安装WireGuard

发表于 分类于 阅读次数:

安装

安装windows端

安装wireguard-amd64-0.3.16.msi:可以正常安装,无法正常使用
安装TunSafe-1.4.exe:可以正常安装,可以正常使用,可以支持ListenPortTCP

安装centos端

需要升级内核

1
2
3
4
5
6
7
8
9
yum install epel-release elrepo-release
yum install yum-plugin-elrepo
yum install kmod-wireguard wireguard-tools
# 重启
reboot
# 加载内核模块
modprobe wireguard
# 检查WG模块加载是否正常
lsmod | grep wireguard

安装wireguard-go端

无需升级内核,多平台,性能差

1
2
3
4
5
6
7
8
9
mkdir -p ~/go/src/github.com
cd ~/go/src/github.com
git clone https://github.com/WireGuard/wireguard-go.git
cd wireguard-go
make
make install
yum install wireguard-tools
# export WG_QUICK_USERSPACE_IMPLEMENTATION=wireguard-go
wg-quick up wg0

配置

配置服务端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# wg genkey > privatekey
# wg pubkey < privatekey > publickey
wg genkey | tee privatekey | wg pubkey > publickey
vi /etc/wireguard/wg0.conf
###
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <Server Private Key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
###
systemctl enable wg-quick@wg0
# 启动服务端
wg-quick up wg0
# 停止服务端
wg-quick down wg0
# 查看节点列表
wg show
# 重载配置文件,不影响已有连接
wg syncconf wg0 <(wg-quick strip wg0)

配置客户端

1
2
3
4
5
6
7
8
wg genkey | tee privatekey | wg pubkey > publickey
vi /etc/wireguard/wg0.conf
###
[Interface]
Address = 10.0.0.2/24
ListenPort = 51820
PrivateKey = <Client Private Key>
###

连接 Client 和 Server

使用配置文件

服务端wg0.conf添加到客户端Peer

1
2
3
4
5
6
###
[Peer]
PublicKey = <Client Public key>
AllowedIPs = 10.0.0.2/32
PersistentKeepalive = 30
###

客户端wg0.conf添加到服务端Peer

1
2
3
4
5
6
7
###
[Peer]
PublicKey = <Server Public Key>
AllowedIPs = 10.0.0.0/24
Endpoint = <Server Public IP>:51820
PersistentKeepalive = 30
###

使用命令行

服务端执行命令

1
2
wg set wg0 peer <Client Public key> allowed-ips 10.0.0.2/32 persistent-keepalive 30
wg-quick save wg0

客户端执行命令

1
2
wg set wg0 peer <Server Public Key> allowed-ips 10.0.0.0/24 persistent-keepalive 30 endpoint <Server Public IP>:51820 
wg-quick save wg0

配置生成

https://www.wireguardconfig.com

参考

https://www.wireguard.com

https://fuckcloudnative.io/posts/wireguard-docs-practice