我使用的是 CentOS 7.6 版本,并且安装了测试 Wireguard VPN 服务器。整个安装和配置非常简单,至少根据文档,所以我做了什么,我安装了wireguard-tools、wireguard-dkms和linux-headers
下一步是,我生成了服务器的私钥和公钥,并将服务器的配置写为:
[Interface]
Address = 10.7.0.1/24
ListenPort = 34777
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 10.7.0.2/32
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 10.7.0.3/32
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 10.7.0.4/32
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 10.7.0.5/32
从服务器端,我在防火墙上打开了端口 34777 udp,并设置 sysctl -w net.ipv4.ip_forward(启用转发),因为该服务器应该假设将流量从客户端转发到 VPN 服务器子网中的其他服务器。现在让我们假设这个服务器的公共 IP 是 11.11.11.11/23
在客户端,配置如下所示:
[Interface]
Address = 10.7.0.4/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
AllowedIPs = 10.7.0.1/32,11.11.11.0/23 (for having route to 11.11.11.0/23 subnet) or 0.0.0.0/0 …