Weil Jimmer's BlogWeil Jimmer's Blog


Month:December 2024

Found 1 records. At Page 1 / 1.

[筆記] WireGuard 架設伺服器

No Comments
-
更新於 2024-12-12 22:35:11

前言

最近要搞 Wireguard 才發現要弄這個好麻煩,之前做過的事都忘光光,在這裡留個筆記,下次直接抄。

伺服端

安裝套件

sudo apt install wireguard

生成私鑰

wg genkey | sudo tee /etc/wireguard/private.key
sudo chmod 600 /etc/wireguard/private.key

生成公鑰

sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key

設定允許 IPv4 轉發

修改 `/etc/sysctl.conf`

sysctl net.ipv4.ip_forward=1

建立配置文件

sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey = 伺服端私鑰
Address = 10.6.0.1/24
DNS = 8.8.8.8
ListenPort = 51820

[peer]
PublicKey = 客戶端公鑰
AllowedIPs = 10.6.0.2/32
PersistentKeepalive = 25

對 Server 來說自己的 IP 為 10.6.0.1,客戶端 IP 為 10.6.0.2。

啟動指令

sudo wg-quick up wg0

關閉指令

sudo wg-quick down wg0

開啟端口 51820 的指令

sudo iptables -I INPUT -p udp -m udp --dport 51820 -j ACCEPT

客戶端

配置文件

[Interface]
PrivateKey = 客戶端私鑰
Address = 10.6.0.2/24
DNS = 8.8.8.8

[Peer]
PublicKey = 伺服端公鑰
AllowedIPs = 10.6.0.0/24
Endpoint = domain.net:51820
PersistentKeepalive = 25

對 Client 來說自己的 IP 為 10.6.0.2,伺服端 IP 為 10.6.0.1。並且,10.6.0.0/24 的路由會通過 wg0 的網路介面。

如果要設定全部流量則是把 AllowedIPs 設定成 0.0.0.0/0

By Weil Jimmer

This entry was posted in General, The Internet, Note By Weil Jimmer.

 1 /1 頁)

Visitor Count

pop
nonenonenone

Note

台灣假新聞橫行,沒一家霉體能信的,網軍側翼到處洗風向,堪憂。

政府根本不怕你拿法律當武器,只怕你放下法律拿起武器

支持網路中立性.
Support Net Neutrality.

飽暖思淫欲,
饑寒起盜心。

支持臺灣實施無條件基本收入

歡迎前來本站。

Words Quiz

Search

Music

Blogging Journey

4496days

since our first blog post.

The strong do what they can and the weak suffer what they must.

Privacy is your right and ability to be yourself and express yourself without the fear that someone is looking over your shoulder and that you might be punished for being yourself, whatever that may be.

It is quality rather than quantity that matters.

I WANT Internet Freedom.

Reality made most of people lost their childishness.

Justice,Freedom,Knowledge.

Without music life would be a mistake.

Support/Donate

This site also need a little money to maintain operations, not entirely without any cost in the Internet. Your donations will be the best support and power of the site.
MethodBitcoin Address
bitcoin1gtuwCjjVVrNUHPGvW6nsuWGxSwygUv4x
buymeacoffee
Register in linode via invitation link and stay active for three months.Linode

Support The Zeitgeist Movement

The Zeitgeist Movement

The Lie We Live

The Lie We Live

The Questions We Never Ask

The Questions We Never Ask

Man

Man

THE EMPLOYMENT

Man

In The Fall

In The Fall

Facebook is EATING the Internet

Facebook

Categories

Android (7)

Announcement (4)

Arduino (2)

Bash (2)

C (3)

C# (5)

C++ (1)

Experience (52)

Flash (2)

Free (13)

Functions (36)

Games (13)

General (61)

Git (2)

HTML (7)

Java (13)

JS (7)

Mood (24)

NAS (2)

Note (33)

Office (1)

OpenWrt (6)

PHP (9)

Privacy (4)

Product (12)

Python (4)

Software (11)

The Internet (26)

Tools (16)

VB.NET (8)

WebHosting (7)

Wi-Fi (5)

XML (4)