I was wanting to get WireGuard working on ClearOs and ran into a problem loading the module due to security. Before I go to much further I was wondering if anyone else has this working or now and if so what did it take?
Thanks
Bob
Thanks
Bob
In VPN
Share this post:
Responses (14)
-
Accepted Answer
Not an answer to your questions, but I was about to ask/make a feature request to add Wireguard to ClearOS.
Now that ubuntu 20.04 LTS will ship with Wireguard preinstalled, plus there are official apps provided to almost all platforms, I think it is a good time to have it integrated into ClearOS like OpenVPN. -
Accepted Answer
We got it working. It turned out that ClearOS had installed a newer version of the kernel but since we hadn't rebooted the box in nearly 2 years it was still running on an old version while the WireGuard install was being built against the latest version installed. I simple reboot and everything worked as it should.
So you can just follow the centos install directions to install WireGuard. Just be sure you are actually running the same kernel as the latest installed LOL
Bob -
Accepted Answer
-
Accepted Answer
Wayland Sothcott wrote:
Are you having problems with SMB over OpenVPN?
I've heard that WireGuard is a very lightweight protocol with low latency. High latency is what kills protocols like SMB. I'd like to see it in ClearOS.
There seem to be some advantages with Wireguard in terms of speed and speed of connection but there are also some technical disadvantages. It is not designed as an always on VPN, so, for example if your were supporting a remote worker, you may not be able to connect to him until he triggers the connection back to life. There is a workaround by making the clients send some sort of keep alive packet. Another issue is that if an encrption cypher needs to be updated, it has to be done on the client and server at the same time which gives you roll-out problems. In OpenVPN 2.4+ it is not an issue as the client and server negotiate a protocol, so you can add stronger protocols at one end before the other and they will keep using what they were using before until the other end is upgraded. -
Accepted Answer
bsleys wrote:
We got it working. It turned out that ClearOS had installed a newer version of the kernel but since we hadn't rebooted the box in nearly 2 years it was still running on an old version while the WireGuard install was being built against the latest version installed. I simple reboot and everything worked as it should.
So you can just follow the centos install directions to install WireGuard. Just be sure you are actually running the same kernel as the latest installed LOL
Bob
Hi Bob,
if you wouldn't mind sharing, is there anything specific in getting ClearOS to work with Wireguard?
Today I tried from a clean installation of ClearOS 7.7 (then upgraded), and I followed the CentOS 7 section of the WG installation guide.
I was trying to set up my ClearOS as a client, as I already have servers and a couple other client working. I could make the ClearOS connect as a client to my WG server (which I can see handshakes/received/sent in wg show), and further I can see from my server the internet IP of my ClearOS box, which means the server could identify the ClearOS connection.
However, when I try to ping from ClearOS my WG server, it simply said: ping: sendmsg: Operation not permitted.
Nor could I ping my ClearOS client from my WG server. Both the client and WG server were rebooted a couple times.
When I try to ping from my ClearOS client to the WG server, it throws this:
ping: sendmsg: Operation not permitted
I have checked the wg config file on the client and everything looks correct (I copied from another working client, with changing the client IP and client private key)
Any advice is much appreciated. -
Accepted Answer
Is there a howto install wireguard on clearOS 7.8? The centOS 7 way on https://www.wireguard.com/install/ does not work.
fails with "kernel-plus not available".yum install kernel-plus wireguard-tools
-
Accepted Answer
First of all please update to ClearOS7.9 then try CentOS 7 method 2 from your link, but don't bother installing the epel repo as you already have a version of it. Note that you may get away without updating ClearOS as I think the "yum-plugin-elrepo" handles different versions of Centos/ClearOS correctly. Also be a little wary or leaving 3d party repos enabled.
I am not sure what firewalling you will need or how you add user credentials. -
Accepted Answer
I tried 15 minutes determining the centOS version installed. There is no hint in the GUI. Instead I found a 9 years old ticket on this issue!!!!! Kernel is 3.10.
Anyway, since I installed it this week I guess I have the latest (community) edition.
On the topic: When I run
it fails withyum install kmod-wireguard wireguard-tools
No package kmod-wireguard available.
by the way: I intend to run a majority of my services as docker but even wireguard as docker requires the kernel module on the host. -
Accepted Answer
If you know where to look, it is easy. Webconfig > Reports > Performance and Resources > System Report. Or look in /etc/clearos-release. Kernel 3.10 is used for all versions of ClearOS7. It is the next bit which would tell me which version. 7.9 uses 3.10.0-1160.*.
When following method 2 you still need to install the elrepo repo and its plugin. Just not the epel repo. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »