server-peer
# 定义网络接口
[Interface]
# 定义wireguard的内网IP
Address = 10.10.10.1/24
# 内网转发规则,将数据包做MASQUERADE源地址转换,并通过eth0转发出去
# eth0根据实际情况修改,ifconfig可查看
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = iptables -A FORWARD -o %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# 在wireguard关闭时清除这些iptables转发规则
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# 定义固定监听端口,让主动连接的一方配置
ListenPort = 10240
PrivateKey = 4OkitX1lqS4fuB44c0cE55K1rNka7CMh8BG3vs40LU0=
# 定义peer
[Peer]
PublicKey = qcCY+K//y5i4voD0hYtR4do9hyG722Ht4F1OBUQADzY=
# 非常重要,AllowedIPs本质上是路由规则,表示目标地址为10.10.10.2的数据包都往该peer发送
# AllowedIPs支持列表,如AllowedIPs = 10.10.10.2/32,192.168.2.0/24
AllowedIPs = 10.10.10.2/32
client-peer
[Interface]
Address = 10.10.10.2/24
PrivateKey = ELxkrRlutZYgWgIGnqf61nvUWPZGUtYADrQisGHuu0U=
[Peer]
PublicKey = TSvjFnAIUoGi0t8OEk3hOuDth4WlOXNpA8AzGBvu/XI=
# 定义需要链接的服务端的IP和端口
Endpoint = www.hlooc.cn:10240
AllowedIPs = 10.10.10.1/32,172.19.47.0/24
密钥生成
wg genkey | tee wg-prikey | wg pubkey > wg-pubkey
标签:iptables,wg,10.2,AllowedIPs,配置,实时,wireguard,ACCEPT,10.10
From: https://www.cnblogs.com/hlooc/p/16913222.html