-cmd --add-port=51820\/udp; firewall-cmd --zone=public --add-masquerade; firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE\nPostDown = firewall-cmd --remove-port=51820\/udp; firewall-cmd --zone=public --remove-masquerade; firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE\nEOL\n<\/code><\/pre>\n\n\n\n<p>You can get explanation of the configuration options from <strong><code>man wg-quick<\/code><\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Address<\/strong>: a comma-separated list of IP (v4 or v6) addresses (optionally with CIDR masks) to be assigned to the interface. May be specified multiple<br>times.<\/li>\n\n\n\n<li><strong>ListenPort<\/strong>: WireGuard starts at <strong>51820\/UDP<\/strong> by default. However, you can choose any free higher range port.<\/li>\n\n\n\n<li><strong>DNS<\/strong> : a comma-separated list of IP (v4 or v6) addresses to be set as the interface&#8217;s DNS servers, or non-IP hostnames to be set as the interface&#8217;s DNS search domains. May be specified multiple times.<\/li>\n\n\n\n<li><strong>PrivateKey<\/strong>: The key extracted from the Private key file created above, \/etc\/wireguard\/wireguard.key<\/li>\n\n\n\n<li><strong>PostUp, PostDown<\/strong>: script snippets which will be executed before\/after setting up\/tearing down the interface, most commonly used to configure custom DNS options or firewall rules.<\/li>\n\n\n\n<li><strong>SaveConfig<\/strong>: if set to &#8216;true&#8217;, the configuration is saved from the current state of the interface upon shutdown. Any changes made to the configuration file before the interface is removed will therefore be overwritten.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-ip-forwarding-on-wire-guard-vpn-server\">Enable IP Forwarding on WireGuard VPN Server<\/h3>\n\n\n\n<p>To route packets between VPN clients, you need to enable Kernel IP forwarding by simply running the command below:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo \"net.ipv4.ip_forward = 1\" &gt;&gt; \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\n<p>Reload sysctl settings<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sysctl -p<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"running-wire-guard-vpn-server\">Running WireGuard VPN Server<\/h3>\n\n\n\n<p>You can run WireGuard by bringing up the WireGuard VPN server interface using the <strong><code>wg-quick<\/code><\/strong> command or by using <strong><code>systemd<\/code><\/strong> service.<\/p>\n\n\n\n<p>To use <strong><code>wg-quick <\/code><\/strong>command to bring up the interface.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg-quick up wg0<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>[#] ip link add wg0 type wireguard\n[#] wg setconf wg0 \/dev\/fd\/63\n[#] ip -4 address add 10.8.0.1\/24 dev wg0\n[#] ip link set mtu 1420 up dev wg0\n[#] firewall-cmd --add-port=51820\/udp; firewall-cmd --zone=public --add-masquerade; firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE\nsuccess\nsuccess\nsuccess\nsuccess\n<\/code><\/pre>\n\n\n\n<p>Checking the wg0 interface details:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ip add show wg0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>5: wg0: &lt;POINTOPOINT,NOARP,UP,LOWER_UP&gt; mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000\n    link\/none \n    inet 10.8.0.1\/24 scope global wg0\n       valid_lft forever preferred_lft forever<\/code><\/pre>\n\n\n\n<p>Listing Firewall rules on an active interface;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --list-all<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>public\n  target: default\n  icmp-block-inversion: no\n  interfaces: \n  sources: \n  services: dhcpv6-client ssh\n  ports: 51820\/udp\n  protocols: \n  masquerade: yes\n  forward-ports: \n  source-ports: \n  icmp-blocks: \n  rich rules: \n<\/code><\/pre>\n\n\n\n<p>To use systemd service to manage WireGuard, simply run the command below to start it.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start wg-quick@wg0<\/code><\/pre>\n\n\n\n<p>To check the status;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl status wg-quick@wg0<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/wg-quick@.service; disabled; vendor preset: disabled)\n   Active: active (exited) since Sat 2021-07-03 21:24:49 EAT; 1h 5min ago\n     Docs: man:wg-quick(8)\n           man:wg(8)\n           https:\/\/www.wireguard.com\/\n           https:\/\/www.wireguard.com\/quickstart\/\n           https:\/\/git.zx2c4.com\/wireguard-tools\/about\/src\/man\/wg-quick.8\n           https:\/\/git.zx2c4.com\/wireguard-tools\/about\/src\/man\/wg.8\n  Process: 5304 ExecStop=\/usr\/bin\/wg-quick down wg0 (code=exited, status=0\/SUCCESS)\n  Process: 5337 ExecStart=\/usr\/bin\/wg-quick up wg0 (code=exited, status=0\/SUCCESS)\n Main PID: 5337 (code=exited, status=0\/SUCCESS)\n\nJul 03 21:24:47 elk.kifarunix-demo.com systemd[1]: Starting WireGuard via wg-quick(8) for wg0...\nJul 03 21:24:47 elk.kifarunix-demo.com wg-quick[5337]: [#] ip link add wg0 type wireguard\nJul 03 21:24:47 elk.kifarunix-demo.com wg-quick[5337]: [#] wg setconf wg0 \/dev\/fd\/63\nJul 03 21:24:47 elk.kifarunix-demo.com wg-quick[5337]: [#] ip -4 address add 10.8.0.1\/24 dev wg0\nJul 03 21:24:47 elk.kifarunix-demo.com wg-quick[5337]: [#] ip link set mtu 1420 up dev wg0\nJul 03 21:24:47 elk.kifarunix-demo.com wg-quick[5337]: [#] firewall-cmd --zone=public --add-port 51820\/udp --permanent;firewall-cmd --zone=public --add-masquerade --perman&gt;\nJul 03 21:24:48 elk.kifarunix-demo.com wg-quick[5337]: success\nJul 03 21:24:48 elk.kifarunix-demo.com wg-quick[5337]: success\nJul 03 21:24:49 elk.kifarunix-demo.com wg-quick[5337]: success\nJul 03 21:24:49 elk.kifarunix-demo.com systemd[1]: Started WireGuard via wg-quick(8) for wg0.\n<\/code><\/pre>\n\n\n\n<p>To enable it to run on boot;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl enable wg-quick@wg0<\/code><\/pre>\n\n\n\n<p>To stop the WireGuard VPN, run;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg-quick down wg0<\/code><\/pre>\n\n\n\n<p>Or<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl stop wg-quick@wg0<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configure-wire-guard-vpn-clients\">Configure WireGuard VPN Clients<\/h2>\n\n\n\n<p>Once the server is setup, you can now proceed to configure WireGuard VPN clients.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-wire-guard-vpn-clients-private-public-keys\">Generate WireGuard VPN Clients Private\/Public Keys<\/h3>\n\n\n\n<p>To begin with, you need to generate the clients keys. You can use the same command as used above while generating the keys for the server.<\/p>\n\n\n\n<p>The command below generates keys for our three test servers.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>for i in ubuntu debian rocky8; do wg genkey | tee \/etc\/wireguard\/$i.key | wg pubkey &gt; \/etc\/wireguard\/$i.pub.key; done<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ls -1 \/etc\/wireguard<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>debian.key\ndebian.pub.key\nrocky8.key\nrocky8.pub.key\nubuntu.key\nubuntu.pub.key\nwg0.conf\nwireguard.key\nwireguard.pub.key\n<\/code><\/pre>\n\n\n\n<p>Checking the contents of each keys;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/wireguard\/debian.key \/etc\/wireguard\/debian.pub.key<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>UMXEH1lTn7OF+fgBswsdDJU6NAu7N5or43FPWP1EyWY=\nYitAHwAT+8Z6JR8iWBRzCdD3uXEujkT8uftOMWnBqjw=<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/wireguard\/ubuntu.key \/etc\/wireguard\/ubuntu.pub.key<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>qJ2Sczxh8QWO5ZHlN+zZ4IaaMzmnMtgITLfQ0cam82M=\nCcBg7ik7RnXkNSabIY8fjeZqoNOWUu6PfMwH6MmLGl4=<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/wireguard\/rocky8.key \/etc\/wireguard\/rocky8.pub.key<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>kIn6rA7W9MbGdZxRtziFN1DCJsqCi\/hAdwhyH76cyU4=\n0yjtKHIH2SCZwuA6j0EboagraEdWHWZH++QxM4hWAgs=<\/code><\/pre>\n\n\n\n<p>Next, you need to add the client peer settings in the WireGuard VPN Server configuration file as shown below. Be sure to replace the Public Keys for the respective clients accordingly.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>cat &gt;&gt; \/etc\/wireguard\/wg0.conf &lt;&lt; 'EOL'\n\n[Peer]\nPublicKey = CcBg7ik7RnXkNSabIY8fjeZqoNOWUu6PfMwH6MmLGl4=\nAllowedIPs = 10.8.0.10\n\n[Peer]\nPublicKey = YitAHwAT+8Z6JR8iWBRzCdD3uXEujkT8uftOMWnBqjw=\nAllowedIPs = 10.8.0.20\n\n[Peer]\nPublicKey = 0yjtKHIH2SCZwuA6j0EboagraEdWHWZH++QxM4hWAgs=\nAllowedIPs = 10.8.0.30\nEOL\n<\/code><\/pre>\n\n\n\n<p>Our WireGuard VPN server configuration file now looks like;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>cat \/etc\/wireguard\/wg0.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[Interface]\nAddress = 10.8.0.1\/24\nSaveConfig = true\nPostUp = firewall-cmd --add-port=51820\/udp; firewall-cmd --zone=public --add-masquerade; firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE\nPostDown = firewall-cmd --remove-port=51820\/udp; firewall-cmd --zone=public --remove-masquerade; firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT; firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE\nListenPort = 51820\nPrivateKey = cPjxCJPn6YRZQh4wn4jN2LAPlYOjT2b4v0N+qsu5+1U=\n\n[Peer]\nPublicKey = CcBg7ik7RnXkNSabIY8fjeZqoNOWUu6PfMwH6MmLGl4=\nAllowedIPs = 10.8.0.10\n\n[Peer]\nPublicKey = YitAHwAT+8Z6JR8iWBRzCdD3uXEujkT8uftOMWnBqjw=\nAllowedIPs = 10.8.0.20\n\n[Peer]\nPublicKey = 0yjtKHIH2SCZwuA6j0EboagraEdWHWZH++QxM4hWAgs=\nAllowedIPs = 10.8.0.30\n<\/code><\/pre>\n\n\n\n<p>Reload WireGuard;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>wg syncconf wg0 &lt;(wg-quick strip wg0)<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-and-setup-wire-guard-vpn-client-on-rocky-linux-8-ubuntu-debian\">Install and Setup WireGuard VPN Client on Rocky Linux 8\/Ubuntu\/Debian<\/h3>\n\n\n\n<p>Follow the link below to learn how to install and setup WireGuard VPN clients.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-wireguard-vpn-client-on-rocky-linux-ubuntu-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install WireGuard VPN Client on Rocky Linux\/Ubuntu\/Debian<\/a><\/p>\n\n\n\n<p>That concludes our guide on how to install WireGuard VPN Server.<\/p>\n\n\n\n<p>Read more on <a href=\"https:\/\/www.wireguard.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">WireGuard page<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-openvpn-server-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Setup OpenVPN Server on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-openvpn-client-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Configure OpenVPN Client on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/monitor-openvpn-connections-with-prometheus-and-grafana\/\" target=\"_blank\" rel=\"noreferrer noopener\">Monitor OpenVPN Connections with Prometheus and Grafana<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Follow through this tutorial to learn how to install WireGuard VPN server on Rocky Linux. According wireguard.com, WireGuard\u00ae is an extremely simple yet fast and<\/p>\n","protected":false},"author":1,"featured_media":9478,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,121,321],"tags":[3786,3587,323,3790,3791,3789,3788,3787],"class_list":["post-9447","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-howtos","category-vpn","tag-install-wireguard-on-rocky-linux","tag-rocky-linux-8","tag-vpn","tag-wg","tag-wg-quick","tag-wireguard","tag-wireguard-vpn","tag-wireguard-vpn-rocky-linux-8","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9447"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=9447"}],"version-history":[{"count":15,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9447\/revisions"}],"predecessor-version":[{"id":21748,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/9447\/revisions\/21748"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9478"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=9447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=9447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=9447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}