wireguard 使用

服务端和客户端都安装

wireguard 安装官网都有

https://www.wireguard.com/install/

但是没有树莓派版的安装

参考 https://github.com/adrianmihalko/raspberrypiwireguard 这个安装

# 开启转发
sysctl net.ipv4.ip_forward # 查看转发状态
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# 检查一下原生的 /etc/apt/sources.list.d/raspi.list 这个文件的存在
apt-get update
apt-get upgrade
apt-get install raspberrypi-kernel-headers
echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list
apt-get install dirmngr  apt-key adv --keyserver   keyserver.ubuntu.com --recv-keys 8B48AD6246925553 
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable
apt-get update
apt-get install wireguard 
modprobe wireguard && lsmod | grep wireguard # 检查 wireguard 模块是否安装成功
reboot

服务端

-> [email protected] ☃ ❄ ⛄
~ ☺ # mkdir wgkeys && cd $_
-> [email protected] ☃ ❄ ⛄
~/wgkeys ☺ # umask 077
-> [email protected] ☃ ❄ ⛄
~/wgkeys ☺ # wg genkey > server_private.key
-> [email protected] ☃ ❄ ⛄
~/wgkeys ☺ # wg pubkey > server_public.key < server_private.key
-> [email protected] ☃ ❄ ⛄
~/wgkeys ☺ # wg genkey > client1_private.key
-> [email protected] ☃ ❄ ⛄
~/wgkeys ☺ # wg pubkey > client1_public.key < client1_private.key
-> [email protected] ☃ ❄ ⛄
~/wgkeys ☺ # ll
total 16K
-rw------- 1 root root 45 Apr  5 15:54 client1_private.key
-rw------- 1 root root 45 Apr  5 15:54 client1_public.key
-rw------- 1 root root 45 Apr  5 15:53 server_private.key
-rw------- 1 root root 45 Apr  5 15:53 server_public.key

防火墙

ufw allow 51820

配置文件

[Interface]
Address = 192.168.99.1/24
ListenPort = 51820

# 根据环境更改 eth0 名字
PrivateKey = <server_private.key>
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# Client1
PublicKey = <client1_public.key>
AllowedIPs = 192.168.99.2/32

[Peer]
# Client2
PublicKey = <client2_public.key>
AllowedIPs = 192.168.99.3/32

启动

wg-quick up wg0

查看

wg

自动启动

systemctl enable [email protected]

客户端

vim /etc/wireguard/wg0.conf
[Interface]
Address = 192.168.99.2/24
PrivateKey = <client1_private.key>
# DNS = 192.168.99.1

[Peer]
Endpoint = 远程IP或域名:51820
PublicKey = <server_public.key>
AllowedIPs = 192.168.99.1/32, 192.168.1.0/32
# AllowedIPs = 0.0.0.0/0, ::0/0 # 转发所有流量
PersistentKeepalive = 25

启动

wg-quick up wg0