← Back to Blog

Setting Up WireGuard VPN on Oracle Linux 9

November 11, 2024
wireguardvpnoracle-linuxnetworking
Setting Up WireGuard VPN on Oracle Linux 9

WireGuard has quietly become my go-to VPN solution. It’s lean, fast, and the config fits on a napkin compared to OpenVPN. Here’s how to get it running on Oracle Linux 9.

Prerequisites

  • OL9 server with a public IP
  • Root or sudo access
  • Firewalld running (default on OL9)

Install WireGuard

WireGuard is in the EPEL repository on OL9:

sudo dnf install epel-release -y
sudo dnf install wireguard-tools -y

Generate Keys

# Server keys
wg genkey | tee /etc/wireguard/server_private.key | wg pubkey > /etc/wireguard/server_public.key

# Client keys
wg genkey | tee /etc/wireguard/client_private.key | wg pubkey > /etc/wireguard/client_public.key

Configure the Server

Create /etc/wireguard/wg0.conf:

[Interface]
Address    = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server_private_key>
PostUp     = firewall-cmd --add-masquerade
PostDown   = firewall-cmd --remove-masquerade

[Peer]
PublicKey  = <client_public_key>
AllowedIPs = 10.0.0.2/32

Open the Firewall Port

sudo firewall-cmd --permanent --add-port=51820/udp
sudo firewall-cmd --reload

Enable and Start

sudo systemctl enable --now wg-quick@wg0

That’s it. Check status with wg show. The whole setup takes about 10 minutes and you’ll have a modern, auditable VPN with a minimal attack surface.