Can I install wireguard on freepbx

robertkwild · September 18, 2021, 11:05pm

Hi all,

Can I install wireguard server on my freepbx server as the os is running centos 7?

Thanks,
Rob

dicko · September 18, 2021, 11:10pm

Of course, but you are “off the reservation”

robertkwild · September 19, 2021, 7:32am

What do you mean off the reservation @dicko

lgaetz · September 19, 2021, 4:00pm

He means that your follow up question is now:

For anyone who has installed wireguard on FreePBX Distro version xxxx, is there anything to watch out for?

robertkwild · September 19, 2021, 4:19pm

I will let you know if I need to install wireguard on the freepbx server and gwt back to you guys and let you know

sholinaty · September 28, 2021, 3:14pm

i believe effectively, this boils down to:

“you can do whatever you want, its your server. but once you have a non-standard implementation, support and troubleshooting gets harder or not supported”

JonNJ · October 1, 2021, 3:44am

I have wireguard installed on my PBX and it works great. The problem was figuring out how to do it.

I first tried installing from the elrepo repository but I ran into dependency problems. I think the kernel is too old but I didn’t really feel like trying to figure it out.

Next I tried installing from source. https://www.wireguard.com/compilation/ and I ran into two problems.

The build folder is missing. This can be fixed using “ln -s /usr/src/kernels/$(uname -r) /lib/modules/$(uname -r)/build”.
There was a compile error in socket.c. After some googling I found out there is a problem in “wireguard-linux-compat/src/compat/compat.h” lines 92-96 where it checks the kernel version. I just commented out the “#if/#elif/#endif” so that the “elif” section is always executed. (Once again I was too lazy to try to figure out what was going wrong here.)

After you finish compile/install you need to ensure that the module is loaded after a reboot. Create /etc/modules-load.d/wireguard.conf:

# Load wireguard.ko at boot
wireguard

Make sure you enable the service:

systemctl enable [email protected]

Create your wg0.conf file and you should be able to start the service wg0. There may be a better way to do this, but this was what I came up with. Hope it helps.

dicko · October 1, 2021, 4:22am

You definitely earned your wampum!

JonNJ · October 1, 2021, 4:25am

I should also have mentioned, you need to open the port in the firewall. Connectivity | Firewall | Services | Custom Services | Create New Service (UDP). Be sure that both Internet and Local are highlighted.

Add the network CIDR (eg x.x.x.x/24 Trusted) in Connectivity | Firewall | Networks.

dicko · October 1, 2021, 4:29am

UDP/51820 unless otherwise specified in your config file

system · November 1, 2021, 4:43am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.