安装部分:
Red Hat Enterprise Linux / CentOS(我用的7)
sudo curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo yum install epel-release
sudo yum install -y wireguard-dkms wireguard-tools
yum update -y
rebootUbuntu
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt-get update
sudo apt-get install wireguard
sudo apt install resolvconf主机端还需要
关闭firewall:
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动安装iptables:
yum install -y iptables-services
systemctl enable iptables.service
systemctl start iptables.serviceiptables配置
iptables -F
iptables -X
iptables -Z
service iptables save在Centos7中
在/usr/lib/sysctl.d/xxxx-default.conf文件里加入
net.ipv4.ip_forward = 1sysctl -p————————————————————————————————————
实际操作:
生成private和public:
wg genkey | tee private | wg pubkey > public主机配置文件
编辑 /etc/wireguard/wg0.conf
[Interface]
PrivateKey = aLvi6jyeSTedmcFEEeACb758jpGgkHq9xfVRr1s2K34=
Address = 10.10.10.1
ListenPort = 12345
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = sLqLCZz4UGwDU9393iXZofGuk22eqC81GNKvZJkxmT0=
AllowedIPs = 10.10.10.2/32
[Peer]
PublicKey = 7C0zsqaiFScOUr3oThQPvpwmCQ5EOL+7diMOZI1voDE=
AllowedIPs = 10.10.10.3/32客户机配置文件
edit /etc/wireguard/wg0.conf
[Interface]
PrivateKey = 2D/CICXnwJcff/0v0f1T/CxV9XKsMJGuHcXppHIkc3I=
Address = 10.10.10.3
DNS = 202.106.0.20
[Peer]
PublicKey = mmUo7bHTqSvSviXtidAX91KnE9xHZt/XcuBZejnU03c=
Endpoint = 【你的域名或IP】:12345
AllowedIPs = 0.0.0.0/0启动与关闭
wg-quick up wg0
wg-quick down wg0