Wireguard

General support questions
Post Reply
northpoint
Posts: 101
Joined: 2016/05/23 11:57:12

Wireguard

Post by northpoint » 2020/09/05 17:19:29

Hello,

Just want to ask if anyone here has tested or using wireguard as a VPN?

I have a client that has two physical locations about 20 miles apart and are interested in me setting up a vpn for file access. I have heard good things about it and curious if anyone has it up and running and what your thoughts are?

I do openvpn right now for clients but thinking of making the switch because they say its much better in a lot of areas and easier to setup. This usually involves a Centos7 server with shares to windows 10 clients.

Thank you,

EDIT: spelling mistakes :)
Ryzen x1800 * Asus x370 Pro * CentOS 7.4 64bit / Icewarp /

User avatar
TrevorH
Forum Moderator
Posts: 29493
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Wireguard

Post by TrevorH » 2020/09/05 17:47:58

You can find kmod-wireguard packages in ELRepo for 7 and 8. The wireguard-tools package is in EPEL.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
toracat
Forum Moderator
Posts: 7444
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Wireguard

Post by toracat » 2020/09/07 04:22:09

There is yet another option for CentOS-7 users. The centosplus kernel, kernel-plus, now has wireguard built-in.
CentOS Forum FAQ

northpoint
Posts: 101
Joined: 2016/05/23 11:57:12

Re: Wireguard

Post by northpoint » 2020/09/12 14:15:19

I apologize for answering late here. Been a busy week with work.

Thank you very much for the replies. I am going to deploy wireguard for a client of mine for access to some files via remote.

I understand that bandwidth usage is much better than Openvpn which I have used on other clients. This is kinda a big plus for my clients as I think Openvpn used only 30% because of 'overhead' or something like that. Anyways, I was wondering originally what are the thoughts on this from those already using it. I also understand setup is a lot easier too.

Thank you,

Northpoint
Ryzen x1800 * Asus x370 Pro * CentOS 7.4 64bit / Icewarp /

User avatar
toracat
Forum Moderator
Posts: 7444
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: Wireguard

Post by toracat » 2020/09/12 15:51:34

Please keep us posted. Let us know which option you have used.
CentOS Forum FAQ

User avatar
TrevorH
Forum Moderator
Posts: 29493
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Wireguard

Post by TrevorH » 2020/09/12 16:15:07

I just spotted your other post and you will need to update to 7.8 to run wireguard as the kernel module is not available for your ancient release.

Update. Stay updated.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

northpoint
Posts: 101
Joined: 2016/05/23 11:57:12

Re: Wireguard

Post by northpoint » 2020/09/12 16:22:58

Ok, I will update when I get this sorted out.

Thank you all for the replies.
Ryzen x1800 * Asus x370 Pro * CentOS 7.4 64bit / Icewarp /

northpoint
Posts: 101
Joined: 2016/05/23 11:57:12

Re: Wireguard

Post by northpoint » 2020/09/12 20:59:56

Update:

I am using Nyr's bash script to setup wireguard. He has two really nice scripts - one for Openvpn and then the wireguard one that I am using.

Code: Select all

wget https://git.io/wireguard -O wireguard-install.sh && bash wireguard-install.sh
This sets up wireguard as a module for the kernel and seems to work with the kernel now being used at my clients. I do believe they are on the 3.x kernel for Centos 7.8.

Here is the installed packages:

Code: Select all

Installed:
  kmod-wireguard.x86_64 8:1.0.20200908-1.el7_8.elrepo                      qrencode.x86_64 0:3.4.1-3.el7                     
  wireguard-tools.x86_64 0:1.0.20200513-1.el7                             

Dependency Installed:
  python3.x86_64 0:3.6.8-13.el7                 python3-libs.x86_64 0:3.6.8-13.el7     python3-pip.noarch 0:9.0.3-7.el7_7    
  python3-setuptools.noarch 0:39.2.0-10.el7 
Here is the network interface it setup:

Code: Select all

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet XX.X.X.X  netmask 255.255.255.0  destination XX.X.X.X
        inet6 XXXX::XXXX:XXXX:XXXX:XXXX  prefixlen 64  scopeid 0x20<link>
        inet6 XXXX:XXX:XXX:XXX::X prefixlen 64  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Each time you run the script you can choose from several options - Add a User, Remove Installation ect.. Adding a user produces a config file stored in /root for each user. Wireguard has a windows client for setting up the road warrior. Just have to load the config file in it and turn it on.


I have gone as far as I can right now because I have to open up the port and setup port forwarding on the comcast modem. I need to contact the client for their credentials for that.
Ryzen x1800 * Asus x370 Pro * CentOS 7.4 64bit / Icewarp /

gostal
Posts: 46
Joined: 2019/09/23 15:26:45

Re: Wireguard

Post by gostal » 2020/09/17 10:25:48

northpoint wrote:
2020/09/12 14:15:19
...
I understand that bandwidth usage is much better than Openvpn which I have used on other clients. ...
This is what is claimed but in my opinion it is debatable. I have tried using a wireguard client on Linux Mint but it's really slow, not good at all compared to OpenVPN despite the apparent simplicity. On windows 7 and 10 clients it's really good though. There have been some updates lately which may have impact on the Linux client side but I have not implemented yet so I don't know. It may be that this issue is not relevant anymore. I have asked my service provider as it may be down to some server missconfiguration but so far no answer.
Desktop Dell T5810 Intel(R) Xeon(R) CPU E5-1650 v4 @ 3.60GHz, 72 GB RAM, Radeon Pro WX 7100
CentOS 7.8.2003

northpoint
Posts: 101
Joined: 2016/05/23 11:57:12

Re: Wireguard

Post by northpoint » 2020/09/17 11:05:08

gostal wrote:
2020/09/17 10:25:48
northpoint wrote:
2020/09/12 14:15:19
...
I understand that bandwidth usage is much better than Openvpn which I have used on other clients. ...
This is what is claimed but in my opinion it is debatable. I have tried using a wireguard client on Linux Mint but it's really slow, not good at all compared to OpenVPN despite the apparent simplicity. On windows 7 and 10 clients it's really good though. There have been some updates lately which may have impact on the Linux client side but I have not implemented yet so I don't know. It may be that this issue is not relevant anymore. I have asked my service provider as it may be down to some server missconfiguration but so far no answer.
Im not sure but I think I read somewhere that running wireguard in user space will not be as fast as running it directly from the kernel. Dont quote me on that though.

I have not had a chance to finish up the install. I am stuck at getting their ISP to open up the ports on the modem. Havent moved on that because work is backing up a bit. Hopefully tomorrow I can talk to their ISP and see if the modem can be put in bridge mode or what ever.

Thanks
Ryzen x1800 * Asus x370 Pro * CentOS 7.4 64bit / Icewarp /

Post Reply

Return to “CentOS 7 - General Support”