Wireguard:修订间差异
跳到导航
跳到搜索
(→启动) |
(→客户端) |
||
| 第90行: | 第90行: | ||
=== 客户端 === | === 客户端 === | ||
[https://www.wireguard.com/install/ Windows 下载](Mac/IOS 从 App Store 下载) wireguard,扫描二维码或导入从服务端创建的客户端文件即可。 | [https://www.wireguard.com/install/ Windows 下载](Mac/IOS 从 App Store 下载) wireguard,扫描二维码或导入从服务端创建的客户端文件即可。 | ||
=== Error === | |||
==== Warning: ?? is world accessible ==== | |||
This means that the configuration file permissions are too broad - and they shouldn’t, as there’s a private key in there. This can be fixed with | |||
chmod 600 /etc/wireguard/wg0.conf | |||
[[分类:Develop]] | [[分类:Develop]] | ||
[[分类:Platform]] | [[分类:Platform]] | ||
[[分类:Linux]] | [[分类:Linux]] | ||
2024年12月9日 (一) 13:29的版本
WireGuard 是一种实现加密虚拟专用网络(VPN)的通信协议和免费开源软件,通过 UDP 传递流量,旨在比 IPsec 和 OpenVPN 这两种常见的隧道协议具有更好的性能和更强大的功能,其设计目标是易于使用、高速性能和低攻击面;
服务端
0. Sys Conf
# /etc/sysctl.conf net.ipv4.ip_forward = 1
wireguard
apt install wireguard
2. 生成秘钥对
wg genkey | tee server_privatekey | wg pubkey > server_publickey wg genkey | tee u01_privatekey | wg pubkey > u01_publickey wg genkey | tee u02_privatekey | wg pubkey > u02_publickey
3. 配置文件生成
服务配置
# Server: /etc/wireguard/wg0.conf
serverip=$(curl ipv4.icanhazip.com)
port=17731
eth=$(ls /sys/class/net | awk '/^e/{print}')
wg0=$(cat server_publickey)
wg0p=$(cat server_privatekey)
u01=$(cat u01_publickey)
u02=$(cat u02_publickey)
u01p=$(cat u01_privatekey)
u02p=$(cat u02_privatekey)
cat > wg0.conf <<-EOF
[Interface]
PrivateKey = $wg0p
Address = 10.0.0.1/32
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $eth -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $eth -j MASQUERADE
ListenPort = $port
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $u01
AllowedIPs = 10.0.0.10/32
[Peer]
PublicKey = $u02
AllowedIPs = 10.0.0.20/32
EOF
连接配置
# Client: /etc/wireguard/u01.conf cat > u01.conf <<-EOF [Interface] PrivateKey = $u01p Address = 10.0.0.10/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $wg0 Endpoint = $serverip:$port AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 EOF
客户端导入此文件或扫描此文件生成的二维码即可。
# apt install qrencode # 在 Linux ssh 窗口中显示二维码 cat u01.conf | qrencode -o - -t UTF8
启动
wg-quick up wg0 # shutdown wg-quick down wg0 # status wg
配置启动服务(可选)
# systemctl start wireguard # /etc/init.d/wireguard #!/bin/bash ### BEGIN INIT INFO # Provides: wgstart # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: wireguard ### END INIT INFO wg-quick up wg0 chmod +x /etc/init.d/wireguard cd /etc/init.d update-rc.d wireguard defaults
客户端
Windows 下载(Mac/IOS 从 App Store 下载) wireguard,扫描二维码或导入从服务端创建的客户端文件即可。
Error
Warning: ?? is world accessible
This means that the configuration file permissions are too broad - and they shouldn’t, as there’s a private key in there. This can be fixed with
chmod 600 /etc/wireguard/wg0.conf