How to install WireGuard on Amazon Linux 2
Amazon Linux 2 doesn't have WireGuard packaged yet, nevertheless, installing it is possible: the official install page lists this resource as location for Fedora ≤ 31 packages. Among additional repository sources that page lists "Epel for CentOS 7", this is the one working for Amazon Linux 2:
curl -L -o /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
yum install wireguard-dkms wireguard-tools
Save your configuration to /etc/wireguard/wg0.conf
(quickstart guide), make sure it's readable only by root user.
Enable automatic configuration for wg0 interface upon network availability:
systemctl enable wg-quick@wg0.service
Either reboot, or manually configure interface with wg-quick up wg0
.
Configuring forwarding
Server can also be used to access other resources. It requires ip forwarding to do this:
sysctl net.ipv4.conf.all.forwarding=1 | tee -a /etc/sysctl.d/forwarding.conf
And a firewall rule to rewrite packet addresses when they leave the box:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
And to persist firewall rules:
yum install iptables-services
iptables-save | tee /etc/sysconfig/iptables
systemctl enable iptables