Amazon Linux WireGuard

Introduction

In this guide, we will explore WireGuard setup on Amazon Linux using Bash shell scripts. WireGuard is a modern VPN (Virtual Private Network) technology that aims to be faster, simpler, and more secure than traditional VPN protocols.

With WireGuard, you can create secure connections between multiple devices or networks over the internet. It provides a lightweight and efficient solution for establishing encrypted communication channels.

Prerequisites

To follow this guide, you need the following:

• An Amazon Linux instance with root access.
• Basic knowledge of Bash scripting and networking concepts.

Installation

1. Launch your Amazon Linux instance and connect to it via SSH.

2. Update the system packages:

sudo yum update -y

3. Install the required tools to build WireGuard:

sudo yum install -y kernel-headers kernel-devel

4. Download the WireGuard source code:

wget https://git.zx2c4.com/WireGuard/snapshot/WireGuard-X.XX.tar.xz

Replace X.XX with the desired version number of WireGuard.

5. Extract the source code:

tar -xf WireGuard-X.XX.tar.xz
cd WireGuard-X.XX

6. Compile and install WireGuard:

make
sudo make install

7. Load the WireGuard kernel module:

sudo modprobe wireguard

Configuration

1. Generate a key pair for the server:

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

2. Create a new WireGuard configuration file:

sudo vi /etc/wireguard/wg0.conf

3. Add the following content to the wg0.conf file:

[Interface]
PrivateKey = <server_private_key>
Address = <server_IP>/24
ListenPort = 51820

[Peer]
PublicKey = <client_public_key>
AllowedIPs = <client_IP>/32

Replace the <server_private_key>, <server_IP>, <client_public_key>, and <client_IP> with appropriate values.

4. Start the WireGuard interface:

sudo wg-quick up wg0

Usage

To use WireGuard, you need to configure it on both the server and client devices. The server will listen for incoming connections, while the client will initiate the connection.

1. On the server, configure the firewall to allow incoming WireGuard connections:

sudo firewall-cmd --add-port=51820/udp --permanent
sudo firewall-cmd --reload

2. On the client device, install WireGuard and configure the connection using the provided server public key, server IP, and client private key:

# Install WireGuard
sudo apt-get install -y wireguard

# Create client configuration file
sudo vi /etc/wireguard/wg0.conf

# Add the following content to the `wg0.conf` file
[Interface]
PrivateKey = <client_private_key>
Address = <client_IP>/24

[Peer]
PublicKey = <server_public_key>
Endpoint = <server_IP>:51820
AllowedIPs = 0.0.0.0/0, ::/0

Replace the <client_private_key>, <client_IP>, <server_public_key>, and <server_IP> with appropriate values.

3. Start the WireGuard interface on the client:

sudo wg-quick up wg0

Conclusion

Congratulations! You have successfully set up WireGuard on Amazon Linux using Bash shell scripts. With WireGuard, you can establish secure VPN connections between devices or networks. Make sure to customize the configuration according to your specific requirements.

Remember to keep your WireGuard configurations and keys secure, as they are crucial for maintaining the integrity and confidentiality of your VPN communications.

Happy wireguarding!