wireguard 安装配置

1、安装

sudo apt-get install wireguard

2、生成私钥和公钥

cd /etc/wireguard
umask 077
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey

3、开启内核IP转发

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

4、服务端配置文件生成

服务端配置路径：/etc/wireguard/wg0.conf

echo "
[Interface]
PrivateKey = $(cat server_privatekey)
Address = 192.168.8.1/24
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 20000
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey =  $(cat client_publickey)
AllowedIPs = 192.168.8.10/24 " > wg0.conf

备注：服务端私钥，IP地址，转发规则，监听端口，客户端公钥，允许连接的IP

5、客户端配置文件生成

客户端配置路径：/etc/wireguard/client.conf

echo "
[Interface]
  PrivateKey = $(cat client_privatekey)
  Address = 192.168.8.10/24
  DNS = 8.8.8.8
  MTU = 1420
[Peer]
  PublicKey = $(cat server_publickey)
  Endpoint = 1.1.1.1:2000
  AllowedIPs = 0.0.0.0/0, ::0/0
  PersistentKeepalive = 25 " > client.conf

备注：客户端私钥，IP地址，服务端公钥，服务端IP和端口，允许连接的IP

6、启动

启动：
wg-quick  up wg0
systemctl start  wg-quick@wg0
systemctl enable wg-quick@wg0

停止
wg-quick  down wg0
systemctl stop     wg-quick@wg0
systemctl disable  wg-quick@wg0

7、查看连接状态

wg