#centos7

yum install epel-release elrepo-release

yum install yum-plugin-elrepo

yum install kmod-wireguard wireguard-tools

cd /etc/wireguard/

umask 077

wg genkey | tee privatekey | wg pubkey > publickey

cat privatekey

tee>>wg0.conf<<-"EOF"
[Interface]
# route dst ip  10.9.9.1/24 to wg0
Address = 10.9.9.1/24
PrivateKey = <server's privatekey>
ListenPort = 51820
PostUp = iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
PostUp = iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
PostUp = iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -s 10.9.9.0/24 -o ens192 -j MASQUERADE
PostDown = iptables -D INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
PostDown = iptables -D FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -s 10.9.9.0/24 -o ens192 -j MASQUERADE
[Peer]
PublicKey = <client's publickey>
# allow  dst ip 10.9.9.9/32
AllowedIPs = 10.9.9.9/32
EOF


wg-quick up /etc/wireguard/wg0.conf
#wg-quick down /etc/wireguard/wg0.conf
wg syncconf wg0 <(wg-quick strip wg0)

wg

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p /etc/sysctl.conf 

systemctl enable wg-quick@wg0.service



https://www.wireguard.com/install/
https://www.wireguard.com/quickstart/
https://www.stavros.io/posts/how-to-configure-wireguard/
https://blog.csdn.net/wq1205750492/article/details/124816246

client config file

[Interface]
Address = 10.9.9.2/24
PrivateKey = <client's privatekey>
ListenPort = 51820
DNS = 192.168.8.1
[Peer]
Endpoint = <server ip>:51820
PublicKey = <server's publickey>
AllowedIPs = 10.9.9.1/24
DNS = 192.168.8.1
最后修改:2022 年 08 月 06 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏