Install and Configure WireGuard VPN
Wireguard is a very simple, fast and secure VPN solution. It is being widely adopted and heavily developed.
Installation in Centos 7:
yum install kernel-devel kernel-headers # you have to install kernel headers first
yum install epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum install yum-plugin-elrepo
yum install kmod-wireguard wireguard-tools
yum install qrencode
modprobe wireguard
If the modprob does not work, you may have to reboot the machine.
Installation in Raspberry PI
apt update && apt upgrade
apt install raspberrypi-kernel-headers libelf-dev libmnl-dev build-essential git
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt install dirmngr
wget -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add -
apt update
apt install wireguard
Configuration
Create Keys for Servers
umask 077
wg genkey | tee server-private.key | wg pubkey > server-public.key
wg set wg0-server listen-port 35535 private-key server-private.key #or < (wg genkey) instead of filename
wg-quick save wg0-server
Create Server Configuration File
[Interface]
Address = $_TUNNEL_IP_CIDR
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = $_LISTEN_PORT
PrivateKey = _$SERVER_PRIVATE_KEY_
[Peer]
PublicKey = $CLIENT_PUBLIC_KEY
AllowedIPs = $CLIENT_IP_CIDR
Create Client Configuration File
[Interface]
Address = $_VPN_IP
PrivateKey = $_PRIVATE_KEY
[Peer]
PublicKey = $_SERVER_PUBLIC_KEY
AllowedIPs = $_CIDR_TO_BE_ROUTED_SEPARATED_BY_COMMA
Endpoint = $_SERVER_IP_ADDRESS:PORT_
Enable IP Forwarding on Server:
vi /etc/sysctl.d/wireguard.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
sysctl -p /etc/sysctl.d/wireguard.conf
Generate QR Code for Mobile Clients:
qrencode -t ansiutf8 < client.conf
or just copy the client configuration file.