准备工作
一台服务器 带公网ip,如 172.158.20.34,开放了udp端口为234
wire_grard安装
sudo apt install wireguard
配置文件生成
网站:https://www.wireguardconfig.com/
listen Port:填写234
num of client:根据需要填写,如果就一台电脑连接服务器,就是1
cidr:wireguard虚拟网卡的网段,如192.168.12.0/24
client allowed ips:设置哪些网段数据需要走虚拟网卡,默认是左右的都走虚拟网卡
Endpoint:公网地址 172.158.20.34:234
DNS:好像填起有问题;
点击Generate Config,ok
server生成的配置
# Generated by WireguardConfig.com
[Interface]
Address = 192.168.12.1/24
ListenPort = 44023
PrivateKey = fgshfshfghjer
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = /dsadafsdf
AllowedIPs = 192.168.12.2/32
[Peer]
PublicKey = fghjkdssd
AllowedIPs = 192.168.12.3/32
client生成的配置
# Generated by WireguardConfig.com
[Interface]
Address = 192.168.12.2/24
ListenPort = 44023
PrivateKey = ewqewqe
[Peer]
PublicKey = weqrwr
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = bigchick.ddoo.tech:44023
配置wire_grard
编写wireguard网卡配置表
sudo nano /etc/wireguard/wg0.conf
启动wireguard网卡
systemctl start wg-quick@wg0
systemctl enable wg-quick@wg0 # 开机自启动
其他
生成私钥
wg genkey
根据私钥生成公钥
wg pubkey < ”privatekey“ > publickey 其中privatekey是保存了私钥的文件
服务器网络交换设置
cat /proc/sys/net/ipv4/ip_forward
如果输出0是有问题的
设置为1
sudo sysctl -w net.ipv4.ip_forward=1