Wireguard setup

Rocky Linux General
1

Hi,
I am trying to setup WireGuard server on my Rocky Linux 9 however it is failing on:

# dnf install kmod-wireguard wireguard-tools
Last metadata expiration check: 0:00:34 ago on Thu 03 Nov 2022 10:01:46 GMT.
No match for argument: kmod-wireguard
Error: Unable to find a match: kmod-wireguard

I have elrepo installed.

1 Like
2

Hi,

That’s because kmod-wireguard is for Rocky 8. For Rocky 9, it’s not needed:

[root@rocky9 ~]# modprobe wireguard
[root@rocky9 ~]# lsmod | grep -i wireguard
wireguard              94208  0
libblake2s             16384  1 wireguard
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             24576  1 wireguard
curve25519_x86_64      36864  1 wireguard
libcurve25519_generic    49152  2 curve25519_x86_64,wireguard

that’s because default Rocky 9 5.14 kernel has wireguard already in it.

2 Likes
3

I am having issues with wireguard on Rocky 9 myself. I can get it to handshake and start the connection but I can’t get any data coming in.

internal (active)
  target: default
  icmp-block-inversion: no
  interfaces: wg0
  sources:
  services: cockpit dhcpv6-client mdns samba-client wireguard
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources:
  services: cockpit dhcpv6-client dns dns-over-tls http https ssh wireguard
  ports: 51820/udp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv6" source address="fdc0:7ec3:f1ff::/64" masquerade
        rule family="ipv4" source address="10.8.0.0/24" masquerade
4

Also I have made sure port forwarding is on in sysctl

5

I’ve had several issues with wireguard and masquerade with Rocky Linux. The connection just drops until I stop wireguard. I haven’t found a solution yet, just voicing my issues as well.

6

The people who are still having problems, are they using the module built-in to Rocky9?

7

Yes, no modifications made. Just install wireguard and go. Masquerade drops all connection for me. Take it out and it works flawlessly.

8

I am attempting to use the built in module yes. There seems to be some kind of SELinux issue, folks are writing guides now instructing people to disable it, which I will not be doing. I can use libreswan over IKEv2 if I have to though I am tiring of it.

9

hi mate
Try this:

  1. Run the following command in the terminal: sudo dnf install wireguard-tools
  2. When prompted for confirmation, type y and press enter to proceed.

The installation process will begin, and the WireGuard kernel module will be enabled on the server, along with the installation of the wireguard-tools.

For further information on how to set up the WireGuard server and clients, refer to https://server-tutorials.com/how-to-install-wireguard-vpn-on-rocky-linux-9/