# 先安装linux-headers
apt update apt install linux-headers-$(uname -r) -y
# 安装WireGuard
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
apt update apt install wireguard-dkms wireguard-tools resolvconf -y
# 开启ipv4流量转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
# 创建并进入WireGuard文件夹
mkdir -p /etc/wireguard && chmod 0777 /etc/wireguard
cd /etc/wireguard
umask 077
# 生成服务器和客户端密钥对
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey
- 设置开机自启:
systemctl enable wg-quick@wg0
# 启动WireGuard wg-quick up wg0
# 停止WireGuard wg-quick down wg0
# 查看WireGuard运行状态 wg
配置文件:
server/wg0.conf
[Interface]
Address = 192.168.128.2/24 //局域网IP
ListenPort = 8890 //监听端口,与工作站一致
PrivateKey = 8AVx7U0Dimjpo= //与工作站公钥对应的私钥
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE //防火墙规则,可选
[Peer]
PublicKey =jzjAi2qBupkb6zY Q4d5EFdAbnjcRrSU= //工作站公钥
AllowedIPs = 192.168.128.1/32
[Peer]
PublicKey=tZKWzBAfWRikOYG2XttU C/fsydB5oBIgY= //工作站公钥
AllowedIPs= 192.168.128.3/32
client/wg0.conf
[Interface]
Address = 192.168.128.1/24 //内网IP
PrivateKey =xdfdfsfsfsfs //自己的私钥
[Peer]
PublicKey = 2222228 //服务器的公钥
Endpoint = 188.7.7.7:8890 //服务器的IP:端口
AllowedIPs =91.108.4.0/22 //可选,需要服务器中转的ip
AllowedIPs = 192.168.128.0/24
文章评论