It looks like elrepo-release is in a normally disabled repo, so

yum install elrepo-release --enablerepo=clearos-centos-extras

yum-plugin-elrepo should theninstall from the elrepo repo.

Not an answer to your questions, but I was about to ask/make a feature request to add Wireguard to ClearOS.
Now that ubuntu 20.04 LTS will ship with Wireguard preinstalled, plus there are official apps provided to almost all platforms, I think it is a good time to have it integrated into ClearOS like OpenVPN.

We got it working. It turned out that ClearOS had installed a newer version of the kernel but since we hadn't rebooted the box in nearly 2 years it was still running on an old version while the WireGuard install was being built against the latest version installed. I simple reboot and everything worked as it should.

So you can just follow the centos install directions to install WireGuard. Just be sure you are actually running the same kernel as the latest installed LOL

Bob

I agree, please add WireGuard to ClearOS.

I've heard that WireGuard is a very lightweight protocol with low latency. High latency is what kills protocols like SMB. I'd like to see it in ClearOS.

Wayland Sothcott wrote:

I've heard that WireGuard is a very lightweight protocol with low latency. High latency is what kills protocols like SMB. I'd like to see it in ClearOS.

Are you having problems with SMB over OpenVPN?

There seem to be some advantages with Wireguard in terms of speed and speed of connection but there are also some technical disadvantages. It is not designed as an always on VPN, so, for example if your were supporting a remote worker, you may not be able to connect to him until he triggers the connection back to life. There is a workaround by making the clients send some sort of keep alive packet. Another issue is that if an encrption cypher needs to be updated, it has to be done on the client and server at the same time which gives you roll-out problems. In OpenVPN 2.4+ it is not an issue as the client and server negotiate a protocol, so you can add stronger protocols at one end before the other and they will keep using what they were using before until the other end is upgraded.

bsleys wrote:

We got it working. It turned out that ClearOS had installed a newer version of the kernel but since we hadn't rebooted the box in nearly 2 years it was still running on an old version while the WireGuard install was being built against the latest version installed. I simple reboot and everything worked as it should.

So you can just follow the centos install directions to install WireGuard. Just be sure you are actually running the same kernel as the latest installed LOL

Bob

Hi Bob,

if you wouldn't mind sharing, is there anything specific in getting ClearOS to work with Wireguard?
Today I tried from a clean installation of ClearOS 7.7 (then upgraded), and I followed the CentOS 7 section of the WG installation guide.

I was trying to set up my ClearOS as a client, as I already have servers and a couple other client working. I could make the ClearOS connect as a client to my WG server (which I can see handshakes/received/sent in wg show), and further I can see from my server the internet IP of my ClearOS box, which means the server could identify the ClearOS connection.

However, when I try to ping from ClearOS my WG server, it simply said: ping: sendmsg: Operation not permitted.
Nor could I ping my ClearOS client from my WG server. Both the client and WG server were rebooted a couple times.

When I try to ping from my ClearOS client to the WG server, it throws this:

ping: sendmsg: Operation not permitted

I have checked the wg config file on the client and everything looks correct (I copied from another working client, with changing the client IP and client private key)

Any advice is much appreciated.

Is there a howto install wireguard on clearOS 7.8? The centOS 7 way on https://www.wireguard.com/install/ does not work.

yum install kernel-plus wireguard-tools

fails with "kernel-plus not available".

First of all please update to ClearOS7.9 then try CentOS 7 method 2 from your link, but don't bother installing the epel repo as you already have a version of it. Note that you may get away without updating ClearOS as I think the "yum-plugin-elrepo" handles different versions of Centos/ClearOS correctly. Also be a little wary or leaving 3d party repos enabled.

I am not sure what firewalling you will need or how you add user credentials.

I tried 15 minutes determining the centOS version installed. There is no hint in the GUI. Instead I found a 9 years old ticket on this issue!!!!! Kernel is 3.10.
Anyway, since I installed it this week I guess I have the latest (community) edition.

On the topic: When I run

yum install kmod-wireguard wireguard-tools

it fails with

No package kmod-wireguard available.

by the way: I intend to run a majority of my services as docker but even wireguard as docker requires the kernel module on the host.

If you know where to look, it is easy. Webconfig > Reports > Performance and Resources > System Report. Or look in /etc/clearos-release. Kernel 3.10 is used for all versions of ClearOS7. It is the next bit which would tell me which version. 7.9 uses 3.10.0-1160.*.

When following method 2 you still need to install the elrepo repo and its plugin. Just not the epel repo.

When following method 2 you still need to install the elrepo repo and its plugin. Just not the epel repo.

yum install elrepo-release

ends with: No package elrepo-release available.

This works. Thanks! Wireguard is running. I guess this is worth writing up in an official howto. Wireguard is very popular and is even part of the linux kernel 5.10 ff.

I can do a HowTo to install it but have no idea how it runs. Don't you have to add users/credentials and do something with the firewall? If you can write that up then I'll create a howto.