WireGuard 安装与使用

2020-13-3 16:56

PS: 本文服务端为 Debian,客户端为 Windows 和 IOS

服务端

1. 安装

无 APT 源

cd /etc/apt/sources.list.d
vi wireguard.list

写入:deb http://deb.debian.org/debian buster-backports main

apt update
apt install wireguard

有 APT 源

apt install wireguard

2. 创建公钥1与私钥1

wg genkey | tee privatekey1 | wg pubkey > publickey1

3. 创建公钥2与私钥2

wg genkey | tee privatekey2 | wg pubkey > publickey2

4. 编写配置

vi /etc/wireguard/wg0.conf
        [Interface]
        Address = 100.100.100.1/24
        PrivateKey = oELNlVMo4JboZEvUBwfnktfDgODSPn1T/oZpiICGfno= # 私钥1
        ListenPort = 8888
        PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A INPUT -s 100.100.100.0/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT; iptables -A INPUT -s 100.100.100.0/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
        PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

        [Peer]
        PublicKey = px2h+2n7ljfMQkoFu07hiX+rcklcM6NImenShvcL0Hs= # 公钥2
        AllowedIPs = 100.100.100.2/32

        [Peer]
        PublicKey = AaaaaAaaaaaAAaaAaaaaaAaaaaaaAaAAaaaAaaaAaAAa # 公钥3
        AllowedIPs = 100.100.100.3/32
      

5. 启动

wg-quick up wg0

如果有问题:

查看状态:wg

关闭:wg-quick down wg0

网卡无响应:apt install wireguard-dkms wireguard-tools linux-headers-$(uname -r)

查看 DNS :cat /etc/resolv.conf

开启 IP 转发:

        vi /etc/sysctl.conf
        net.ipv4.ip_forward = 1 # 添加该行
        sysctl -p /etc/sysctl.conf
      

Windows 端

1. 编写配置

vi /home/my_windows.conf
        [Interface]
        PrivateKey = 2LiWDPGnJFTE7oP6yG9KzjeMsJBXIyyZnrFH0nhVDmQ= # 私钥2
        Address = 100.100.100.2/32
        DNS = 8.8.8.8 # Google DNS,可修改

        [Peer]
        PublicKey = KRrviHDm2WAxAhFIEDaeHI6pLrhnGx9EdI8+0Pd6OXw= # 公钥1
        Endpoint = 22.22.22.22:8888 # 服务器公网 IP
        AllowedIPs = 0.0.0.0/0, ::/0
        PersistentKeepalive = 21
      

2. 导入配置

PS

如果 Windows 端可以连接上服务端,但无法上网,可选择下载 TapWindows

除了 WireGuard 客户端,也可选择 TunSafe 客户端

IOS 端

1. 编写配置

vi /home/my_iphone.conf
        [Interface]
        PrivateKey = AaaaaAaaaaaAAaaAaaaaaAaaaaaaAaAAaaaAaaaAaAAa # 私钥3
        Address = 100.100.100.3/32
        DNS = 8.8.8.8 # Google DNS,可修改

        [Peer]
        PublicKey = KRrviHDm2WAxAhFIEDaeHI6pLrhnGx9EdI8+0Pd6OXw= # 公钥1
        Endpoint = 22.22.22.22:8888 # 服务器公网 IP
        AllowedIPs = 0.0.0.0/0, ::/0
        PersistentKeepalive = 21
      

2. 安装 qrencode

apt install qrencode

3. 生成配置文件的二维码

qrencode -t ansiutf8 < /home/my_iphone.conf

4. 扫码二维码