安装 wireguard
# apt -y install wireguard
配置 WireGuard
为服务器生成私钥
# umask 077
# wg genkey | tee /etc/wireguard/server.key
aF9igZqNzP684kXlpVW1Auz/VIXZhQcDE2bjZXmU91E=
为服务器生成公钥
# cat /etc/wireguard/server.key | wg pubkey | tee /etc/wireguard/server.pub
Zms+i90H02rwkXy8r7MtMj+kkUp3bRMnFEnY1g8BcHU=
为客户端生成私钥
# wg genkey | tee /etc/wireguard/client.key
uC9S19xwrXAd6xe9h3HX2jqG1OwTNcKryJWRevGzqUQ=
为客户端生成公钥
# cat /etc/wireguard/client.key | wg pubkey | tee /etc/wireguard/client.pub
qjM9+XjpArkUuZvUVGvQViD4YhXQMq7wz3zpVCRNogI=
wg0.conf
# vim /etc/wireguard/wg0.conf
[Interface]
# 指定为服务器生成的私钥
PrivateKey = aF9igZqNzP684kXlpVW1Auz/VIXZhQcDE2bjZXmU91E=
# VPN 接口的 IP 地址
Address = 10.10.10.1
# UDP 端口 WireGuard 服务器监听
ListenPort = 51820
# 可以在 WireGuard 启动/停止后设置任何命令
PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = echo 0 > /proc/sys/net/ipv4/ip_forward
[Peer]
# 为客户端指定公钥
PublicKey = qjM9+XjpArkUuZvUVGvQViD4YhXQMq7wz3zpVCRNogI=
# 你允许连接的客户端的VPN IP地址
# 可以指定子网⇒ [172.16.100.0/24]
AllowedIPs = 172.16.100.5, 172.16.100.6
运行服务
# systemctl start wg-quick@wg0
查看IP
# ip a
7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1372 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.10.10.1/32 scope global wg0
valid_lft forever preferred_lft forever
查看route
# ip route
default via 172.16.18.1 dev eth0 proto static
172.16.18.0/24 dev eth0 proto kernel scope link src 172.16.18.31
172.16.100.5 dev wg0 scope link
172.16.100.6 dev wg0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
WireGuard Client Windows
下载地址
https://download.wireguard.com/windows-client/wireguard-installer.exe
设置 Client Windows
wg0.conf
[Interface]
# 指定为客户端私钥
PrivateKey = uC9S19xwrXAd6xe9h3HX2jqG1OwTNcKryJWRevGzqUQ=
# VPN 接口的 IP 地址
Address = 172.16.100.5
[Peer]
# 服务器公钥
PublicKey = Zms+i90H02rwkXy8r7MtMj+kkUp3bRMnFEnY1g8BcHU=
# wg0 10.10.10.1
# eth0 172.16.0.0/16
AllowedIPs = 10.10.10.1, 172.16.0.0/16
EndPoint = xxxxxxx:51820
导入wg0.conf
查看client ip
参考文档
https://www.wireguard.com/install/