How to Set Up WireGuard VPN on CentOS 7

Wireguard is a fast and modern VPN that is used as an alternative to the old OpenVPN. The main advantages they claim are ease of use, very high performance, good definition and the fact that they require few lines of code compared to other solutions.

The way it works is to add a network interface like eth0 or wlan0, called wg0, which can then be manually configured with ifconfig or an IP address like any other interface. The packets are then encrypted with private key pairs and sent via UDP to the VPN server.

This guide shows you how to configure Wireguard on a machine with CentOS 7.


  • Server with CentOS 7
  • We recommend acting as a non-root user sudo. If you haven’t made one yet, we’ll guide you through the steps below.

Create non-root user sudo

You must first add a user:

veduser {username}

Then create a password for the new user:


Finally, add the user to the wheel group to have access to sudo.

gpasswd wheel -a {username}

Figure 1 Creating a rootless user

Installation of the safety net

First of all, we make sure everything is up to date (this may take some time):

sudo yum -y update

If you don’t mind, Wireguard can be installed with the following two commands:

sudo yum install epel-release elrepo-release -y
sudo yum install kmod-wireguard wire shield -y

Protection device adaptation

First you need to create a private and public key pair to use the server. This allows peer clients to encrypt their messages with a public key that only the server can decrypt, since only the server has the corresponding private key. For more information on asymmetric encryption, visit ……….

Switch to the listener’s phonebook :

sudo su ( to get root access, because the command sudo cd does not work)
cd /etc/wireguard

Generate keys with wg genkey and then pass the generated private key to the wg pubkey command with the tee command so that it generates a corresponding public key and stores it under the name publickey.

wg genkey | tee privatekey | wg pubkey > publickey

You should now have 2 files in the folder named privatekey and publickey.

Figure 2 – Creation of a private and public key pair

The next step is to create the configuration file for Wireguard and open the file in your favorite word processor:

If you want to use a nano, install it with :


Then create a file named wg0 and open it with the following command :

nano / etc. / explore / wg0.conf

You can then copy the configurations below. In Nano, you can right-click and paste Ctrl+X, then y to save and close. Make the necessary changes:

  • YOUR_INTERFACE_NAME must be the name of the web interface that accesses the Internet on the server. To check this, use the command :

Figure 3 – Result of the ip a command

The interface you will use will have your public IP address. In this case, it would be eth0.

  • YOUR_PRIVATE_KEY must be the text of the previously generated private key file. You can use the chat’s private key to copy and paste the text.
  • CLIENT_PUBLIC_KEY is the public key of CLIENT. It hasn’t been generated yet, but we’ll talk about it in the next section. Leave this room empty for now.

Interface] Address =
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT ; iptables -t wet -A POSTROUTING -o YOUR_INTERFACE_NAME -j MASQUERADE ; ip6tables -A FORWARD -i wg0 -j ACCEPT ; ip6tables -t wet -A POSTROUTING -o YOUR_INTERFACE_NAME -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT ; iptables -t wet -D POSTROUTING -o YOUR_INTERFACE_NAME -j MASQUERADE ; ip6tables -D FORWARD -i wg0 -j ACCEPT ; ip6tables -t wet -D POSTROUTING -o YOUR_INTERFACE_NAME -j MASQUERADE
ListenPort = 51820

Allowed IPs =

It has to look like this:

Figure 4 – Creation of the wire configuration file

Now you can get out of Sado mode:


Make sure the firewall does not block the vps port. This opens port 51820, which we have previously configured in wg0.conf to accept UDP packets:

sudo iptables – INPUT 1 -p udp – dport 51820 -j PRINCIPLE

To keep it stable after a restart:

sudo yum iptables install iptables services
sudo service iptables save
sudo systemctl enable iptables

Don’t forget to enable IPv4 and IPv6 transmission. To do this, you run a race:

sudo nano /etc/sysctl.conf

and add the following lines:


Client configuration

In order to configure the customer, we need to perform some of the steps that have been done for the :

Install the safety screen first. If the customer is a CentOS machine, follow the same commands as above. We will use the Windows 10 machine as an example client. The list of installation files can be found on the official Wireguard installation page, including the Windows file.

Then the client also needs a private and public key pair. You can generate them as before or, if you use a platform like Windows, the Wireguard client will generate them for you automatically. In our case, a Windows client was used and the keys were generated automatically:

In the application, click on the Add tunnel arrow at the bottom and select Add empty tunnel. Give him a name.

WireGuard client configuration

Figure 5. Wired protection for Windows

Once you have the keys, all you need is an updated configuration file, which you can copy and paste into the following extract. Be aware of this:

  • CLIENT_PRIVATE_KEY is a private key generated for the customer.
  • SERVER_PUBLIC_KEY is a public key previously generated on the server, you need to copy it to this file.
  • SERVER_IP is the public network IP address for your server. You can check this by executing the ifconfig command on Linux or ipconfig on Windows.

Address =

Endpoint = SERVER_IP:51820
AllowedIPs = 0.0.0/0, ::/0

Call termination server Installation

Now that the client has been successfully configured, we return to the server to complete the installation.

Copy the customer’s public key and replace CLIENT_PUBLIC_KEY with it in /etc/wireguard/wireg0.conf.

Activate the VPN WireGuard :

sudo wg-quick up wg0

If this does not work, restart the device and try again:


To support them after a restart, you must activate the wg service:

Switch on sudo systemctl [email protected]

If for some reason you have made an error in the server configuration file and need to change it, you can :

sudo wg-fast down wg0
sudo wg-fast up wg0

The server will then restart with the new configurations.

Finally, make sure that your VPS port 51820 is open for UDP connections.

You can check if everything works by searching What my IP in Google and checking if it matches the public IP of the VPN server.


That’s it! You have successfully configured the VPS Wireguard on your CentOS 7 machine!

I hope this tutorial has been useful, check out our other tutorials on other interesting Linux-related topics!

Related Tags:

loading speed user experience,ux page loading times,website response times,ux waiting time,loading states ux,limits for feeling of instantaneous reaction,how to speed up web page loading time,how to increase website speed wordpress,how to open any website faster,how to improve backend performance,speed up php,how to reduce page load time in javascript,how to make web page load smoothly,accelerating in website,how to make website load faster wordpress,how to make web pages load faster in chrome,shopify stock performance,hyperspeed shopify,first contentful paint shopify,semrush shopify,shopify page speed app,reduce the impact of third-party code shopify,format of web design,web designing crash tips,website design tips 2020,what is an ideal website,tips for designing a website homepage,points to remember while designing a website,how to improve website loading speed,website optimization tips,why website speed matters,how to make wordpress site faster,speed index wordpress,website speed test,what tools are available to measure speed and performance of static page?,how to make web pages load faster,how to reduce loading time of website in php,how to reduce load time of a dynamic website