debian12系统wireguard 安装和使用,内网链接
wireguard安装
@安装wireguard
@服务端生成秘钥对
@配置文件生成(服务端与客户端)
@启动(服务端与客户端)官网安装链接:
https://www.wireguard.com/install/
https://www.wireguard.com/quickstart/使用过程
apt update -y
apt install wireguard
生成公私钥给服务端和客户端用
cd /etc/wireguard
wg genkey | tee server.key | wg pubkey > server.pub
wg genkey | tee client.key | wg pubkey > client.pub
然后新建并编辑配置文件,vi /etc/wireguard/wg0.conf, 配置文件,可以根据自己的修改,接口的命名可以是任何你自己喜欢的名称,建议使用诸如wg0或wgnet0之类的名称。可以自己能快速分清是物理接口还是虚拟接口即可。.
[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = SERVER_PRIVATE_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens0 -j MASQUERADE
简易服服务端+客户端
[Interface]
PrivateKey = [SERVER_PRIVATE_KEY]
ListenPort = 51820
[Peer]
Endpoint = [SERVER_PUBLIC_IP]:51820
PublicKey = [CLIENT_PUBLIC_KEY]
AllowedIPs = 192.168.8.0/24
[Interface]
PrivateKey = [CLIENT_PRIVATE_KEY]
Address = 192.168.8.2/32
[Peer]
PublicKey = [SERVER_PUBLIC_KEY]
AllowedIPs = 192.168.8.0/24
Endpoint = [SERVER_PUBLIC_IP]:51820
PersistentKeepalive = 25
我的BGP配置文件,这个可以忽略,请勿使用.
[Interface]
PrivateKey = iKtCulTAWxi+5rgrtgr55551515rtyt45=
Address = 10.249.12.126/30, 2a0c:9a40:a006::7e/126
Table = off
[Peer]
PublicKey = W0pI832sdfssdf545151wertwrewr45=
AllowedIPs = 10.249.12.125/30, 2a0c:9a40:a006::7d/126
Endpoint = 192.168.1.111:51823
PersistentKeepAlive = 60
快速启动/开机启动
wg-quick up wg0
systemctl enable wg-quick@wg0
ipv4 /ipv6转发记得开启
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
sysctl -p
待续
文章评论