Weil Jimmer's BlogWeil Jimmer's Blog


Month:December 2024

Found 1 records. At Page 1 / 1.

[筆記] WireGuard 架設伺服器

2 Comments
-
更新於 2024-12-12 22:35:11

前言

最近要搞 Wireguard 才發現要弄這個好麻煩,之前做過的事都忘光光,在這裡留個筆記,下次直接抄。

伺服端

安裝套件

sudo apt install wireguard

生成私鑰

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod 600 /etc/wireguard/private.key

生成公鑰

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

設定允許 IPv4 轉發

修改 `/etc/sysctl.conf`

sysctl net.ipv4.ip_forward=1

建立配置文件

sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey = 伺服端私鑰
Address = 10.6.0.1/24
DNS = 8.8.8.8
ListenPort = 51820

[peer]
PublicKey = 客戶端公鑰
AllowedIPs = 10.6.0.2/32
PersistentKeepalive = 25

對 Server 來說自己的 IP 為 10.6.0.1,客戶端 IP 為 10.6.0.2。

啟動指令

sudo wg-quick up wg0

關閉指令

sudo wg-quick down wg0

開啟端口 51820 的指令

sudo iptables -I INPUT -p udp -m udp --dport 51820 -j ACCEPT

客戶端

配置文件

[Interface]
PrivateKey = 客戶端私鑰
Address = 10.6.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = 伺服端公鑰
AllowedIPs = 10.6.0.0/24
Endpoint = domain.net:51820
PersistentKeepalive = 25

對 Client 來說自己的 IP 為 10.6.0.2,伺服端 IP 為 10.6.0.1。並且,10.6.0.0/24 的路由會通過 wg0 的網路介面。

如果要設定全部流量則是把 AllowedIPs 設定成 0.0.0.0/0

By Weil Jimmer

This entry was posted in General, The Internet, Note By Weil Jimmer.

 1 /1 頁)

Visitor Count

pop
nonenonenone

Note

不要和愚蠢的人發生爭執。

支持網路中立性.
Support Net Neutrality.

支持臺灣實施
無條件基本收入

歡迎前來本站。

Quotes

我一定會老。

我一定會病。

我一定會死。

人生終須一別。

我們是業的主人。

Search

Music

Life Counter

23141days



Breaths between now and when I die.

Blogging Journey

4616days

since our first blog post.

Words Quiz

Quotes

The strong do what they can and the weak suffer what they must.

Privacy is your right and ability to be yourself and express yourself without the fear that someone is looking over your shoulder and that you might be punished for being yourself, whatever that may be.

It is quality rather than quantity that matters.

I WANT Internet Freedom.

Reality made most of people lost their childishness.

Justice,Freedom,Knowledge.

Without music life would be a mistake.

Support/Donate

This site also need a little money to maintain operations, not entirely without any cost in the Internet. Your donations will be the best support and power of the site.
MethodBitcoin Address
bitcoin1gtuwCjjVVrNUHPGvW6nsuWGxSwygUv4x
buymeacoffee
Register in linode via invitation link and stay active for three months.Linode

Support The Zeitgeist Movement

The Zeitgeist Movement

The Lie We Live

The Lie We Live

The Questions We Never Ask

The Questions We Never Ask

Man

Man

THE EMPLOYMENT

Man

In The Fall

In The Fall

Categories

Android (7)

Announcement (4)

Arduino (2)

Bash (2)

C (3)

C# (5)

C++ (1)

Experience (53)

Flash (2)

Free (13)

Functions (36)

Games (13)

General (62)

Git (3)

HTML (7)

Java (13)

JS (7)

Mood (24)

NAS (2)

Note (33)

Office (1)

OpenWrt (6)

PHP (9)

Privacy (4)

Product (12)

Python (4)

Software (11)

The Internet (26)

Tools (16)

VB.NET (8)

WebHosting (7)

Wi-Fi (5)

XML (4)