服务端(以Ubuntu为例) 安装WireGuard
1 2 3 4 5 6 add-apt-repository ppa:wireguard/wireguard apt update apt install wireguard-dkms wireguard-tools resolvconf cat /etc/sysctl.conf |grep ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p
修改配置文件
1 2 3 4 5 6 cd /etc/wireguard/ umask 077 wg genkey | tee server_privatekey | wg pubkey > server_publickey wg genkey | tee client_privatekey | wg pubkey > client_publickey ifconfig vim /etc/wireguard/wg0.conf
启动WireGuard:
1 2 systemctl enable wg-quick@wg0 wg-quick up wg0
客户端(以Openwrt为例) 修改wg0.conf,将其中的Key换为实际Key中的内容
1 2 3 4 5 6 7 8 9 10 11 12 [Interface] PrivateKey = $(cat server_privatekey) Address = 10.0.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 50814 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat client_publickey) AllowedIPs = 10.0.0.2/32 "
修改路由表
1 2 remove default gateway route add x.x.x.x gw 192.168.x.x dev eth0
启动WireGuard
1 /etc/init.d/wireguard restart
