Configuring and starting WireGuard

Installing WireGuard on the Server

1. Install the WireGuard tools

   sudo dnf install wireguard-tools
   

2. Generate a private key for the server

   wg genkey | sudo tee /etc/wireguard/server.key
   

3. Generate a public key for the server

   sudo cat /etc/wireguard/server.key | wg pubkey | sudo tee /etc/wireguard/server.pub
   

4. Create the WireGuard configuration file /etc/wireguard/wg0.conf with the following content:

   [Interface]
   PrivateKey = <Insert Server Private Key Here>
   Address = 10.20.10.1
   ListenPort = 51820
   

5. Generate a private key for the client

   wg genkey | sudo tee /etc/wireguard/client.key
   

6. Generate a public key for the client

   sudo cat /etc/wireguard/client.key | wg pubkey | sudo tee /etc/wireguard/client.pub
   

7. Add the client public key to the server configuration file /etc/wireguard/wg0.conf:

   [Peer]
   PublicKey = <Insert Client Public Key Here>
   AllowedIPs = 10.20.10.2
   

8. Allow udp traffic on port 51820 in the firewall

   sudo ufw allow 51820/udp
   

9. Enable IP forwarding by editing /etc/sysctl.conf and adding the line:

   net.ipv4.ip_forward = 1
   

10. Apply the changes:

    sudo sysctl -p
    

11. Start the WireGuard interface:

    sudo wg-quick up wg0
    

12. Enable the WireGuard service to start on boot:

    sudo systemctl enable wg-quick@wg0