Master WireGuard on Linux: Step-by-Step Installation, Kernel Tips, and One-Click Script
This guide explains WireGuard's strict kernel requirements, shows how to upgrade kernels on various Linux distributions, provides detailed commands for installing WireGuard on older kernels, and introduces a one‑click script that automates configuration, firewall adjustments, and client management.
Prerequisites
WireGuard requires matching kernel, kernel-devel and kernel-headers packages; on Red Hat/CentOS/Fedora the packages are kernel, kernel-devel, kernel-headers, while on Debian/Ubuntu they are kernel and linux-headers. Without all three only wireguard-tools is installed and the VPN will not work.
Since Linux 5.6 the kernel already contains WireGuard, so a system with kernel ≥ 5.6 only needs wireguard-tools (e.g. sudo apt install wireguard -y on Ubuntu 20.04).
Installing on older kernels
For apt‑based distributions you can skip kernel upgrade. For rpm‑based distributions (CentOS, etc.) the kernel must be upgraded via ELRepo:
$ rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
$ rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
$ yum --disablerepo=* --enablerepo=elrepo-kernel repolist
$ yum --disablerepo=* --enablerepo=elrepo-kernel install kernel-ml.x86_64 -y
$ yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y
$ yum --disablerepo=* --enablerepo=elrepo-kernel install kernel-ml-tools kernel-ml-devel kernel-ml-headers -y
$ grub2-editenv list
$ grub2-set-default 'CentOS Linux (5.7.2-1.el7.elrepo.x86_64) 7 (Core)'
$ reboot
$ uname -rWireGuard installation
After the kernel is ready, follow the official documentation or use the one‑click script from 秋水逸冰: /opt/wireguard.sh -s The script supports both source compilation and package installation, automatically creates a wg0 interface, generates client configs and QR‑code images, adjusts firewall rules, picks a random listening port (1024‑20480), and provides commands to add, delete, list clients, check version and upgrade to the latest release.
If you prefer manual configuration, remove the auto‑generated files with rm -rf /etc/wireguard/* and generate keys and config files yourself (see “WireGuard 的搭建使用与配置详解”).
For a web UI you can try Wg Gen Web: https://github.com/vx3r/wg-gen-web.
References
https://www.wireguard.com/install/
https://fuckcloudnative.io/posts/wireguard-docs-practice/
https://github.com/vx3r/wg-gen-web
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.