使用 WireGuard 组建内网

安装 WireGuard 程序

apt update
apt dist-upgrade -y
apt install software-properties-common -y
add-apt-repository ppa:wireguard/wireguard
apt install wireguard -y

生成私钥和公钥

需要在每台机器上都生成一下

cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
cat publickey

网络规划

Peer公网 IP 地址私网 IP 地址
HK1.1.1.110.0.0.1
US1.1.1.210.0.0.2
PL1.1.1.310.0.0.3

配置文件

保存到 /etc/wireguard/wg0.conf

HK

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
ListenPort = 8192
PrivateKey = <HK privatekey>

[Peer]
PublicKey = <US publickey>
AllowedIPs = 10.0.0.2/32
Endpoint = 1.1.1.2:8192
PersistentKeepalive = 10

[Peer]
PublicKey = <PL publickey>
AllowedIPs = 10.0.0.3/32
Endpoint = 1.1.1.3:8192
PersistentKeepalive = 10

US

[Interface]
Address = 10.0.0.2/24
SaveConfig = true
ListenPort = 8192
PrivateKey = <US privatekey>

[Peer]
PublicKey = <HK publickey>
AllowedIPs = 10.0.0.1/32
Endpoint = 1.1.1.1:8192
PersistentKeepalive = 10

[Peer]
PublicKey = <PL publickey>
AllowedIPs = 10.0.0.3/32
Endpoint = 1.1.1.3:8192
PersistentKeepalive = 10

PL

[Interface]
Address = 10.0.0.3/24
SaveConfig = true
ListenPort = 8192
PrivateKey = <PL privatekey>

[Peer]
PublicKey = <HK publickey>
AllowedIPs = 10.0.0.1/32
Endpoint = 1.1.1.1:8192
PersistentKeepalive = 10

[Peer]
PublicKey = <US publickey>
AllowedIPs = 10.0.0.2/32
Endpoint = 1.1.1.2:8192
PersistentKeepalive = 10

启动 WireGuard 程序

在 3 台机器上执行

systemctl start [email protected]
systemctl enable [email protected]

这就组建完毕啦

最后修改:2019 年 12 月 04 日 03 : 01 PM

此处评论已关闭