How to Install and Configure Wireguard VPN Server on Fedora

WireGuard is an open-source and modern VPN solution known for its simplicity and ease of use. Initially designed for Linux, it is now also available for MacOS, BSD, IOS, and Android. Compared to other VPN software, WireGuard is simple and easy to set up. It also provides client apps for desktops and mobile devices from the platform app store. If you are looking for a simple and user-friendly VPN solution then WireGuard is the best option for you.

This post will show you how to install WireGuard VPN on Fedora.|

Step 1 – Enable IP Forwarding

Before starting, you will need to set up IP forwarding on your server. To do so, create a new file.

nano /etc/sysctl.d/99-custom.conf

Add the following line.

net.ipv4.ip_forward=1

Save and close the file, then apply the above configuration with the following command.

sysctl -p /etc/sysctl.d/99-custom.conf

Step 2 – Install WireGuard VPN

First, install the WireGuard package using the following command.

dnf install wireguard-tools -y

Next, generate a public and private key using the following command.

wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey

You will see the generated key in the following output.

LR9Sv+v+wRat5+Ui4gbfSamfNFIjce6hbG5UJATD3Tc=

Step 3 – Configure WireGuard VPN

Next, create a new configuration file with the following command.

nano /etc/wireguard/wg0.conf

Add the following configurations.

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = <replace-with-your-generated-private-key>
PostUp     = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade
PostDown   = firewall-cmd --zone=public --remove-port 51820/udp && firewall-cmd --zone=public --remove-masquerade

Note: Replace the PrivateKey with your generated private key.

Now, start the firewalld service with the following command.

systemctl start firewalld

Step 4 – Enable WireGuard Interface

At this point, WireGuard is installed and configured. Now, you can bring up the WireGuard interface with the following command.

wg-quick up wg0

You will see the following output.

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade
success

You can verify your WireGuard installation with the following command.

wg show wg0

If everything is fine, you will see the following output.

interface: wg0
  public key: 0xQfsv/vwayO9aesmpD25t6DGmgF74daHXHLv4n3XW4=
  private key: (hidden)
  listening port: 51820

Next, enable the WireGuard interface to start at system boot.

systemctl enable wg-quick@wg0

Step 5 – Install and Configure WireGuard Client

First, install the WireGuard VPN client on the client machine.

dnf install wireguard-tools -y

Next, generate a public and private key with the following command.

wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey

Output:

SRF4C7HGesORyRhguW44OG0eSOz2u80la2QmtWAUbVU=

Next, create a WireGuard client configuration file.

nano /etc/wireguard/wg0.conf

Add the following lines.

[Interface]
PrivateKey = SRF4C7HGesORyRhguW44OG0eSOz2u80la2QmtWAUbVU=
Address = 10.0.0.2/24

[Peer]
PublicKey = LR9Sv+v+wRat5+Ui4gbfSamfNFIjce6hbG5UJATD3Tc=
Endpoint = server-ip:51820
AllowedIPs = 0.0.0.0/0

Note: Replaced PrivateKey with your client key and PublicKey with your server key.

Now, run the following command on your server machine to add your client key.

wg set wg0 peer SRF4C7HGesORyRhguW44OG0eSOz2u80la2QmtWAUbVU= allowed-ips 10.0.0.2

Note: Replaced SRF4C7HGesORyRhguW44OG0eSOz2u80la2QmtWAUbVU with your key generated on the client machine.

Finally, bring up the WireGuard interface on the client machine.

wg-quick up wg0

Output:

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.0.2/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820

Now, go back to your server machine and verify your VPN connection using the following command.

wg

You should see the allocated IP address of the client machine in the following output.

 
interface: wg0
  public key: 0xQfsv/vwayO9aesmpD25t6DGmgF74daHXHLv4n3XW4=
  private key: (hidden)
  listening port: 51820

peer: SRF4C7HGesORyRhguW44OG0eSOz2u80la2QmtWAUbVU=
  allowed ips: 10.0.0.2/32

Conclusion

In this post, we showed you how to install the WireGuard VPN server on Fedora. You can now use VPN to protect your users by encrypting user data and masking their IP addresses. You can now try to implement WireGuard VPN on dedicated server hosting from Atlantic.Net!