1.什麼是 Wireguard
WireGuard是由Jason A. Donenfeld開發的開放原始碼VPN程式及協定,基於Linux核心實現,利用Curve25519進行金鑰交換,ChaCha20用於加密,Poly1305用於資料認證,BLAKE2用於雜湊函式運算,支援 IPv4和IPv6的第3層,並且可以封裝v4-in-v6,反之亦然。WireGuard旨在獲得比IPsec和OpenVPN更好的效能。 by Wikipedia
2.系統配置:
CPU: 1 Core
RAM: 1 GB
SSD: 10 GB
OS: Debian 10
3.伺服器端與客戶端共同需要安裝 Wireguard 請先使用以下指令加入更新源
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' > /etc/apt/preferences.d/limit-unstable
4.接著開始更新並且安裝 Wireguard
apt update
apt install wireguard-dkms wireguard-tools resolvconf
5.安裝完成後,切換到 /etc/wireguard/ 並輸入以下指令用來產生 Private Key 與 Public Key
cd /etc/wireguard/
umask 077
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey
6.開啟 IP Forwording 功能
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "[Interface]
PrivateKey = $(cat server_privatekey)
Address = 100.64.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 443
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $(cat client_publickey)
AllowedIPs = 100.64.0.2/32 " > wg0.conf
echo "[Interface]
PrivateKey = $(cat client_privatekey)
Address = 100.64.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = $(cat server_publickey)
Endpoint = your_server_ip:443
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25 " > client.conf
9.設定開機自動執行
systemctl enable wg-quick@wg0
10.立即測試是否可通
wg-quick up wg0
ping 100.64.0.1
ping 100.64.0.2
11.斷開 Wireguard
wg-quick down wg0
12.參考資料來源:
https://zh.wikipedia.org/wiki/WireGuard
https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-debian/
https://www.logcg.com/zh-tw/archives/3197.html
本文来自投稿,不代表本站立场,如若转载,请注明出处: