Can I install wireguard on freepbx


(Robert Wild) #1

Hi all,

Can I install wireguard server on my freepbx server as the os is running centos 7?

Thanks,
Rob


#2

Of course, but you are “off the reservation”


(Robert Wild) #3

What do you mean off the reservation @dicko


(Lorne Gaetz) #4

He means that your follow up question is now:

For anyone who has installed wireguard on FreePBX Distro version xxxx, is there anything to watch out for?


(Robert Wild) #5

I will let you know if I need to install wireguard on the freepbx server and gwt back to you guys and let you know :blush:


(Sholinaty) #6

i believe effectively, this boils down to:

“you can do whatever you want, its your server. but once you have a non-standard implementation, support and troubleshooting gets harder or not supported”


(Jon Nj) #7

I have wireguard installed on my PBX and it works great. The problem was figuring out how to do it.

I first tried installing from the elrepo repository but I ran into dependency problems. I think the kernel is too old but I didn’t really feel like trying to figure it out.

Next I tried installing from source. https://www.wireguard.com/compilation/ and I ran into two problems.

  1. The build folder is missing. This can be fixed using “ln -s /usr/src/kernels/$(uname -r) /lib/modules/$(uname -r)/build”.
  2. There was a compile error in socket.c. After some googling I found out there is a problem in “wireguard-linux-compat/src/compat/compat.h” lines 92-96 where it checks the kernel version. I just commented out the “#if/#elif/#endif” so that the “elif” section is always executed. (Once again I was too lazy to try to figure out what was going wrong here.)

After you finish compile/install you need to ensure that the module is loaded after a reboot. Create /etc/modules-load.d/wireguard.conf:

# Load wireguard.ko at boot
wireguard

Make sure you enable the service:

systemctl enable [email protected]

Create your wg0.conf file and you should be able to start the service wg0. There may be a better way to do this, but this was what I came up with. Hope it helps.


#8

You definitely earned your wampum!


(Jon Nj) #9

I should also have mentioned, you need to open the port in the firewall. Connectivity | Firewall | Services | Custom Services | Create New Service (UDP). Be sure that both Internet and Local are highlighted.

Add the network CIDR (eg x.x.x.x/24 Trusted) in Connectivity | Firewall | Networks.


#10

UDP/51820 unless otherwise specified in your config file