sudo yum update
sudo yum install elrepo-release epel-release
sudo yum install kmod-wireguard wireguard-tools
ip link add dev wg0 type wireguard #添加wg接口
ip address add dev wg0 100.69.0.1/24 #设定wg0的接口IP
手动生成密钥
生成私钥
wg genkey > privatekey
cat privatekey
+++++++++++++++++++++++++++++++++++++++++++++
0HTo/a7Zc57QmqWNL7McKIv9MuU2dseEEiOSf7QLNW4=
生成公钥
wg pubkey < privatekey > publickey
cat publickey
++++++++++++++++++++++++++++++++++++++++++++
Klfy6gNvDuxDiS26pBl3cOovVcuemWZiwjQKWJfZ5Hw=
添加服务器配置文件
服务端配置文件
wg setconf wg0 /etc/wireguard/wg0.conf
+++++++++++++++++++++++++++++++++++++++
[Interface]
Address = 100.69.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = 0HTo/a7Zc57QmqWNL7McKIv9MuU2dseEEiOSf7QLNW4= #上面手动生成的私钥
[Peer]
PublicKey = HoDtSS2woZ/j2J01anvONqyrKVbk3MRfG/GUL2pWYVQ= #客户端自动生成的公钥
AllowedIPs = 100.69.0.101/32
Endpoint = 43.229.119.xxx:51820
++++++++++++++++++++++++++++++++
使能wireguard接口
wg setconf wg0 /etc/wireguard/wg0.conf #指向配置文件,每次修改后需要重新指向。
ip link set up dev wg0 #开启接口
wg-quick down wg0
wg-quick up wg0
关闭防火墙
systemctl stop firewall
打开ipv4转发
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0 #关闭重定向
net.ipv4.conf.all.send_redirects = 0
sysctl -p /etc/sysctl.conf #使能ip转发
设置NAT上网
iptables -t nat -A POSTROUTING -s 100.69.0.0/24 -o enp1s0 -j MASQUERADE
查看NAT规程
iptables -t nat -L
删除一条nat 规则 删除SNAT规则
iptables -t nat -D POSTROUTING 1
iptables -t nat -D POSTROUTING -o eth1 -j SNAT --to ${snat_ip} 删除所有源地址转换表项
Client
publickey: HoDtSS2woZ/j2J01anvONqyrKVbk3MRfG/GUL2pWYVQ=
客户端配置文件
+++++++++++++++++++
[Interface]
PrivateKey = 2DJrp2FzlSAeorUOuf21/2QthH67WQlhhW135F7wbEo= #客户端自动生成的私钥
ListenPort = 51820
Address = 100.69.0.101/24
DNS = 8.8.8.8
MTU = 1300 #无法打开网页时设置一下MTU
[Peer]
PublicKey = Klfy6gNvDuxDiS26pBl3cOovVcuemWZiwjQKWJfZ5Hw= #服务器公钥
AllowedIPs = 0.0.0.0/0
Endpoint = 45.76.155.xxx:51820
++++++++++++++++++++++++++++++