惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
S
Securelist
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tenable Blog
I
Intezer
G
GRAHAM CLULEY
Spread Privacy
Spread Privacy
T
Tor Project blog
V
Vulnerabilities – Threatpost
NISL@THU
NISL@THU
L
Lohrmann on Cybersecurity
Schneier on Security
Schneier on Security
MyScale Blog
MyScale Blog
The GitHub Blog
The GitHub Blog
S
Security @ Cisco Blogs
The Register - Security
The Register - Security
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
L
LangChain Blog
人人都是产品经理
人人都是产品经理
T
Tailwind CSS Blog
MongoDB | Blog
MongoDB | Blog
小众软件
小众软件
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
U
Unit 42
博客园 - 叶小钗
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
大猫的无限游戏
大猫的无限游戏
Apple Machine Learning Research
Apple Machine Learning Research
H
Hackread – Cybersecurity News, Data Breaches, AI and More
aimingoo的专栏
aimingoo的专栏
T
Troy Hunt's Blog
V
Visual Studio Blog
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
A
Arctic Wolf
T
The Exploit Database - CXSecurity.com
宝玉的分享
宝玉的分享
Vercel News
Vercel News
D
DataBreaches.Net
P
Palo Alto Networks Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC

Lucien's Blog

Webhook 配置备忘 - Lucien's Blog zsh 配置备忘 - Lucien's Blog 从零开始实践大模型 - 模型推理 - Lucien's Blog 从零开始实践大模型 - 配置环境 - Lucien's Blog 从零开始实践大模型 - 安装系统 - Lucien's Blog 自建 Docker 镜像源 - Lucien's Blog 使用 300 元的显卡推理 Qwen1.5-14B - Lucien's Blog 各种 mirror 备忘 - Lucien's Blog ubuntu 扩容逻辑卷 - Lucien's Blog
WireGuard 配置备忘 - Lucien's Blog
博主: Lucien · 2024-03-05 · via Lucien's Blog
  • 发布时间:
  • 3864 次浏览
  • 暂无评论
  • 2062字数
  • 分类: Linux
  1. 首页
  2. 正文  
  3. 分享到:

请注意,本文编写于 832 天前,最后修改于 832 天前,其中某些信息可能已经过时。

本文地址:blog.lucien.ink/archives/545

最近学会了用 WireGuard 来打洞,在此记录一下以备忘。

概述

cd /etc/wireguard
wg genkey > private && chmod 600 private
wg pubkey < private > public && chmod 600 public

将配置文件写在 /etc/wireguard/${name}.conf 中,可全局通过 wg-quick [up/down] ${name} 来进行启停,配置文档详见:Quick Start - WireGuard

如果需要作为常驻服务,更推荐使用 systemctl [enable/disable/start/stop] wg-quick@${name}.service 来进行管理。

懒人脚本

在服务端,我们执行:

#!/usr/bin/env sh
CONFIG_NAME="wg"

SERVER_PRIVATE_KEY="$(cat private)"
SERVER_INTERNAL_IP="192.168.1.2"
SERVER_PORT="10086"

CLIENT_PUBLIC_KEY="this_is_a_public_key_copy_from_your_client"
CLIENT_INTERNAL_IP="192.168.1.3"

cat << EOF > "/etc/wireguard/${CONFIG_NAME}.conf"
[Interface]
PrivateKey = ${SERVER_PRIVATE_KEY}
Address = ${SERVER_INTERNAL_IP}/24
ListenPort = ${SERVER_PORT}

[Peer]
PublicKey = ${CLIENT_PUBLIC_KEY}
AllowedIPs = ${CLIENT_INTERNAL_IP}/24
PersistentKeepalive = 25
EOF

systemctl enable "wg-quick@${CONFIG_NAME}.service"
systemctl start "wg-quick@${CONFIG_NAME}.service"

在客户端,我们执行:

#!/usr/bin/env sh
CONFIG_NAME="wg"

SERVER_PUBLIC_IP="server_public_ip_or_domain"
SERVER_PORT="10086"
SERVER_PUBLIC_KEY="this_is_a_public_key_copy_from_your_server"
SERVER_INTERNAL_IP="192.168.1.2"

CLIENT_PRIVATE_KEY="$(cat private)"
CLIENT_INTERNAL_IP="192.168.1.3"

cat << EOF > "/etc/wireguard/${CONFIG_NAME}.conf"
[Interface]
PrivateKey = ${CLIENT_PRIVATE_KEY}
Address = ${CLIENT_INTERNAL_IP}/24

# aliyun
[Peer]
Endpoint = ${SERVER_PUBLIC_IP}:${SERVER_PORT}
PublicKey = ${SERVER_PUBLIC_KEY}
AllowedIPs = ${SERVER_INTERNAL_IP}/24
PersistentKeepalive = 25
EOF

systemctl enable "wg-quick@${CONFIG_NAME}.service"
systemctl start "wg-quick@${CONFIG_NAME}.service"

Reference

赞赏作者

谢谢老板!

WireGuard 配置备忘

 •