• 时间:
  • 分类: 生活

VPS

生成服务端公私钥
apt install wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
编写配置文件
cd /etc/wireguard
vim wg0.conf

[Interface]
PrivateKey = 服务生成的私钥
Address = 10.100.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; 
PostUp = iptables -A FORWARD -o %i -j ACCEPT; 
PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT;
PostDown = iptables -D FORWARD -o %i -j ACCEPT; 
PostDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = 客户端公钥
AllowedIPs = 10.100.0.2/32
PersistentKeepalive = 15

systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0.service
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

iptables转发端口

iptables -t nat -A PREROUTING -p tcp --dport 50022 -j DNAT --to-destination 10.100.0.2:22
iptables -t nat -A POSTROUTING -p tcp -d 10.100.0.2 --dport 22 -j SNAT --to-source 服务器自己公网IP
iptables-save > /etc/iptables/rules.v4

客户端

生成客户端公私钥
apt install wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
编写配置文件
cd /etc/wireguard
vim wg0.conf
[Interface]
PrivateKey = 客户端生成的私钥
Address = 10.100.0.2/24

[Peer]
PublicKey = 服务端公钥
Endpoint = 服务器自己公网IP:51820
AllowedIPs = 10.100.0.0/24
PersistentKeepalive = 15
systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0.service

标签: none

添加新评论