刻盘教程-最好的杀软
2023年4月3日发(作者:divxdecoder dll)
wireguard的安装与配置
centos7安装epel源
cat<
[epel]
name=ExtraPackagesforEnterpriseLinux7-$basearch
baseurl=/epel/7/$basearch
#mirrorlist=/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=ExtraPackagesforEnterpriseLinux7-$basearch-Debug
baseurl=/epel/7/$basearch/debug
#mirrorlist=/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[epel-source]
name=ExtraPackagesforEnterpriseLinux7-$basearch-Source
baseurl=/epel/7/SRPMS
#mirrorlist=/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOF
centos7安装wireguard源
curl-o/etc/.d/tps:///coprs/jdoss/wireguard/repo/epel-7/
centos7安装wireguard
yuminstall-ywireguard-dkmswireguard-tools
如果觉得速度慢,可以先去wireguard源下载rpm包
wget/results/jdoss/wireguard/epel-7-x86_64/02151984-wireguard-dkms/
centos8安装wireguard
yuminstallepel-release;
sed-e's!^metalink=!#metalink=!g'
-e's!^#baseurl=!baseurl=!g'
-e's!///pub!//!g'
-e's!!!g'
-i/etc/.d/;
yumconfig-manager--set-enabledPowerTools;
yumcoprenablejdoss/wireguard;
yuminstallwireguard-dkmswireguard-tools;
wireguard服务端配置
wggenkey|sudotee/etc/wireguard/privatekey|wgpubkey|sudotee/etc/wireguard/publickey;
cat<
[Interface]
#地址只需要写准备分配到本机虚拟地址,服务端和客户端地址都是唯⼀不可冲突的
Address=178.10.10.1/24
SaveConfig=true
#服务端防⽕墙只需要开启⼀个udp端⼝的伪装,并且映射到外⽹
PostUp=firewall-cmd--zone=public--add-port50107/udp&&firewall-cmd--zone=public--add-masquerade
PostDown=firewall-cmd--zone=public--remove-port50107/udp&&firewall-cmd--zone=public--remove-masquerade
#监听上⽅防⽕墙开启的端⼝
ListenPort=50107
#PrivateKey为服务端的私钥
PrivateKey=kADzYhPw3F1XCAolbpHQKyPjZE1VQQeyncL60wbFQlM=
[Peer]
#PublicKey为客户端的公钥
PublicKey=xUh7M1dhWZijlQfZv1bqPAvI8dwCfsdm8RD7NfumqXY=
#服务端allowip不能写服务端外⽹ip段和本机内⽹ip段,只需要写本机想通过vpn组⽹要访问到哪个⽹段,我这⾥服务端只写了虚拟地址段,因为我没有服务端直
接访问客户端内⽹ip段的需求
AllowedIPs=178.10.10.2/32
EOF
第⼀次启动服务⽤restart
systemctlrestartwg-quick@e;
后续更改配置后重启⽤reload
systemctlreloadwg-quick@e;
两端能正常通讯才设置服务开机⾃启动
systemctlenablewg-quick@e;
wireguard客户端配置
wggenkey|sudotee/etc/wireguard/privatekey|wgpubkey|sudotee/etc/wireguard/publickey;
cat<
[Interface]
#PrivateKey为客户端私钥
PrivateKey=CERouQpIqthDNhcSKqS2I/lexMH9z/pImXajg7QLs3E=
#地址只需要写准备分配到本机虚拟地址,服务端和客户端地址都是唯⼀不可冲突的
Address=178.10.10.6/32
#请确定在哪个⽹络接⼝进⾏wireguard通讯,这⾥是eth0
PostUp=iptables-IINPUT-i%i-jACCEPT;iptables-AFORWARD-i%i-jACCEPT;iptables-AFORWARD-o%i-jACCEPT;iptables-tnat-APOSTROU
TING-oeth0-jMASQUERADE
PostDown=iptables-DINPUT-i%i-jACCEPT;iptables-DFORWARD-i%i-jACCEPT;iptables-DFORWARD-o%i-jACCEPT;iptables-tnat-DPOSTR
OUTING-oeth0-jMASQUERADE
[Peer]
#PublicKey是服务端的公钥
PublicKey=yVco0xaLnYtcR1eMjBfRnZ6mmUvmpOSeasS250nLkE4=
#endpoint是服务端外⽹ip+端⼝
Endpoint=:50107
#allowip不能写服务端外⽹ip段和本机内⽹ip段,只需要写本机想通过vpn组⽹要访问到哪个⽹段,我这⾥只写了虚拟地址段和服务端的内⽹ip段,因为我有客户
端访问服务端内⽹ip段的需求
AllowedIPs=178.10.10.0/24,192.168.0.100/24
PersistentKeepalive=10
EOF
第⼀次启动服务⽤restart
systemctlrestartwg-quick@e;
后续更改配置后重启⽤reload
systemctlreloadwg-quick@e;
两端能正常通讯才设置服务开机⾃启动
systemctlenablewg-quick@e;
wireguardmac端配置
#安装brew
/bin/zsh-c"$(curl-fsSL/cunkai/HomebrewCN/raw/master/)"
#安装homebrew-bottle源
echo'exportHOMEBREW_BOTTLE_DOMAIN=/homebrew-bottles'>>~/.zshrc;
source~/.zshrc;
#安装wireguard
brewinstallwiregraurd-tools;
更多推荐
metalink
发布评论