伺服器端
安裝 Wireguard
sudo apt-get install -y wireguard
產生Server端的公私鑰,以下指令會存在 /etc/wireguard
底下
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
接著建立用戶的公私鑰,這邊會把檔案放在 /etc/wireguard/clients
底下
sudo mkdir -p /etc/wireguard/clients
wg genkey | sudo tee /etc/wireguard/clients/client1.privatekey | wg pubkey | sudo tee /etc/wireguard/clients/client1.publickey
配置Server文件,在 /etc/wireguard
底下新增 wg0.conf
(名字可以改自己喜歡的)
[Interface]
PrivateKey = SERVER_PRIVATE_KEY #上面產生Server的private key
ListenPort = 51820
SaveConfig = false
Address = [IPv6_Prefix]::1/48
[Peer]
PublicKey = CLIENT_PUBLIC_KEY #用戶端的public key
AllowedIPs = [IPv6_Prefix]::1234/128
重啟 Wireguard Server
sudo wg-quick up wg0 #讓wg0上線
sudo wg-quick down wg0 #讓wg0下線
設定轉發
我們需要將從客戶端的流量轉發出去。
編輯 /etc/sysctl.conf
,在最後新增以下內容:
net.ipv4.conf.all.forwarding = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 1
net.ipv6.conf.all.accept_ra = 2
完成套用新設定
sudo sysctl -p
用戶端
文件配置如下:
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY #用戶端私鑰
Address = [IPv6_Prefix]::1234/128
DNS = 2001:4860:4860::8888, 2001:4860:4860::8844 #給用戶的DNS,這裡是Google的
[Peer]
PublicKey = SERVER_PUBLIC_KEY #Server端公鑰
AllowedIPs = ::/1、8000::/1
Endpoint = SERVER_IP_ADDRESS:51820