How to Install WireGuard on CentOS 8

Install WireGuard on CentOS 8

In this article, we will have explained the necessary steps to install and configure WireGuard on CentOS 8. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

WireGuard is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It can be installed in many operating systems including Windows, macOS, BSD, iOS, Linux, and Android.

Install WireGuard on CentOS 8

Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.

sudo dnf install epel-release
sudo dnf update

Step 2. Install WireGuard on the CentOS system.

WireGuard tools and kernel modules are available for installation from the Epel and Elrepo repositories. Now add the repositories to your CentOS system:

sudo dnf install -y elrepo-release epel-release

Once done, install the WireGuard packages using the command below:

sudo dnf install kmod-wireguard wireguard-tools

Step 3. Configure WireGuard VPN.

The configuration files of WireGuard located in /etc/wireguard the directory. Now encrypted communication WireGuard uses a public/private key pair. Therefore, we need to generate a Public/Private key pair for WireGuard:

wg genkey | tee /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key

Next, Create a WireGuard interface, you can use your preferred name for the interface but the default and the recommended name is wg0:

sudo nano /etc/wireguard/wg0.conf

Add the following directives in this file:

Address =
SaveConfig = true
ListenPort = 51820
PostUp     = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade
PostDown   = firewall-cmd --zone=public --remove-port 51820/udp && firewall-cmd --zone=public --remove-masquerade

Once done, set file permissions on critical files for improved security:

chmod 600 /etc/wireguard/{private.key,wg0.conf}

Now, bring the wg0 interface up using the attributes specified in the configuration file:

wg-quick up wg0

To enable autostart of wg0 interface at the time of CentOS 8 server startup. We need to enable the wg-quick service as follows:

systemctl enable wg-quick@wg0.service

Step 4. Enable IP Forwarding on the CentOS system.

IP Forwarding is by-default disabled in CentOS 8. We need to explicitly enable it in Kernel configurations as follows:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/99-custom.conf
sysctl -p

That’s all you need to do to install WireGuard VPN on CentOS 8. I hope you find this quick tip helpful. For further reading on WireGuard, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.