526互联

ubuntu 22.04 部署 wireguard

发布时间 2023-04-04 15:26:08作者: 小吉猫

安装 wireguard

# apt -y install wireguard

配置 WireGuard

为服务器生成私钥

# umask 077
# wg genkey | tee /etc/wireguard/server.key
aF9igZqNzP684kXlpVW1Auz/VIXZhQcDE2bjZXmU91E=

为服务器生成公钥

# cat /etc/wireguard/server.key | wg pubkey | tee /etc/wireguard/server.pub
Zms+i90H02rwkXy8r7MtMj+kkUp3bRMnFEnY1g8BcHU=

为客户端生成私钥

# wg genkey | tee /etc/wireguard/client.key
uC9S19xwrXAd6xe9h3HX2jqG1OwTNcKryJWRevGzqUQ=

为客户端生成公钥

# cat /etc/wireguard/client.key | wg pubkey | tee /etc/wireguard/client.pub
qjM9+XjpArkUuZvUVGvQViD4YhXQMq7wz3zpVCRNogI=

wg0.conf

# vim /etc/wireguard/wg0.conf
[Interface]
# 指定为服务器生成的私钥
PrivateKey = aF9igZqNzP684kXlpVW1Auz/VIXZhQcDE2bjZXmU91E= 
# VPN 接口的 IP 地址
Address = 10.10.10.1 
# UDP 端口 WireGuard 服务器监听
ListenPort = 51820 
# 可以在 WireGuard 启动/停止后设置任何命令
PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
PostUp = ufw route allow in on wg0 out on eth0
PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

PreDown = ufw route delete allow in on wg0 out on eth0
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = echo 0 > /proc/sys/net/ipv4/ip_forward

[Peer] 
# 为客户端指定公钥
PublicKey = qjM9+XjpArkUuZvUVGvQViD4YhXQMq7wz3zpVCRNogI=
# 你允许连接的客户端的VPN IP地址
# 可以指定子网⇒ [172.16.100.0/24] 
AllowedIPs = 172.16.100.5, 172.16.100.6

运行服务

# systemctl start wg-quick@wg0

查看IP

# ip a
7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1372 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.10.10.1/32 scope global wg0
       valid_lft forever preferred_lft forever

查看route

# ip route
default via 172.16.18.1 dev eth0 proto static 
172.16.18.0/24 dev eth0 proto kernel scope link src 172.16.18.31 
172.16.100.5 dev wg0 scope link 
172.16.100.6 dev wg0 scope link 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown

WireGuard Client Windows

下载地址

https://download.wireguard.com/windows-client/wireguard-installer.exe

设置 Client Windows

wg0.conf

[Interface]
# 指定为客户端私钥
PrivateKey = uC9S19xwrXAd6xe9h3HX2jqG1OwTNcKryJWRevGzqUQ= 
# VPN 接口的 IP 地址
Address = 172.16.100.5

[Peer] 
# 服务器公钥
PublicKey = Zms+i90H02rwkXy8r7MtMj+kkUp3bRMnFEnY1g8BcHU=
# wg0 10.10.10.1
# eth0  172.16.0.0/16
AllowedIPs = 10.10.10.1, 172.16.0.0/16
EndPoint = xxxxxxx:51820

导入wg0.conf

查看client ip

参考文档

https://www.wireguard.com/install/