Wireguard support in Nethserver 7

The repo is back up and working again.

Wanted to try from mobile but I have to come back later :disappointed_relieved:

Server seems to work but on client I get:

[root@testvm2 wireguard]# wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to get device: Protocol not supported

Server:

[root@testserver wireguard]# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip address add 10.0.0.1/24 dev wg0
[#] ip link set mtu 1420 dev wg0
[#] ip link set wg0 up
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3
[root@testserver wireguard]# ifconfig
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.0.0.1  netmask 255.255.255.0  destination 10.0.0.1
        inet6 fe80::6175:2002:5bdf:7d00  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 3  dropped 0 overruns 0  carrier 0  collisions 0

Configuration steps:

# Download jdoss wireguard repo
curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo

# Install wireguard
yum -y install wireguard-dkms wireguard-tools

# Enable IP forward if not enabled
grep -qF "net.ipv4.ip_forward=1" "/etc/sysctl.conf" || echo "net.ipv4.ip_forward=1" >> "/etc/sysctl.conf"
sysctl -p

# Create wireguard dirs and keys
mkdir /etc/wireguard
cd /etc/wireguard
wg genkey | tee server-private.key | wg pubkey > server-public.key
wg genkey | tee client-private.key | wg pubkey > client-public.key

# Server conf
address=192.168.77.1/24
port=51820
interface=ens33
privatekey=$(cat /etc/wireguard/server-private.key)
publickey=$(cat /etc/wireguard/client-public.key)
allowedips=192.168.77.0/24
printf "[Interface]\nAddress = $address\nListenPort = $port\nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $interface -j MASQUERADE\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D  POSTROUTING -o $interface -j MASQUERADE\nPrivateKey = $privatekey\nSaveConfig = true\n\n[Peer]\nPublicKey = $publickey\nAllowedIPs = $allowedips\n" > /etc/wireguard/wg0.conf

# Client conf
address=192.168.77.2/24
port=51820
interface=ens33
privatekey=$(cat /etc/wireguard/client-private.key)
publickey=$(cat /etc/wireguard/server-public.key)
allowedips=0.0.0.0/0
publicvpnip=1.2.3.4
printf "[Interface]\nAddress = $address\nListenPort = $port\nPostUp = echo UP\nPostDown = echo DOWN\nPrivateKey = $privatekey\nSaveConfig = true\n\n[Peer]\nPublicKey = $publickey\nAllowedIPs = $allowedips\nEndpoint = $publicvpnip:$port\n" > /etc/wireguard/wg1.conf

# Set permissions
chmod 700 server-*.key *.conf

# Firewall config
config set fw_wireguard service TCPPort 51820 access green,red status enabled
signal-event firewall-adjust

# Start up wireguard
wg-quick up wg0