安装#

1
apt install wireguard

常用控制命令：

1
sudo wg-quick up wg0    # 启动
2
sudo wg-quick down wg0  # 停止
3
sudo wg show            # 状态

开启端口转发#

编辑 /etc/sysctl.conf：

1
net.ipv4.ip_forward=1
2
net.ipv6.conf.all.forwarding=1

1
sudo sysctl -p

生成密钥对#

1
cd /etc/wireguard/
2
umask 077
3

4
# 服务端密钥
5
wg genkey | tee privatekey | wg pubkey > publickey
6

7
# 客户端密钥
8
wg genkey > client1.key
9
wg pubkey < client1.key > client1.key.pub

服务端配置#

/etc/wireguard/wg0.conf：

1
[Interface]
2
Address = 10.0.0.1/24
3
SaveConfig = true
4
PrivateKey = <server-private-key>
5
ListenPort = 51820
6

7
[Peer]
8
PublicKey = <client-public-key>
9
AllowedIPs = 10.0.0.2/32,192.168.0.0/24

启动并设置开机自启：

1
sudo systemctl enable wg-quick@wg0
2
sudo wg-quick up wg0

客户端配置#

1
[Interface]
2
PrivateKey = <client-private-key>
3
Address = 10.0.0.2/24
4
DNS = 8.8.8.8
5

6
[Peer]
7
PublicKey = <server-public-key>
8
Endpoint = <server-ip>:51820
9
AllowedIPs = 0.0.0.0/0
10
PersistentKeepalive = 25

iPhone、Windows、Mac 等均可使用相同格式的配置文件导入。