{"id":81,"date":"2021-08-26T10:45:00","date_gmt":"2021-08-26T10:45:00","guid":{"rendered":"https:\/\/www.meblg.com\/?p=81"},"modified":"2021-08-26T10:45:00","modified_gmt":"2021-08-26T10:45:00","slug":"81","status":"publish","type":"post","link":"https:\/\/www.meblg.com\/index.php\/jc\/81\/","title":{"rendered":"WireGuard"},"content":{"rendered":"

\u914d\u7f6e\u8fc7\u7a0b
\u5b89\u88c5 WireGuard
Debain \u7cfb\u7edf\uff1a<\/p>\n

\u5148\u5b89\u88c5linux-headers<\/h1>\n
apt update\napt install linux-headers-$(uname -r) -y\n<\/code><\/pre>\n
\u5b89\u88c5WireGuard<\/h1>\n
echo "deb http:\/\/deb.debian.org\/debian\/ unstable main" > \/etc\/apt\/sources.list.d\/unstable.list\nprintf 'Package: *\\nPin: release a=unstable\\nPin-Priority: 150\\n' > \/etc\/apt\/preferences.d\/limit-unstable\napt update\napt install wireguard-dkms wireguard-tools resolvconf -y\n<\/code><\/pre>\n
Ubuntu \u7cfb\u7edf\uff1a<\/p>\n
add-apt-repository ppa:wireguard\/wireguard
apt-get update
apt-get install wireguard-dkms wireguard-tools resolvconf -y<\/p>\n
\u6ce8\u610f\uff1a\u9664\u4e86Debain\u3001Ubuntu\u5176\u4ed6\u64cd\u4f5c\u7cfb\u7edf\u7684\u5b89\u88c5\u547d\u4ee4\u53ef\u4ee5\u5728 WireGuard Installstion \u67e5\u770b\u3002<\/p>\n
\u9664\u4e86\u4ee5\u4e0a\u90e8\u5206\u5185\u5bb9\u4e0d\u540c\u7cfb\u7edf\u4e0d\u4e00\u6837\uff0c\u63a5\u4e0b\u6765\u7684\u64cd\u4f5c\u90fd\u662f\u4e00\u6837\u7684\u3002<\/p>\n
\u5f00\u542fipv4\u6d41\u91cf\u8f6c\u53d1<\/h1>\n
echo "net.ipv4.ip_forward = 1" >> \/etc\/sysctl.conf\nsysctl -p\n<\/code><\/pre>\n
\u521b\u5efa\u5e76\u8fdb\u5165WireGuard\u6587\u4ef6\u5939<\/h1>\n
mkdir -p \/etc\/wireguard && chmod 0777 \/etc\/wireguard\ncd \/etc\/wireguard\numask 077\n<\/code><\/pre>\n
\u751f\u6210\u670d\u52a1\u5668\u548c\u5ba2\u6237\u7aef\u5bc6\u94a5\u5bf9<\/h1>\n
wg genkey | tee server_privatekey | wg pubkey > server_publickey\nwg genkey | tee client_privatekey | wg pubkey > client_publickey\n<\/code><\/pre>\n
\u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6
\u521b\u5efa\u5e76\u8fdb\u5165\u4e86 WireGuard \u540e\uff0c\u5f00\u59cb\u914d\u7f6e\u670d\u52a1\u7aef\u6587\u4ef6\uff0c\u8f93\u5165ifconfig\u67e5\u770b\u4e3b\u7f51\u5361\u540d\u79f0
\u8bb0\u4f4f\u4ee5\u4e0a\u6807\u8bb0\u5904\u540d\u5b57\uff0c\u82e5\u4e0d\u662feth0\uff0c\u53ef\u4ee5\u5c06\u5176\u590d\u5236\u4e86\u5f85\u4f1a\u9700\u8981\u7528\u5230\u3002<\/p>\n
\u751f\u6210\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\/etc\/wireguard\/wg0.conf:<\/p>\n
# \u91cd\u8981\uff01\u5982\u679c\u540d\u5b57\u4e0d\u662feth0, \u4ee5\u4e0bPostUp\u548cPostDown\u5904\u91cc\u9762\u7684eth0\u66ff\u6362\u6210\u81ea\u5df1\u670d\u52a1\u5668\u663e\u793a\u7684\u540d\u5b57\n# ListenPort\u4e3a\u7aef\u53e3\u53f7\uff0c\u53ef\u4ee5\u81ea\u5df1\u8bbe\u7f6e\u60f3\u4f7f\u7528\u7684\u6570\u5b57\n# \u4ee5\u4e0b\u5185\u5bb9\u4e00\u6b21\u6027\u7c98\u8d34\u6267\u884c\uff0c\u4e0d\u8981\u5206\u884c\u6267\u884c\necho "\n[Interface]\n  PrivateKey = $(cat server_privatekey)\n  Address = 10.0.0.1\/24\n  PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE\n  PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE\n  ListenPort = 50814\n  DNS = 8.8.8.8\n  MTU = 1420\n\n[Peer]\n  PublicKey = $(cat client_publickey)\n  AllowedIPs = 10.0.0.2\/32 " > wg0.conf\n<\/code><\/pre>\n
\u8bbe\u7f6e\u5f00\u673a\u81ea\u542f\uff1a<\/p>\n
systemctl enable wg-quick@wg0\n<\/code><\/pre>\n
\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6
\u751f\u6210\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\/etc\/wireguard\/client.conf:<\/p>\n
# Endpoint\u662f\u81ea\u5df1\u670d\u52a1\u5668ip\u548c\u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6\u4e2d\u8bbe\u7f6e\u7684\u7aef\u53e3\u53f7\uff0c\u81ea\u5df1\u5728\u672c\u5730\u7f16\u8f91\u597d\u518d\u7c98\u8d34\u5230SSH\u91cc\n# \u4ee5\u4e0b\u5185\u5bb9\u4e00\u6b21\u6027\u7c98\u8d34\u6267\u884c\uff0c\u4e0d\u8981\u5206\u884c\u6267\u884c\necho "\n[Interface]\n  PrivateKey = $(cat client_privatekey)\n  Address = 10.0.0.2\/24\n  DNS = 8.8.8.8\n  MTU = 1420\n\n[Peer]\n  PublicKey = $(cat server_publickey)\n  Endpoint = 1.2.3.4:50814\n  AllowedIPs = 0.0.0.0\/0, ::0\/0\n  PersistentKeepalive = 25 " > client.conf\n<\/code><\/pre>\n
\u81f3\u6b64\uff0c\u57fa\u672c\u4e0a\u5c31\u5df2\u7ecf\u641e\u5b9a\u4e86\uff0c\u53ef\u4ee5\u542f\u52a8 WireGuard \u4e86\uff1a<\/p>\n
\u542f\u52a8WireGuard<\/h1>\n
wg-quick up wg0\n<\/code><\/pre>\n
\u505c\u6b62WireGuard<\/h1>\n
wg-quick down wg0\n<\/code><\/pre>\n
\u67e5\u770bWireGuard\u8fd0\u884c\u72b6\u6001<\/h1>\n
wg\n<\/code><\/pre>\n
\u542f\u52a8\u540e\uff0c\u5982\u679c\u6ca1\u6709\u9519\u8bef\u7684\u8bdd<\/p>\n
\u5bfc\u51fa\u914d\u7f6e\u6587\u4ef6
\u6211\u4eec\u9700\u8981\u5bfc\u51fa\u5ba2\u6237\u7aef\u7684\u914d\u7f6e\u4f9b\u5ba2\u6237\u7aef\u4f7f\u7528\uff0c\u5ba2\u6237\u7aef\u53ef\u4ee5\u81ea\u5df1\u624b\u52a8\u586b\uff0c\u4f46\u662f\u5bc6\u94a5\u4ec0\u4e48\u7684\u8f93\u5165\u6bd4\u8f83\u9ebb\u70e6\uff0c\u4ee5\u4e0b\u63d0\u4f9b\u4e24\u79cd\u65b9\u6cd5\u4f9b\u4f7f\u7528\uff1a<\/p>\n
\u65b9\u6cd5\u4e00\uff1a\u4f7f\u7528\u914d\u7f6e\u6587\u4ef6\uff0c\u4f7f\u7528cat \/etc\/wireguard\/client.conf\u6307\u4ee4\u67e5\u770b\u914d\u7f6e\u6587\u4ef6\u4fe1\u606f\u5e76\u590d\u5236\uff0c\u7136\u540e\u81ea\u5df1\u672c\u5730\u7f16\u8f91\u4e00\u4e2a.conf\u6587\u4ef6\uff08\u540d\u5b57\u53ef\u4ee5\u81ea\u5b9a\u4e49\uff09\u5c06\u590d\u5236\u5185\u5bb9\u7c98\u8d34\u5e76\u4fdd\u5b58\uff0c\u53d1\u9001\u5230\u624b\u673a\u4e0a\uff1b\u6216\u8005\u4f7f\u7528 FTP \u7b49\u65b9\u5f0f\u628a\u914d\u7f6e\u6587\u4ef6\u4e0b\u8f7d\u5230\u672c\u5730\uff1b<\/p>\n
\u65b9\u6cd5\u4e8c\uff1a\u4f7f\u7528\u4e8c\u7ef4\u7801<\/p>\n
apt install qrencode -y\nqrencode -t ansiutf8 < \/etc\/wireguard\/client.conf\n<\/code><\/pre>\n
\u5ba2\u6237\u7aef\u4f7f\u7528\u65b9\u6cd5
\u5ba2\u6237\u7aef\u754c\u9762\u90fd\u5f88\u7b80\u5355\uff0c\u64cd\u4f5c\u57fa\u672c\u6ca1\u4ec0\u4e48\u96be\u5ea6\u3002<\/p>\n
\u4e0b\u8f7d\u5730\u5740
iOS: WireGuard TestFlight | App Store
Android: WireGuard Google Play
Windows: Coming Soon
iOS
iOS-WireGuard.png
iOS-WireGuard.png<\/p>\n
Android
Android-WireGuard.png
Android-WireGuard.png<\/p>\n
\u914d\u7f6e\u591a\u7528\u6237
\u4e00\u4e2a\u5ba2\u6237\u7aef\u6587\u4ef6\u53ea\u80fd\u540c\u65f6\u6709\u4e00\u4e2a\u8bbe\u5907\u8fde\u63a5\uff0c\u6240\u4ee5\u5982\u679c\u9700\u8981\u540c\u65f6\u4f7f\u7528\u7684\u8bdd\uff0c\u53ef\u4ee5\u5efa\u7acb\u591a\u4e2a\u5ba2\u6237\u7aef\u6587\u4ef6\u3002<\/p>\n
\u518d\u6dfb\u52a0\u4e00\u4e2a\u5ba2\u6237\u7aef\u7684\u64cd\u4f5c\u65b9\u6cd5\uff1a<\/p>\n
\u505c\u6b62WireGuard<\/h1>\n
wg-quick down wg0\n<\/code><\/pre>\n
\u751f\u6210\u65b0\u7684\u5ba2\u6237\u7aef\u5bc6\u94a5\u5bf9<\/h1>\n
wg genkey | tee client0_privatekey | wg pubkey > client0_publickey\n<\/code><\/pre>\n
\u5728\u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6\u4e2d\u52a0\u5165\u65b0\u7684\u5ba2\u6237\u7aef\u516c\u94a5<\/h1>\n
# AllowedIPs\u91cd\u65b0\u5b9a\u4e49\u4e00\u6bb5\n# \u4e00\u6b21\u6027\u590d\u5236\u7c98\u8d34\uff0c\u4e0d\u8981\u5206\u884c\u6267\u884c\necho "\n[Peer]\n  PublicKey = $(cat client0_publickey)\n  AllowedIPs = 10.0.0.3\/32" >> wg0.conf\n\n\n# \u65b0\u5efa\u4e00\u4e2a\u5ba2\u6237\u7aef\u6587\u4ef6\uff0c\u4f7f\u7528\u65b0\u5ba2\u6237\u7aef\u5bc6\u94a5\u7684\u79c1\u94a5\n# Address\u4e0e\u4e0a\u9762\u7684AllowedIPs\u4fdd\u6301\u4e00\u81f4\n# Endpoint\u548c\u4e4b\u524d\u7684\u4e00\u6837\uff0c\u4e3a\u670d\u52a1\u5668ip\u548c\u8bbe\u7f6e\u597d\u7684ListenPort\n# \u4e00\u6b21\u6027\u590d\u5236\u7c98\u8d34\uff0c\u4e0d\u8981\u5206\u884c\u6267\u884c\necho "\n[Interface]\n  PrivateKey = $(cat client0_privatekey)\n  Address = 10.0.0.3\/24\n  DNS = 8.8.8.8\n  MTU = 1420\n\n[Peer]\n  PublicKey = $(cat server_publickey)\n  Endpoint = 1.2.3.4:50814\n  AllowedIPs = 0.0.0.0\/0, ::0\/0\n  PersistentKeepalive = 25 " > client0.conf\n<\/code><\/pre>\n
\u5df2\u7ecf\u6210\u529f\u521b\u5efa\u540e\uff0c\u542f\u52a8WireGuard<\/h1>\n
wg-quick up wg0\n<\/code><\/pre>\n
\u5bfc\u51fa\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\u65b9\u5f0f\u4f9d\u65e7\u53ef\u4ee5\u91c7\u7528\u4e0a\u9762\u4ecb\u7ecd\u7684\u4e24\u79cd\u65b9\u6cd5\uff0c\u4f8b\u5982\u6b64\u5ba2\u6237\u7aef\u6587\u4ef6\u751f\u6210\u4e8c\u7ef4\u7801\u5c31\u5e94\u8be5\u4e3a<\/h1>\n
qrencode -t ansiutf8 < \/etc\/wireguard\/client0.conf
\u5982\u679c\u8fd8\u9700\u8981\u6dfb\u52a0Peer\uff0c\u540c\u6837\u65b9\u6cd5\u518d\u6b21\u64cd\u4f5c\u5373\u53ef\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u914d\u7f6e\u8fc7\u7a0b\u5b89\u88c5 WireGuardDebain \u7cfb\u7edf\uff1a \u5148\u5b89\u88c5linux-headers apt update  […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"topics":[],"class_list":["post-81","post","type-post","status-publish","format-standard","hentry","category-jc"],"_links":{"self":[{"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":0,"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/tags?post=81"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/www.meblg.com\/index.php\/wp-json\/wp\/v2\/topics?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}