Assign Public IPv4 & IPv6 Wireguard Rocky Linux
Tested in Rocky Linux 9
Prerequisite
Section titled “Prerequisite”- IPv4 allocation minimum /30 or IPv6
- Client Server
- VPS or VM for Wireguard Server
- SELinux is running in permissive mode
setenforce permissivereboot- Disable Firewalldsystemctl stop firewalldsystemctl disable firewalldEnable Wireguard Kernel Module
Section titled “Enable Wireguard Kernel Module”modprobe wireguardlsmod | grep wireguardecho wireguard > /etc/modules-load.d/wireguard.confInstall Wireguard
Section titled “Install Wireguard”dnf install wireguard-toolsGenerate Server Key Pair
Section titled “Generate Server Key Pair”wg genkey | tee /etc/wireguard/server.keychmod 0400 /etc/wireguard/server.keycat /etc/wireguard/server.key | wg pubkey | tee /etc/wireguard/server.pubcat /etc/wireguard/server.keycat /etc/wireguard/server.pubGenerate Client Key Pair
Section titled “Generate Client Key Pair”mkdir -p /etc/wireguard/clientswg genkey | tee /etc/wireguard/clients/client1.keycat /etc/wireguard/clients/client1.key | wg pubkey | tee /etc/wireguard/clients/client1.pubcat /etc/wireguard/clients/client1.keycat /etc/wireguard/clients/client1.pubConfigure Wireguard - Server Side
Section titled “Configure Wireguard - Server Side”vi /etc/wireguard/wg0.confServer Side Configuration
Section titled “Server Side Configuration”[Interface]# Wireguard Server private key - server.keyPrivateKey = # Copy Server private key here# Wireguard interface will be run at 10.8.0.1Address = 10.8.0.1/24, fd00::1/64 #any IP private network
# Clients will connect to UDP port 51820ListenPort = 51820
# Ensure any changes will be saved to the Wireguard config fileSaveConfig = true
# Change IPv6_CLIENT_ASSIGN to ipv6 public and ens33 to your interfacePostUp=ip -6 neigh add proxy IPv6_CLIENT_ASSIGN dev ens33PostDown=ip -6 neigh del proxy IPv6_CLIENT_ASSIGN dev ens33
[Peer]# Wireguard client public key - client1.pubPublicKey = # Copy client public key here# clients' VPN IP addresses you allow to connect# possible to specify subnet ⇒ [172.16.100.0/24]AllowedIPs = # copy IP Public/cidrPort Forwarding
Section titled “Port Forwarding”vi /etc/sysctl.conf# Port Forwarding for IPv4net.ipv4.ip_forward=1net.ipv4.conf.all.proxy_arp=1
# Port forwarding for IPv6net.ipv6.conf.all.forwarding=1net.ipv6.conf.all.proxy_ndp=1sysctl -preboot #preferedStart Wireguard Server
Section titled “Start Wireguard Server”Configure Wireguard - Client Side
Section titled “Configure Wireguard - Client Side”This configuration is implemented on your client-side. Adjust based on your system.
vi /etc/wireguard/wg0.confClient Side Configuration
Section titled “Client Side Configuration”[Interface]Address = # copy ip public allocation for client# Wireguard Client private key - client1.keyPrivateKey = # Copy client private key here
[Peer]# Wireguard Server public key - server.pubPublicKey = #Copy server public key hereAllowedIPs = 0.0.0.0/0,::/0 # makes your home server send all outbound packets via this tunnelEndpoint = # copy wireguard ip public:port# Sending Keepalive every 25 secPersistentKeepalive = 25Maintainance Server
Section titled “Maintainance Server”any change in wg0.conf need stop the wg first, update the conf, and start again.
wg-quick down /etc/wireguard/wg0.confwg-quick up /etc/wireguard/wg0.conf