1、安装
sudo apt-get install wireguard
2、生成私钥和公钥
cd /etc/wireguard umask 077 wg genkey | tee server_privatekey | wg pubkey > server_publickey wg genkey | tee client_privatekey | wg pubkey > client_publickey
3、开启内核IP转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p
4、服务端配置文件生成
服务端配置路径:/etc/wireguard/wg0.conf
echo " [Interface] PrivateKey = $(cat server_privatekey) Address = 192.168.8.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 20000 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat client_publickey) AllowedIPs = 192.168.8.10/24 " > wg0.conf
备注:服务端私钥,IP地址,转发规则,监听端口,客户端公钥,允许连接的IP
5、客户端配置文件生成
客户端配置路径:/etc/wireguard/client.conf
echo " [Interface] PrivateKey = $(cat client_privatekey) Address = 192.168.8.10/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat server_publickey) Endpoint = 1.1.1.1:2000 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 " > client.conf
备注:客户端私钥,IP地址,服务端公钥,服务端IP和端口,允许连接的IP
6、启动
启动: wg-quick up wg0 systemctl start wg-quick@wg0 systemctl enable wg-quick@wg0 停止 wg-quick down wg0 systemctl stop wg-quick@wg0 systemctl disable wg-quick@wg0
7、查看连接状态
wg
标签:wg,iptables,配置,client,wireguard,wg0,quick,安装 From: https://www.cnblogs.com/wuhg/p/18344018