wireguard 安装配置

1、安装

sudo apt-get install wireguard
sudo apt install openresolv

2、生成私钥和公钥

cd /etc/wireguard
umask 077
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey

3、开启内核IP转发

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

4、服务端配置文件生成

服务端配置路径：/etc/wireguard/wg0.conf

echo "
[Interface]
PrivateKey = $(cat server_privatekey)
Address = 192.168.8.1/24
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 20000
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey =  $(cat client_publickey)
AllowedIPs = 192.168.8.10/24 " > wg0.conf

备注：服务端私钥，IP地址，转发规则，监听端口，客户端公钥，允许连接的IP

5、客户端配置文件生成

客户端配置路径：/etc/wireguard/client.conf

echo "
[Interface]
  PrivateKey = $(cat client_privatekey)
  Address = 192.168.8.10/24
  DNS = 8.8.8.8
  MTU = 1420
[Peer]
  PublicKey = $(cat server_publickey)
  Endpoint = 1.1.1.1:20000
  AllowedIPs = 0.0.0.0/0, ::0/0
  PersistentKeepalive = 25 " > client.conf

备注：客户端私钥，IP地址，服务端公钥，服务端IP和端口，允许连接的IP

6、启动

启动：
wg-quick  up wg0
systemctl start  wg-quick@wg0
systemctl enable wg-quick@wg0

停止
wg-quick  down wg0
systemctl stop     wg-quick@wg0
systemctl disable  wg-quick@wg0

7、查看连接状态

wg

 8、客户端配置策略路由

[Interface]
PrivateKey = IHFLezy/JAN2yCqcqrVh1ovmQJkoFR922pUhhROX7ms=
Address = 10.66.88.2/32,fd42:42:42::2/128
DNS = 1.1.1.1,1.0.0.1
PostUp = ip rule add from 172.26.15.124 lookup main
PreDown = ip rule delete from 172.26.15.124  lookup main 

[Peer]
PublicKey = SFoA9jsCBSswFxF117ljTCjyTyhbam2BP+t+H75pVE8=
PresharedKey = ust86oYT7axT0OHuM3wXzN84p46V+CPYecSJScPvzmM=
Endpoint = 35.87.46.242:20087
AllowedIPs = 0.0.0.0/0,::/0