1、安装
sudo apt- install wireguard sudo apt install openresolv
2、生成私钥和公钥
cd /etc/wireguard umask 077wg genkey | tee server_privatekey | wg pubkey > server_publickey wg genkey | tee client_privatekey | wg pubkey > client_publickey
3、开启内核IP转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p
4、服务端配置文件生成
服务端配置路径:/etc/wireguard/wg0.conf
echo "[Interface] PrivateKey = $(cat server_privatekey) Address = 192.168.8.1/24PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 20000DNS = 8.8.8.8MTU = 1420[Peer] PublicKey = $(cat client_publickey) AllowedIPs = 192.168.8.10/24 " > wg0.conf
备注:服务端私钥,IP地址,转发规则,监听端口,客户端公钥,允许连接的IP
5、客户端配置文件生成
客户端配置路径:/etc/wireguard/client.conf
echo "[Interface] PrivateKey = $(cat client_privatekey) Address = 192.168.8.10/24 DNS = 8.8.8.8 MTU = 1420[Peer] PublicKey = $(cat server_publickey) Endpoint = 1.1.1.1:20000 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 " > client.conf
备注:客户端私钥,IP地址,服务端公钥,服务端IP和端口,允许连接的IP
6、启动
启动: wg-quick up wg0 systemctl start wg-quick@wg0 systemctl enable wg-quick@wg0 停止 wg-quick down wg0 systemctl stop wg-quick@wg0 systemctl disable wg-quick@wg0
7、查看连接状态
wg
8、客户端配置策略路由
[Interface] PrivateKey = IHFLezy/JAN2yCqcqrVh1ovmQJkoFR922pUhhROX7ms=Address = 10.66.88.2/32,fd42:42:42::2/128DNS = 1.1.1.1,1.0.0.1PostUp = ip rule add from 172.26.15.124 lookup main PreDown = ip rule delete from 172.26.15.124 lookup main [Peer] PublicKey = SFoA9jsCBSswFxF117ljTCjyTyhbam2BP+t+H75pVE8=PresharedKey = ust86oYT7axT0OHuM3wXzN84p46V+CPYecSJScPvzmM=Endpoint = 35.87.46.242:20087AllowedIPs = 0.0.0.0/0,::/0
支付宝微信扫一扫,打赏作者吧~本文链接:https://www.kinber.cn/post/5064.html 转载需授权!
推荐本站淘宝优惠价购买喜欢的宝贝:
您阅读本篇文章共花了: 
