WOGONG blog wiki read

WireGuard

install

https://www.wireguard.com/install/

config

  1. 配置自身密钥

    umask 077 wg genkey | tee privatekey | wg pubkey > publickey

  2. 配置自身信息

    sudo vim /etc/wireguard/wg0.conf

    [Interface] PrivateKey = Address = 192.168.3.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE SaveConfig = true

  3. 启用、停止服务

    wg-quick up wg0 wg-quick down wg0 wg # 查询状态 systemctl enable wg-quick@wg0

  4. 链接 Peers

    sudo wg set wg0 peer allowed-ips <ip_address\/0.0.0.0/0> persistent-keepalive 60 sudo wg set wg0 peer endpoint allowed-ips <ip_address\/0.0.0.0/0> persistent-keepalive 60 // allowed-ip 填写 peer IP


Published 2018-08-27 00:00:00 +0800
Link: