wireguard中继器模式服务端1

[TOC]

1、centos7 下部署wireguard

yum install epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum install yum-plugin-elrepo
yum install kmod-wireguard wireguard-tools

2、wireguard 配置

2.1 创建目录

mkdir -p /etc/wireguard

2.2 创建server端的公私钥

wg genkey | tee privatekey-server | wg pubkey > publickey-server

2.3 创建client端的公私钥

wg genkey | tee privatekey-client | wg pubkey > publickey-client

2.4 查看

3、服务端创建文件

[Interface]
#本机虚拟网卡IP
Address = 10.10.0.1/24
SaveConfig = false
DNS = 8.8.8.8
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
#启动端口
ListenPort = 51820
#服务端私钥
PrivateKey = privatekey-server

[Peer]
#客户端公钥
PublicKey = publickey-client
AllowedIPs = 8.10.0.2/32

4、开启内核转发功能

echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
sysctl -p

5、启动

wg-quick up wg0

1、centos7 下部署wireguard

yum install epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
yum install yum-plugin-elrepo -y
yum install kmod-wireguard wireguard-tools -y

注意:由于更新了内核,需要重启服务器reboot

2、wireguard 配置

2.1 创建目录

mkdir -p /etc/wireguard

2.2 客户端文件配置

[Interface]
#本机虚拟网卡IP
PrivateKey = privatekey-client
ListenPort = 51820
Address = 8.10.0.2/24
DNS = 8.8.8.8

[Peer]
#服务端公钥
PublicKey = publickey-server
AllowedIPs = 0.0.0.0/0
Endpoint = 公网IP:51820
PersistentKeepalive = 25

3、启动

wg-quick up /etc/wireguard/wg0.conf

#其他命令
启动:wg-quick up /etc/wireguard/wg0.conf
停止:ip link delete dev wg0

4、验证