ame

Wireguard - 基于UDP的代理协议
简介 WireGuard® is an extremely simple yet fast and modern...
扫描右侧二维码阅读全文
09
2018/12

Wireguard - 基于UDP的代理协议

简介

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

WireGuard 协议的客户端

A high performance and secure VPN client for Windows that uses the WireGuard protocol. TunSafe makes it extremely simple to setup blazingly fast and secure VPN tunnels between Windows and Linux.

部署

Debian

# echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard

Ubuntu

apt update
apt install software-properties-common -y
add-apt-repository ppa:wireguard/wireguard
#按回车继续

apt update
apt install wireguard -y

Red Hat Enterprise Linux / CentOS

$ sudo curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install epel-release
$ sudo yum install wireguard-dkms wireguard-tools

验证是否安装成功

执行 wg 应该不会出现 command not found

服务器端配置

首先进入配置文件目录

如果该目录不存在请先手动创建:mkdir /etc/wireguard

cd /etc/wireguard

然后开始生成 密匙对(公匙+私匙)。

wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey

会生成4个文件
sprivatekey 服务器私钥,spublickey 服务器公钥
cprivatekey 客户端私钥,cpublickey 客户端公钥

创建 wg0.conf 配置文件

nano wg0.conf

把实例的配置复制进去

[Interface]
PrivateKey = iIeoHV2McPYlbjaLCsu5lXI4Ir7ScHkFFHcHhdxeNEY=
Address = 10.0.0.1/24
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A $
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D $
ListenPort = 443
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = R4SLpnN7V5GdsNPRYG5mDikpii22/6tSP5h7dA125Qc=
AllowedIPs = 10.0.0.2/32

参考下面的配置并对一些参数更改

PrivateKey 换成 服务器私钥
PublicKey 换成 客户端公钥

其他的操作

chmod 777 -R /etc/wireguard

# 打开防火墙转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

启动

wg-quick up wg0

停止

wg-quick down wg0

查询状态

wg

客户端配置

Windows可以使用TunSafe
找到客户端Config目录下TunSafe.conf,这是一个实例配置
复制一个副本

修改 PrivateKey = 客户端私钥
修改 PublicKey = 服务器公钥
修改 Endpoint = 服务器 IP:Port
修改 Address = 10.0.0.2/24
修改 MTU = 1420
修改 AllowedIPs = 0.0.0.0/0, ::0/0

参考文档
https://doubibackup.com/4ty12sgu.html
https://github.com/yobabyshark/wireguard
https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
https://medium.com/@xtarin/wireguard%E4%BB%8B%E7%BB%8D%E5%8F%8A%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B-2ae1eb4bf670

Last modification:December 9th, 2018 at 09:33 pm

Leave a Comment