# WireGuard 安装与使用

📆 2020-13-3 16:56

PS

本文服务端为 Debian,客户端为 Windows 和 IOS

WireGuard 使用 UDP 协议

# 服务端

# 1. 安装

echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/wireguard.list
apt update
apt install wireguard

# 2. 创建公钥1与私钥1

wg genkey | tee privatekey1 | wg pubkey > publickey1

# 3. 创建公钥2与私钥2

wg genkey | tee privatekey2 | wg pubkey > publickey2

# 4. 编写配置

vi /etc/wireguard/wg0.conf
[Interface]
Address = 100.100.100.1/24
PrivateKey = oELNlVMo4JboZEvUBwfnktfDgODSPn1T/oZpiICGfno= # 私钥1
ListenPort = 8888
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -A INPUT -s 100.100.100.0/24 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT; iptables -A INPUT -s 100.100.100.0/24 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = px2h+2n7ljfMQkoFu07hiX+rcklcM6NImenShvcL0Hs= # 公钥2
AllowedIPs = 100.100.100.2/32

[Peer]
PublicKey = AaaaaAaaaaaAAaaAaaaaaAaaaaaaAaAAaaaAaaaAaAAa # 公钥3
AllowedIPs = 100.100.100.3/32

# 5. 启动

wg-quick up wg0

常见问题

查看状态:wg

关闭:wg-quick down wg0

网卡无响应:apt install wireguard-dkms wireguard-tools linux-headers-$(uname -r)

查看 DNS :cat /etc/resolv.conf

开启 IP 转发:

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1 # 添加该行
sysctl -p /etc/sysctl.conf

客户端有发送无返回,服务端有发送有返回:检查防火墙配置,更换 UDP 端口(阿里云有可能封端口)

# Windows 端

# 1. 编写配置

vi /home/my_windows.conf
[Interface]
PrivateKey = 2LiWDPGnJFTE7oP6yG9KzjeMsJBXIyyZnrFH0nhVDmQ= # 私钥2
Address = 100.100.100.2/32
DNS = 8.8.8.8 # Google DNS,可修改

[Peer]
PublicKey = KRrviHDm2WAxAhFIEDaeHI6pLrhnGx9EdI8+0Pd6OXw= # 公钥1
Endpoint = 22.22.22.22:8888 # 服务器公网 IP
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21

# 2. 导入配置开始使用

常见问题

如果 Windows 端可以连接上服务端,但无法上网,可选择下载 TapWindows 除了 WireGuard 客户端,也可选择 TunSafe 客户端

# IOS 端

# 1. 编写配置

vi /home/my_iphone.conf
[Interface]
PrivateKey = AaaaaAaaaaaAAaaAaaaaaAaaaaaaAaAAaaaAaaaAaAAa # 私钥3
Address = 100.100.100.3/32
DNS = 8.8.8.8 # Google DNS,可修改

[Peer]
PublicKey = KRrviHDm2WAxAhFIEDaeHI6pLrhnGx9EdI8+0Pd6OXw= # 公钥1
Endpoint = 22.22.22.22:8888 # 服务器公网 IP
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 21

# 2. 安装 qrencode

apt install qrencode

# 3. 生成配置文件的二维码

qrencode -t ansiutf8 < /home/my_iphone.conf

# 4. 扫码二维码开始使用

最后更新于: 12/12/2021, 8:43:11 PM