I have a small server running Fedora 41.
I want to use it as a VPN (so I can access resources in my home country when abroad) using Wireguard.
Maybe this could help you Configure WireGuard VPNs with NetworkManager - Fedora Magazine
1 Like
Thanks, I’ll give it a shot.
On the server end you will be configuring each of the clients.
I set this up as a systemd service.
Let me know if you need examples of service and client config management tools.
That would be really great Barry,
I’m running it on a DO VPS after you recommended it to me some time ago - it has been very good!
I did move on from Gandi as a domian registrar after their prices went up significantly.
Cheers!
Will the magazine instrauction allow me to use the remote server in the same way that a VPN on say Mullvad would work - so that I can route my internet traffic from my PC and phone through it?
The article says “This article describes how to set up WireGuard between two peers: PeerA and PeerB.”
Last time I tried to set this up I could get a connection to the server, but not from there to the wider internet.
Routing all traffic requires to specify this in the client config:
AllowedIPs = 0.0.0.0/0, ::/0
Also you need to allow transit traffic on the server:
sudo nmcli connection modify WG_CON connection.zone internal
sudo nmcli connection up WG_CON
sudo firewall-cmd --set-default-zone=external
sudo firewall-cmd --permanent --zone=external --add-service=wireguard
sudo firewall-cmd --permanent --new-policy=internal-external
sudo firewall-cmd --permanent --policy=internal-external --add-ingress-zone=internal
sudo firewall-cmd --permanent --policy=internal-external --add-egress-zone=external
sudo firewall-cmd --permanent --policy=internal-external --set-target=ACCEPT
sudo firewall-cmd --reload
1 Like
I neglected to add, I also use this server as a web-host.
Is running a VPN with Wireguard compatible with hosting other non Wireguard peer services?
I have also found WireGuard VPN - Documentation and Chapter 8. Setting up a WireGuard VPN | Configuring and managing networking | Red Hat Enterprise Linux | 9 | Red Hat Documentation which look like decent tutorials.
Once I have this all sorted I will write up how I finally succeded 
Is this the same as enabling masquerading as done in Chapter 8. Setting up a WireGuard VPN | Configuring and managing networking | Red Hat Enterprise Linux | 9 | Red Hat Documentation ?
If so, and I use the masquerade method, do I also still need to set the AllowedIPs rule? And is the AllowedIPs rule in the server (my VPS) or the client (lets say my PC or phone)?
Not really, as you still need to create a policy to allow transit traffic.
IPv4 masquerading is enabled by default for the external zone.
Yes.
It should be the WireGuard client config for each client.
Yes.
1 Like
You may also need:
sudo sysctl -w net.ipv4.ip_forward=1
to forward packets beond the host you’re connecting to.
See Configure Linux IP Forwarding Easily for more info.
Ah yes, thank you, this is mentioned in the Rocky tutorial
Enable IP forwarding¶
IP forwarding allows the routing of packets between networks. This allows internal devices to communicate with each other through the WireGuard tunnel:
Turn on IP forwarding for IPv4 and IPv6:
sudo sysctl -w net.ipv4.ip_forward=1 && sudo sysctl -w net.ipv6.conf.all.forwarding=1