安装
一. 服务端:腾讯云ubuntu20.04 5.4.0-122-generic
安装包
- sudo apt update
- sudo apt upgrade -y
- sudo apt install -y iptables wireguard
开启ipv4转发
- sudo vim /etc/sysctl.conf
- sudo sysctl -p
配置wireguard服务
生成公私秘钥
- $ sudo su -
- `# wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
创建网络配置文件
- sudo vim /etc/wireguard/wg0.conf
使用上面的私钥替换配置文件中的相关内容, 同时需要注意替换eth0为实际的网卡设备名称
[Interface]
Address = 172.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = ***
[Peer]
PublicKey = ***
AllowedIPs = 172.0.0.2/24修改配置文件的权限
- sudo chmod 600 /etc/wireguard/privatekey
- sudo chmod 600 /etc/wireguard/wg0.conf
启动WireGuard接口
- sudo wg-quick up wg0
执行后会输出下面内容
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.0.0.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE配置开机启动服务
- sudo wg-quick down wg0 // 先停掉之前手工启动的端口
- sudo systemctl enable wg-quick@wg0.service
- sudo systemctl start wg-quick@wg0.service
- sudo wg show // 查看启动的端口信息
二. 客户端 kk38服务器 Ubuntu 20.04.3 LTS (GNU/Linux 5.13.0-28-generic x86_64)
- sudo su
- mkdir -p /etc/wireguard/clients
- wg genkey | tee /etc/wireguard/clients/client.key | wg pubkey | tee /etc/wireguard/clients/client.key.pub ``` [Interface] PrivateKey = 上面复制的私钥内容 Address = 172.0.0.2/24 DNS = 1.1.1.1, 1.0.0.1
[Peer] PublicKey = 服务器的公钥(/etc/wireguard/publickey) AllowedIPs = 0.0.0.0/0 Endpoint = 服务器的公网IP地址:51820
```
- 查询DNS systemd-resolve --status
- sudo apt install openresolv
https://bbs.archlinux.org/viewtopic.php?id=232754 https://blog.csdn.net/lpwmm/article/details/113181101
- Created symlink /etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service → /lib/systemd/system/wg-quick@.service.