WireGuard is not designed for censorship circumvention. Nevertheless, because it is new, it may not yet be blocked by censorship firewalls.
SSH, PuTTY, or Xshell into your server. Get the server up to date. On CentOS:
yum update -y
On Debian or Ubuntu:
apt upgrade -y
Download the Angristan WireGuard install script from GitHub. On CentOS, you may need to do
yum install wget before this will work.
Set the execution bit.
chmod +x wireguard-install.sh
Run the script.
Accept the defaults unless you have some reason to change them. For example, on a NAT IPv4 server, you’ll need to use one of your 20 allocated ports as the server’s WireGuard port. Or you may have pre-opened a certain port for WireGuard in your firewall.
I need to ask you a few questions before starting the setup. You can leave the default options and just press enter if you are ok with them.
IPv4 or IPv6 public address: YY.YY.YY.YY
Public interface: eth0
WireGuard interface name: wg0
Server's WireGuard IPv4: 10.66.66.1
Server's WireGuard IPv6: fd42:42:42::1
Server's WireGuard port [1-65535]: 63978
First DNS resolver to use for the clients: 220.127.116.11
Second DNS resolver to use for the clients (optional): 18.104.22.168
Okay, that was all I needed. We are ready to setup your WireGuard server now. You will be able to generate a client at the end of the installation. Press any key to continue...
The script installs software for a couple of minutes. Then it asks you to name the first client. You can call the client something like
windows. The actual name is up to you.
Tell me a name for the client. The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: windows
Client's WireGuard IPv4: 10.66.66.2
Client's WireGuard IPv6: fd42:42:42::2
wg0-client-windows.conf will be created, containing the configuration for your client. Copy the contents of that file to your Windows clipboard.
The script has stored the server’s WireGuard configuration in
/etc/wireguard/wg0.conf. This file includes the IP masquerading rules for
firewalld. The script has also created a systemd service file named
/lib/systemd/system/wg-quick@.service. You can check the status of the service with the command:
systemctl status wg-quick@wg0
Download the WireGuard for Windows client installer from the WireGuard site. Run the installer.
After the install is done, launch WireGuard.
- Click Add Tunnel >Add empty tunnel.
- Give the tunnel a name.
- Replace the contents of the tunnel definition with the contents of your
wg0-client-windows.conffile from the server.
- Click Save.
- Click Activate.
Now open a browser and surf the web over your VPN.
systemctl status wg-quick@wg0 shows
Error: Unknown device type. There are various solutions. The solution that worked for me came from Meer-Web. Start with the command:
If it returns a result like this:
modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.18.0-193.14.2.el8_2.x86_64
Then proceed with this solution. Get the version number:
We will use as an example
1.0.20200729. Substitute your version number into the commands that follow:
dkms build wireguard/1.0.20200729
dkms install wireguard/1.0.20200729
The last command no longer returns an error. So continue:
systemctl restart wg-quick@wg0
systemctl status wg-quick@wg0