wireguard入门
本机部署
摆货摆货这小东西
配置
1
2
3
4
| # /etc/sysctl.conf
net.ipv4.ip_forward = 1
# 更新
sysctl -p
|
生成密钥对
1
| wg genkey | tee server_privatekey | wg pubkey > server_publickey
|
带公网的
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# Note: Do not edit this file directly.
# Your changes will be overwritten!
# Server
[Interface]
PrivateKey = WFmgkokEDrHvuWVloTYZoxrCQMJhoDLS/Fd0s45Kuk8=
Address = 10.8.0.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -w -j ACCEPT; iptables -A FORWARD -o wg0 -w -j ACCEPT; iptables -t nat -w -A POSTROUTING -o eth0:1 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -w -j ACCEPT; iptables -D FORWARD -o wg0 -w -j ACCEPT; iptables -t nat -w -D POSTROUTING -o eth0:1 -j MASQUERADE
# Client: 02 (d431a095-f626-4d76-aadb-839431972424)
[Peer]
PublicKey = WVwXv5+KF9OTiO43poAjrEZNbKWoZ80L0/Ocs1SjzHY=
PresharedKey = 0SlqmDcVXTH+H+uJPlKaENJdQC6HC6c+M6OM/J8Tyg8=
AllowedIPs = 10.8.0.2/32
# Client: vm (8d1c1e5d-af34-4ceb-b5b7-a113d546650f)
[Peer]
PublicKey = VtyIRwzA00PH/otRp37jxdgKEI+IjcAQmB3V5ia6fV8=
PresharedKey = c9UxBaJexVAbK/SURcVPIE1q+nLRh2KWB7OTDqzrvVs=
AllowedIPs = 10.8.0.3/32
# Client: 嘟嘟可丶 (e707ce20-fd24-409f-820d-2ca04154bc14)
[Peer]
PublicKey = muL+tdMkxhQwXSdQUzzYXunqFkwJuyxVgOKBxHKGp0w=
PresharedKey = kCGe73ajPoaMFx80kezwOndI6hVBowP8s0sEeOEy1i8=
AllowedIPs = 10.8.0.4/32
# Client: 随便起一个就行 (1b572976-6bb3-4df1-8b0f-af36a7998fd1)
[Peer]
PublicKey = bH0IfPIP/K9HXAqxeDDOODRC7szO5hJjKWnJ6+5koEg=
PresharedKey = JLjVpnyFxh5nMbK5eM+ZcUJmkaAlaZvMJrSgEZXl2sA=
AllowedIPs = 10.8.0.5/32
|
不带公网的
1
2
3
4
5
6
7
8
9
10
11
12
13
| [Interface]
PrivateKey = KDDZ2N1HY3F7sP85K6uULl3mzuiFUl7h8UllzVFRElY=
Address = 10.8.0.2/24
DNS = 114.114.114.114
#PostUp = iptables -A FORWARD -i wg0 -w -j ACCEPT; iptables -A FORWARD -o wg0 -w -j ACCEPT; iptables -t nat -w -A POSTROUTING -o ens33 -j MASQUERADE
#PostDown = iptables -D FORWARD -i wg0 -w -j ACCEPT; iptables -D FORWARD -o wg0 -w -j ACCEPT; iptables -t nat -w -D POSTROUTING -o ens33 -j MASQUERADE
[Peer]
PublicKey = FT+Z4CX9DP2BnxfGibDmt7mXDIcM48JSnq19mSWuNU4=
PresharedKey = c9UxBaJexVAbK/SURcVPIE1q+nLRh2KWB7OTDqzrvVs=
AllowedIPs = 10.8.0.1/24
PersistentKeepalive = 25
Endpoint = 114.115.168.220:49232
|
自启动
1
2
3
4
5
6
| systemctl enable wg-quick@wg0
systemctl stop wg-quick@wg0
systemctl start wg-quick@wg0 # wg0代表wg0.conf文件
# 关闭自启动
systemctl disable wg-quick@wg0
|
这逼东西折磨我一晚上我可真是废物
以后长记性,文档写的额外配置别动,哪怕是你赋的默认值,就离谱,我也不知道为什么
使用
wireguard,一款v…,不对,内网穿透软件(😀笑)
这只是2022/12/26可以跑的,一切以dockerhub为准,下次安装去官网看老朋友文档
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| docker run -d \
--name=wg-easy \
-e WG_HOST=sdadgz.cn \
-e PASSWORD=123456 \
-e WG_DEFAULT_ADDRESS=10.0.8.X \
-e WG_DEFAULT_DNS=114.114.114.114 \
-e WG_ALLOWED_IPS=10.0.8.0/24 \
-e WG_PERSISTENT_KEEPALIVE=25 \
-v /root/wg-esay/config:/etc/wireguard \
-p 37:51820/udp \
-p 38:51821/tcp \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--restart unless-stopped \
weejewel/wg-easy
# 都揉一行里
docker run -d --name=wg-esay -e WG_HOST=49.232.139.28 -e PASSWORD=123456 -e WG_PERSISTENT_KEEPALIVE=25 -v /root/wg-easy:/etc/wireguard -p 37:51820/udp -p 38:51821/tcp --cap-add=NET_ADMIN --cap-add=SYS_MODULE --sysctl="net.ipv4.conf.all.src_valid_mark=1" --sysctl="net.ipv4.ip_forward=1" weejewel/wg-easy
|
问题
/usr/bin/wg-quick: line 32: resolvconf: command not found