\u7cfb\u7edf\u4e3adebian bookworm<\/p>\n\n\n\n
1\u65b9\u4fbf\u8d77\u89c1\u5207\u6362\u5230root\u7528\u6237<\/p>\n\n\n\n
2.\u5b89\u88c5WireGuard<\/p>\n\n\n\n 3.\u670d\u52a1\u5668\u9700\u8981\u5f00\u542fipv4\u8f6c\u53d1<\/p>\n\n\n\n 4.\u751f\u6210\u79c1\u94a5\u4e0e\u516c\u94a5,\u9ed8\u8ba4\u7684\u914d\u7f6e\u6587\u4ef6\u5939\u50a8\u5b58\u5728 5.\u751f\u6210\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n \u5047\u8bbeserver<\/mark>\u6709\u516c\u7f51ip223.223.223.223<\/em> <\/mark>\uff0cWireGuard ip\u4e3a172.16.100.1<\/em><\/mark>,client1<\/mark>\u7684WireGuard ip\u4e3a172.16.100.2<\/em><\/mark>\uff0c\u5ba2\u6237\u7aefclient1<\/mark>\u4e0d\u9700\u8981\u6709\u516c\u7f51ip\uff0cWireGuard\u5b50\u7f51\u63a9\u7801255.255.255.0<\/em><\/mark><\/p>\n\n\n\n \u521b\u5efaserver<\/mark>\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n \u5728server<\/mark>\u4e0a\u542f\u52a8WireGuard\u5e76\u8bbe\u7f6e\u5f00\u673a\u81ea\u52a8\u542f\u52a8<\/p>\n\n\n\n \u521b\u5efaclinet1<\/mark>\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n \u53c2\u8003wg1.conf<\/strong>\uff0c\u8bbe\u7f6eWindows,Andriod,IOS\u7cfb\u7edf\u4e0b\u7684WireGuard\u5ba2\u6237\u7aef<\/p>\n\n\n\n \u4e3a\u4e86\u4fdd\u8bc1\u79c1\u94a5\u7684\u5b89\u5168\uff0c\u5c06\u914d\u7f6e\u6587\u4ef6\u548c\u79c1\u94a5\u6587\u4ef6\u5bf9\u666e\u901a\u7528\u6237\u4e0d\u53ef\u8bfb<\/p>\n\n\n\n \u7cfb\u7edf\u4e3adebian bookworm 1\u65b9\u4fbf\u8d77\u89c1\u5207\u6362\u5230root\u7528\u6237 sudo su 2.\u5b89\u88c5WireGuard […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-262","post","type-post","status-publish","format-standard","hentry","category-vpn"],"_links":{"self":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/posts\/262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=262"}],"version-history":[{"count":0,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=\/wp\/v2\/posts\/262\/revisions"}],"wp:attachment":[{"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dailyrenewblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}sudo su<\/code><\/p>\n\n\n\napt update && apt install wireguard wireguard-tools openresolv -y<\/code><\/p>\n\n\n\necho \"net.ipv4.ip_forward = 1\" >> \/etc\/sysctl.conf && sysctl -p \/etc\/sysctl.conf<\/code><\/p>\n\n\n\n\/etc\/wireguard<\/code>\u76ee\u5f55<\/p>\n\n\n\ncd \/etc\/wireguard<\/code><\/p>\n\n\n\n#\u751f\u6210server\u7684\u516c\u94a5\u4e0e\u79c1\u94a5<\/code><\/p>\n\n\n\nwg genkey > server.key && wg pubkey < server.key > server.key.pub<\/code>#\u751f\u6210\u5ba2\u6237\u7aef(client1)\u7684\u516c\u94a5\u4e0e\u79c1\u94a5<\/code><\/p>\n\n\n\nwg genkey > client1.key && wg pubkey < client<\/code>1.key > client<\/code>1.key.pub<\/code><\/p>\n\n\n\n cat << EOF > wg0.conf
\n[Interface]
\nPrivateKey = $(cat server.key)
\nAddress = 172.16.100.1\/24
\nPostUp = iptables -A FORWARD -i wg0 -j ACCEPT;iptables -A FORWARD -o wg0 -j ACCEPT;iptables -t nat -A POSTROUTING -o eth0<\/em> <\/mark> -j MASQUERADE
\n#eth0\u4e3a\u7f51\u5361\u63a5\u53e3
\nPostDown = iptables -D FORWARD -i wg0 -j ACCEPT;iptables -D FORWARD -o wg0 -j ACCEPT;iptables -t nat -D POSTROUTING -o eth0<\/em> <\/mark> -j MASQUERADE
\nListenPort = 2408
\n[Peer] PublicKey = $(cat client1.key.pub)
\nAllowedIPs = 172.16.100.2\/32
\nEOF<\/code><\/p>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\nwg-quick up wg0 && systemctl enable wg-quick@wg0<\/code><\/p>\n\n\n\ncat << EOF > wg1.conf
\n[Interface]
\nPrivateKey = $(cat client1.key)
\nAddress = 172.16.100.2\/24
\nListenPort = 2408
\nDNS = 1.1.1.1,8.8.8.8
\n[Peer] PublicKey = $(cat server.key.pub)
\nAllowedIPs = 0.0.0.0\/0
\nEndpoint =233.233.233.233<\/em><\/mark>:2408
\nPersistentKeepalive = 25
\nEOF<\/code><\/p>\n\n\n\nchmod 600 \/etc\/wireguard\/{server.key,wg0.conf,client1.key,wg1.conf}<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"