1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| sudo apt install wireguard
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
sudo vim /etc/wireguard/wg0.conf
'''
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
'''
cat /etc/wireguard/privatekey
# aCkT9TzcacNkD5CgzBnTlP8x4sRkDF+GyoLN0COZTl4=
cat /etc/wireguard/publickey
# 4exJtmb0mrWC52LtVeEWY3r6/INpB91s5FMZ2L3GaxA=
ip -o -4 route show to default | awk '{print $5}'
# eth0
# 启动和检查
sudo wg-quick up wg0
sudo wg show wg0
ip a show wg0
# 配置防火墙
sudo vim /etc/sysctl.conf
## net.ipv4.ip_forward=1
sudo sysctl -p
sudo ufw allow 51820/udp
# 添加客户端
sudo wg set wg0 peer CpunRSVdM0DUbKaX2mOWTfugYxyZF6DDZWGMorMWTA8= allowed-ips 10.0.0.2
# sudo wg set wg0 peer CLIENT_PUBLIC_KEY allowed-ips 10.0.0.2
sudo vim /etc/wireguard/wg0.conf
'''
[Peer]
# Name = mac
PublicKey = CpunRSVdM0DUbKaX2mOWTfugYxyZF6DDZWGMorMWTA8=
AllowedIPs = 10.0.0.2/32
'''
# close
sudo wg-quick down wg0
wg show
|
