This guide covers the steps required to install and configure WireGuard on both Debian-based and Red Hat-based systems.
Before starting, ensure you have root or sudo privileges on the system.
sudo apt update
sudo apt install -y make gcc libmnl-dev libelf-dev pkg-config linux-headers-$(uname -r)
sudo dnf install -y make gcc libmnl-devel elfutils-libelf-devel pkgconf-pkg-config kernel-headers kernel-devel
For both distributions, you can compile WireGuard tools from source:
git clone https://git.zx2c4.com/wireguard-tools.git
cd wireguard-tools/src
make -j$(nproc) # Compiles the tools using all available CPU cores
sudo make install # Installs the compiled tools
sudo apt update
sudo apt install -y wireguard-tools
sudo dnf install -y wireguard-tools
Verify the installation:
wg --version
Create a WireGuard configuration file for the server:
sudo nano /etc/wireguard/wg0.conf
[Interface]
# The private IP address of the server on the VPN
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
[Peer]
PublicKey = <client_public_key>
# Allow the entire subnet or a single IP for the client
AllowedIPs = 10.0.0.2/32
[Peer]
PublicKey = <client2_public_key>
# Allow entire traffic from the client to pass through the VPN
AllowedIPs = 0.0.0.0/0
Enable IP forwarding to route traffic through the VPN:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo sysctl -w net.ipv4.ip_forward=1
To make it persistent:
echo "net.ipv4.ip_forward = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0
Create a configuration file on the client machine:
sudo nano /etc/wireguard/wg0.conf
[Interface]
# The private IP address of the client on the VPN
Address = 10.0.0.2/24
PrivateKey = <client_private_key>
[Peer]
PublicKey = <server_public_key>
Endpoint = <server_public_ip>:51820
AllowedIPs = 10.0.0.0/24
For routing all traffic through WireGuard:
AllowedIPs = 0.0.0.0/0
sudo wg-quick up wg0
sudo systemctl enable wg-quick@wg0
On both the server and the client, check the WireGuard status:
wg show
wg show
for active connections.