基于 Centos 7 的 wireguard安装
一、官网安装wireguard的三种方式
1、a signed module is available as built-in to CentOS's kernel-plus:
$ sudo yum install yum-utils epel-release
$ sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
$ sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
$ sudo yum install kernel-plus wireguard-tools
$ sudo reboot
2、 users wishing to stick with the standard kernel may use ELRepo's pre-built module:
$ sudo yum install epel-release elrepo-release
$ sudo yum install yum-plugin-elrepo
$ sudo yum install kmod-wireguard wireguard-tools
3、 users running non-standard kernels may wish to use the DKMS package instead:
$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install wireguard-dkms wireguard-tools
二、配置网络环境,确保防火墙放行UDP协议 port 51820
sudo firewall-cmd --zone=public --add-port=51820/udp --permanent sudo firewall-cmd --reload
三、生成服务器端key
wg genkey | tee server.key | wg pubkey > server.pub
四、配置服务器端
vim /etc/wireguard/wg0.conf [Interface]
Address = 10.0.0.1/24 #配置服务器IP
ListenPort = 51820 # 端口 PrivateKey = <server.key中的私钥>
[Peer]
PublicKey = <客户端公钥>
AllowedIPs = 10.0.0.2/32 #客户端网段
五、启动服务端
systemctl enable wg-quick@wg0 systemctl start wg-quick@wg0
#sudo wg-quick up wg0
#sudo wg-quick down wg0
六、生成客户端key
wg genkey | tee client.key | wg pubkey > client.pub
七、配置客户端
vim /etc/wireguard/wg0.conf [Interface] Address = 10.0.0.2/24 #配置客户端IP PrivateKey = <client.key中的私钥> [Peer] PublicKey = <服务器端的公钥> Endpoint = <服务器IP>:51820 AllowedIPs = 0.0.0.0/0,::/0 #允许经过的流量
八、启动客户端
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
#sudo wg-quick up wg0
#sudo wg-quick down wg0
九、检查连接状态
sudo wg show
设置路由
#使客户端所有流量通过wireguard
ip route add 0.0.0.0/0 dev wg0
#配置服务器路由,使客户端流量可以访问到服务器
ip route add 10.0.0.0/24 dev wg0
