banner
Alexeisie

AlexEisie

啊? Email: alexeisie@brs.red
github
Home图文ArchivesEMBYDriveManga

Wireguard Remote Networking

#网络#Linux#编程143
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Setting up a Wireguard VPN server involves configuring the server environment, installing Wireguard, generating server keys, creating a configuration file, and setting up the interface. Clients also need to install Wireguard, generate keys, create a configuration file, and connect to the server. Multiple clients can be added by configuring additional peers. IPv6 support and allocation can also be implemented.

1. Server Environment Configuration#

Enable server-side kernel forwarding

sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
sysctl -p

Install Wireguard program

apt install wireguard

2. Server-side Wireguard Interface Configuration#

Generate server key pair

wg genkey | tee /dev/stderr | wg pubkey

Create a new file ifs0.conf in the /etc/wireguard folder
Wireguard service listens on 10203/udp
Use 192.168.3.0/24 private network for networking
Server assigns 192.168.3.1/32
Client assigns 192.168.3.2/32
Replace eth0 with the actual outbound interface name here
AllowedIPs in Peer is used to match the IP address of inbound traffic, which will be taken over by Wireguard when matched successfully

[Interface]
PrivateKey = Server Private Key
Address = 192.168.3.1/32
PostUp   = iptables -A FORWARD -i ifs0 -j ACCEPT; iptables -A FORWARD -o ifs0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i ifs0 -j ACCEPT; iptables -D FORWARD -o ifs0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 10203

[Peer]
PublicKey =  Client Public Key
AllowedIPs = 192.168.3.2/32

Start the ifs0 configuration of Wireguard and execute the settings in PostUp

wg-quick up ifs0

Close the ifs0 configuration of Wireguard and execute the settings in PostDown

wg-quick down ifs0

3. Client Configuration#

Install Wireguard program

apt install wireguard

Generate client key pair

wg genkey | tee /dev/stderr | wg pubkey

Create a new file ifc0.conf in the /etc/wireguard folder
The client is assigned the IP address 192.168.3.2/32 previously handled by the server
Fill in the server's Wireguard process as the Peer endpoint (assuming the client can access the server via 114.51.41.91)
At this time, AllowedIPs in Peer is used to match the IP address of outbound traffic. When matched successfully, it will be accessed through the tunnel using Wireguard. The example configuration is set to handle all IPv4 traffic, but you can also use 192.168.3.0/24 to handle only network IPv4 traffic.

[Interface]
PrivateKey = Client Private Key
Address = 192.168.3.2/32

[Peer]
PublicKey = Server Public Key
AllowedIPs = 0.0.0.0/0
Endpoint = 114.51.41.91:10203

Start the ifs0 configuration of Wireguard and execute the settings in PostUp

wg-quick up ifs0

Close the ifs0 configuration of Wireguard and execute the settings in PostDown

wg-quick down ifs0

4.1 Multiple Clients (Server Abstracted as Gateway)#

Only need to add multiple Peer matches on the server

[Interface]
###Omitted###

[Peer]
PublicKey =  Client 192.168.3.2 Public Key
AllowedIPs = 192.168.3.2/32

[Peer]
PublicKey =  Client 192.168.3.3 Public Key
AllowedIPs = 192.168.3.3/32

4.2 IPv6 Support/IPv6 Allocation#

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.