首页 > 其他分享 >wireguard配置实时

wireguard配置实时

时间:2022-11-21 21:13:29浏览次数:55  
标签:iptables wg 10.2 AllowedIPs 配置 实时 wireguard ACCEPT 10.10

server-peer

# 定义网络接口
[Interface]
# 定义wireguard的内网IP
Address = 10.10.10.1/24
# 内网转发规则,将数据包做MASQUERADE源地址转换,并通过eth0转发出去
# eth0根据实际情况修改,ifconfig可查看
PostUp   = iptables -A FORWARD -i %i -j ACCEPT
PostUp   = iptables -A FORWARD -o %i -j ACCEPT
PostUp   = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# 在wireguard关闭时清除这些iptables转发规则
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
# 定义固定监听端口,让主动连接的一方配置
ListenPort = 10240 
PrivateKey = 4OkitX1lqS4fuB44c0cE55K1rNka7CMh8BG3vs40LU0=

# 定义peer
[Peer]
PublicKey = qcCY+K//y5i4voD0hYtR4do9hyG722Ht4F1OBUQADzY=
# 非常重要,AllowedIPs本质上是路由规则,表示目标地址为10.10.10.2的数据包都往该peer发送
# AllowedIPs支持列表,如AllowedIPs = 10.10.10.2/32,192.168.2.0/24
AllowedIPs = 10.10.10.2/32

client-peer

[Interface]
Address = 10.10.10.2/24
PrivateKey = ELxkrRlutZYgWgIGnqf61nvUWPZGUtYADrQisGHuu0U=

[Peer]
PublicKey = TSvjFnAIUoGi0t8OEk3hOuDth4WlOXNpA8AzGBvu/XI=
# 定义需要链接的服务端的IP和端口
Endpoint = www.hlooc.cn:10240
AllowedIPs = 10.10.10.1/32,172.19.47.0/24

密钥生成

wg genkey | tee wg-prikey | wg pubkey > wg-pubkey

标签:iptables,wg,10.2,AllowedIPs,配置,实时,wireguard,ACCEPT,10.10
From: https://www.cnblogs.com/hlooc/p/16913222.html

相关文章