CentOS8安装WireGuard VPN
系统3年前 (2020-02-01)
WireGuard客户端和服务端基本是平等的,差别只是谁主动连接谁而已,通信双方都会监听一个UDP端口。双方都需要一对密钥,双方都需要把对方的公钥加进来。
谁主动连接,谁就是客户端,其实就是点对点VPN,新版本内核已经加入此VPN。
安装组件
#CentOS 8 dnf install -y epel-release dnf config-manager --set-enabled PowerTools dnf copr enable jdoss/wireguard -y dnf install -y wireguard-dkms wireguard-tools dnf install -y dnf-automatic sed -i 's/apply_updates = no/apply_updates = yes/' /etc/dnf/automatic.conf systemctl enable --now dnf-automatic.timer #CentOS 7 yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo yum install wireguard-dkms wireguard-tools
开启IP转发
vim /etc/sysctl.conf 添加 net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.ip_forward = 1 net.ipv4.tcp_syncookies = 1 执行sysctl -p
创建目录并生成密钥
mkdir /etc/wireguard && cd /etc/wireguard bash -c 'umask 077; touch wg0.conf' wg genkey | tee server_privatekey | wg pubkey > publickey cat publickey cat server_privatekey
配置虚拟网卡
vim /etc/wireguard/wg0.conf 添加 [Interface] Address = 192.168.2.1/24 #虚拟网卡地址 DNS = 8.8.8.8 MTU = 1420 ListenPort = 57000 SaveConfig = true PrivateKey = GBu3qlu1ZbPVF4UZIVh9EmtVp7dB5Pe8gFvubg99H08= #服务器私钥
开启服务
systemctl enable wg-quick@wg0.service systemctl restart wg-quick@wg0.service
#如果CentOS7升级过内核到5.X版本,重启服务会报错RNETLINK answers: Operation not supported Unable to access interface: Protocol not supported是因为缺少内核头
uname -r
提示5.5.0-1.el7.elrepo.x86_64
dkms status
提示wireguard, 0.0.20200128: added
rpm -q kernel-headers
提示package kernel-headers is not installed
modprobe wireguard
提示modprobe: FATAL: Module wireguard not found.
#解决方法
新内核yum -y --enablerepo=elrepo-kernel install kernel-ml-{devel,headers,tools} perf
原内核yum install kernel-headers-$(uname -r) kernel-devel-$( uname -r) -y
reboot后问题解决开启端口
firewall-cmd --zone=public --add-port=57000/udp --permanent firewall-cmd --zone=public --add-masquerade --permanent firewall-cmd --reload firewall-cmd --list-all
Windows客户端配置
#下载客户端 https://www.wireguard.com/install/#windows-7-8-81-10-2012-2016-2019
安装后打开客户端,点击Add Tunnel--Add empty tunnel
复制客户端的公钥
服务端加入客户端
#wg set wg0 peer 客户端公钥 allowed-ips 客户端虚拟网卡地址 wg set wg0 peer t6BcJtl7iFVfbXcVa++Abn0wW1yU0Nn1WI5wdM/fJHc= allowed-ips 192.168.2.2/32
如果要删除
wg set wg0 peer t6BcJtl7iFVfbXcVa++Abn0wW1yU0Nn1WI5wdM/fJHc= remove
添加参数
[Interface] Address = 客户端虚拟网卡地址/32 DNS = 8.8.8.8 PrivateKey = 客户端私钥 [Peer] PublicKey = 服务端公钥 AllowedIPs = 0.0.0.0/0 Endpoint = 服务端外网地址:57000 PersistentKeepalive = 25
测试正常
服务端可以查看到客户端
本站所有文章均可随意转载,转载时请保留原文链接及作者。
,想必也是非常愉悦的事!
