https://www.wireguard.com/install/

安装

apt install wireguard
apt install openresolv
apt install resolvconf

生成密钥对

开启IPv4流量转发

xxxxxxxxxx
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

创建并进入wireguard文件夹

xxxxxxxxxx
mkdir -p /etc/wireguard && chmod 0777 /etc/wireguard
cd /etc/wireguard
umask 077

生成服务器端及客户端密钥对

xxxxxxxxxx
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey

生成配置文件

生成服务器端配置文件/etc/wireguard/wg0.conf

xxxxxxxxxx
echo "
[Interface]
PrivateKey = $(cat server_privatekey) # 填写本机的privatekey 内容
Address = 10.0.8.1/24
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 55555 # 注意该端口是UDP端口
DNS = 1.1.1.1,8.8.8.8
MTU = 1420
[Peer]
PublicKey =  $(cat client_publickey)  # 填写对端的publickey 内容
AllowedIPs = 10.0.8.10/24 " > wg0.conf

开机自启动

xxxxxxxxxx
systemctl enable wg-quick@wg0

生成客户端配置文件/etc/wireguard/client.conf

​x
echo "
[Interface]
  PrivateKey = $(cat client_privatekey)  # 填写本机的privatekey 内容
  Address = 10.0.8.10/24
  DNS = 1.1.1.1,8.8.8.8
  MTU = 1420
​
[Peer]
  PublicKey = $(cat server_publickey)  # 填写对端的publickey 内容
  Endpoint = server公网的IP:55555
  AllowedIPs = 0.0.0.0/0, ::0/0
  PersistentKeepalive = 25 " > client.conf

启动

服务器端

启动或停止wireguard服务端

xxxxxxxxxx
# 启动WireGuard
wg-quick up wg0
# 停止WireGuard
wg-quick down wg0

wireguard服务端运行状态

xxxxxxxxxx
wg

客户端

启动或停止wireguard服务端

xxxxxxxxxx
# 启动WireGuard
wg-quick up client
# 停止WireGuard
wg-quick down client

wireguard服务端运行状态

xxxxxxxxxx
wg

客户端路由

x
ip route add 103.52.188.136 via 192.168.1.2 
ip route add 0.0.0.0/0 via 10.0.8.1 # 所有的流量都走这个ip