公私钥生成
服务端私钥
服务端公钥
1
2
3
4
5
| wg pubkey < server-key > server-pub
or
cat server-key | wg pubkey > server-pub
|
客户端私钥
客户端公钥
1
| wg pubkey < client1-key > client1-pub
|
服务端配置示例
/etc/wireguard/wg0.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [Interface]
PrivateKey = server-key
Address = 192.168.168.1/24
PostUp = iptables -t nat -A POSTROUTING -s 192.168.168.0/24 -o enp1s0 -j MASQUERADE; iptables -t nat -A PREROUTING -p udp --dport 60000:65535 -j REDIRECT --to-ports 57
PostDown = iptables -t nat -D POSTROUTING -s 192.168.168.0/24 -o enp1s0 -j MASQUERADE; iptables -t nat -D PREROUTING -p udp --dport 60000:65535 -j REDIRECT --to-ports 57
ListenPort = 57
DNS = 8.8.8.8
[Peer]
PublicKey = client1-pub
AllowedIPs = 192.168.168.2/32
[Peer]
PublicKey = client2-pub
AllowedIPs = 192.168.168.101/32
|
端口转发非必须
打开转发
1
| echo 1 > /proc/sys/net/ipv4/ip_forward
|
开机启动
1
| systemctl enable wg-quick@wg0
|
客户端配置
client1.conf
1
2
3
4
5
6
7
8
9
| [Interface]
PrivateKey = client1-key
Address = 192.168.168.2/24
DNS = 8.8.8.8
[Peer]
PublicKey = server-pub
Endpoint = server-ip:60001
AllowedIPs = 0.0.0.0/0
|
客户端是移动设备时,可通过生成二维码的方式方便配置
1
| qrencode -t ansiutf8 < client1.conf
|