Centos 安装 wireguard-深吸氧

一、官网安装wireguard的三种方式

1.a signed module is available as built-in to CentOS’s kernel-plus:

sudo yum install yum-utils epel-release
sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
sudo yum install kernel-plus wireguard-tools
sudo reboot

2.users wishing to stick with the standard kernel may use ELRepo’s pre-built module:

sudo yum install epel-release elrepo-release
sudo yum install yum-plugin-elrepo
sudo yum install kmod-wireguard wireguard-tools

3.users running non-standard kernels may wish to use the DKMS package instead:

sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
sudo yum install wireguard-dkms wireguard-tools

二、配置

#配置网络环境，确保防火墙放行UDP协议 port 51820
sudo firewall-cmd --zone=public --add-port=51820/udp --permanent
sudo firewall-cmd --reload

#开启IP转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

三、生成key

cd /etc/wireguard/
wg genkey | tee server.key | wg pubkey > server.pub
wg genkey | tee client.key | wg pubkey > client.pub
cat server.key && cat server.pub && cat client.key && cat client.pub

四、配置服务端

vi /etc/wireguard/wg0.conf

# Server
[Interface]
PrivateKey = <server.key>
Address = 10.0.77.1/24
ListenPort = 51820
PreUp = 
PostUp =  iptables -t nat -A POSTROUTING -s 10.0.77.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; 
PreDown = 
PostDown =  iptables -t nat -D POSTROUTING -s 10.0.77.0/24 -o eth0 -j MASQUERADE; iptables -D INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; 

# Client: client
[Peer]
PublicKey = <client.pub>
AllowedIPs = 10.0.77.2/32

五、启动服务端

#开机自启
systemctl enable wg-quick@wg0 
#启动wg0
wg-quick up wg0

六、配置客户端

vi /etc/wireguard/wg0.conf

[Interface]
PrivateKey = <client.key>
Address = 10.0.77.2/24
DNS = 114.114.114.114

[Peer]
PublicKey = <server.pub>
AllowedIPs = 10.0.77.0/24
PersistentKeepalive = 25
Endpoint = 服务器端IP:51820

七、启动客户端

systemctl enable wg-quick@wg0 
systemctl start wg-quick@wg0
wg-quick up wg0
wg-quick down wg0

八、检查连接状态

sudo wg show

版权声明 1、本网站名称：深吸氧
2、本站永久网址：https://www.shenxiyang.com/
3、本网站的文章部分内容可能来源于网络，仅供大家学习与参考，如有侵权，请联系站长QQ272505974进行删除处理。
4、本站一切资源不代表本站立场，并不代表本站赞同其观点和对其真实性负责。
5、本站一律禁止以任何方式发布或转载任何违法的相关信息，访客发现请向站长举报
6、本站资源大多存储在云盘，如发现链接失效，请联系我们我们会第一时间更新。

THE END

Linux
# CentOs