wireguard 配置
date
Apr 20, 2021
slug
wireguard 配置
status
Published
tags
linux
wireguard
summary
wireguard 配置
type
Post
开启服务端转发
root@ip-172-26-6-43:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@ip-172-26-6-43:~# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
root@ip-172-26-6-43:~# sysctl -p
net.ipv4.ip_forward = 1
生成服务端公钥 私钥
root@ip-172-26-6-43:/etc/wireguard# wg genkey | tee privatekey | wg pubkey > publickey && cat privatekey && cat publickey
YDCWUdlydea0/LlO9VRtIpr64g/jzrlQJkMGQIPDJ2k=
7nU4D/Lplh/2HBGk6VUP9qeHQLZAFjnUeian9PlxpCI=
生成客户端公钥 私钥
root@ip-172-26-6-43:~# wg genkey | tee privatekey | wg pubkey > publickey && cat privatekey && cat publickey
yMYonzfd1/0TGiCK8mbJvHNCwN4DnBlDtEEr8XbhnVc=
j9sQZcIAYk5VBkI4qOGebBJV+3WAjbrDDuaFrKT33Uk=
客户端连接配置生成
[Interface]
PrivateKey = yMYonzfd1/0TGiCK8mbJvHNCwN4DnBlDtEEr8XbhnVc=
Address = 10.66.66.2/24, fd42:42:42::2/64
DNS = 8.8.8.8, 2001:4860:4860::8888
MTU = 1420
[Peer]
PublicKey = 7nU4D/Lplh/2HBGk6VUP9qeHQLZAFjnUeian9PlxpCI=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = [2406:da18:e57:7800:db50:b65:6fb8:8877]:17630
PersistentKeepalive = 25
服务端配置文件
[Interface]
PrivateKey = YDCWUdlydea0/LlO9VRtIpr64g/jzrlQJkMGQIPDJ2k=
Address = 10.66.66.1/24,fd42:42:42::1/64
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 17630
DNS = 8.8.8.8,2001:4860:4860::8888
MTU = 1420
[Peer]
PublicKey = j9sQZcIAYk5VBkI4qOGebBJV+3WAjbrDDuaFrKT33Uk=
AllowedIPs = 10.66.66.2/32, fd42:42:42::2/128