metalink

wireguard的安装与配置

centos7安装epel源

cat</etc/.d/

[epel]

name=ExtraPackagesforEnterpriseLinux7-$basearch

baseurl=/epel/7/$basearch

#mirrorlist=/metalink?repo=epel-7&arch=$basearch

failovermethod=priority

enabled=1

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]

name=ExtraPackagesforEnterpriseLinux7-$basearch-Debug

baseurl=/epel/7/$basearch/debug

#mirrorlist=/metalink?repo=epel-debug-7&arch=$basearch

failovermethod=priority

enabled=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

gpgcheck=1

[epel-source]

name=ExtraPackagesforEnterpriseLinux7-$basearch-Source

baseurl=/epel/7/SRPMS

#mirrorlist=/metalink?repo=epel-source-7&arch=$basearch

failovermethod=priority

enabled=0

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

gpgcheck=1

EOF

centos7安装wireguard源

curl-o/etc/.d/tps:///coprs/jdoss/wireguard/repo/epel-7/

centos7安装wireguard

yuminstall-ywireguard-dkmswireguard-tools

如果觉得速度慢，可以先去wireguard源下载rpm包

wget/results/jdoss/wireguard/epel-7-x86_64/02151984-wireguard-dkms/

centos8安装wireguard

yuminstallepel-release;

sed-e's!^metalink=!#metalink=!g'

-e's!^#baseurl=!baseurl=!g'

-e's!///pub!//!g'

-e's!!!g'

-i/etc/.d/;

yumconfig-manager--set-enabledPowerTools;

yumcoprenablejdoss/wireguard;

yuminstallwireguard-dkmswireguard-tools;

wireguard服务端配置

wggenkey|sudotee/etc/wireguard/privatekey|wgpubkey|sudotee/etc/wireguard/publickey;

cat</etc/wireguard/

[Interface]

#地址只需要写准备分配到本机虚拟地址，服务端和客户端地址都是唯⼀不可冲突的

Address=178.10.10.1/24

SaveConfig=true

#服务端防⽕墙只需要开启⼀个udp端⼝的伪装，并且映射到外⽹

PostUp=firewall-cmd--zone=public--add-port50107/udp&&firewall-cmd--zone=public--add-masquerade

PostDown=firewall-cmd--zone=public--remove-port50107/udp&&firewall-cmd--zone=public--remove-masquerade

#监听上⽅防⽕墙开启的端⼝

ListenPort=50107

#PrivateKey为服务端的私钥

PrivateKey=kADzYhPw3F1XCAolbpHQKyPjZE1VQQeyncL60wbFQlM=

[Peer]

#PublicKey为客户端的公钥

PublicKey=xUh7M1dhWZijlQfZv1bqPAvI8dwCfsdm8RD7NfumqXY=

#服务端allowip不能写服务端外⽹ip段和本机内⽹ip段，只需要写本机想通过vpn组⽹要访问到哪个⽹段，我这⾥服务端只写了虚拟地址段，因为我没有服务端直

接访问客户端内⽹ip段的需求

AllowedIPs=178.10.10.2/32

EOF

第⼀次启动服务⽤restart

systemctlrestartwg-quick@e;

后续更改配置后重启⽤reload

systemctlreloadwg-quick@e;

两端能正常通讯才设置服务开机⾃启动

systemctlenablewg-quick@e;

wireguard客户端配置

wggenkey|sudotee/etc/wireguard/privatekey|wgpubkey|sudotee/etc/wireguard/publickey;

cat</etc/wireguard/

[Interface]

#PrivateKey为客户端私钥

PrivateKey=CERouQpIqthDNhcSKqS2I/lexMH9z/pImXajg7QLs3E=

#地址只需要写准备分配到本机虚拟地址，服务端和客户端地址都是唯⼀不可冲突的

Address=178.10.10.6/32

#请确定在哪个⽹络接⼝进⾏wireguard通讯，这⾥是eth0

PostUp=iptables-IINPUT-i%i-jACCEPT;iptables-AFORWARD-i%i-jACCEPT;iptables-AFORWARD-o%i-jACCEPT;iptables-tnat-APOSTROU

TING-oeth0-jMASQUERADE

PostDown=iptables-DINPUT-i%i-jACCEPT;iptables-DFORWARD-i%i-jACCEPT;iptables-DFORWARD-o%i-jACCEPT;iptables-tnat-DPOSTR

OUTING-oeth0-jMASQUERADE

[Peer]

#PublicKey是服务端的公钥

PublicKey=yVco0xaLnYtcR1eMjBfRnZ6mmUvmpOSeasS250nLkE4=

#endpoint是服务端外⽹ip+端⼝

Endpoint=:50107

#allowip不能写服务端外⽹ip段和本机内⽹ip段，只需要写本机想通过vpn组⽹要访问到哪个⽹段，我这⾥只写了虚拟地址段和服务端的内⽹ip段，因为我有客户

端访问服务端内⽹ip段的需求

AllowedIPs=178.10.10.0/24,192.168.0.100/24

PersistentKeepalive=10

EOF

第⼀次启动服务⽤restart

systemctlrestartwg-quick@e;

后续更改配置后重启⽤reload

systemctlreloadwg-quick@e;

两端能正常通讯才设置服务开机⾃启动

systemctlenablewg-quick@e;

wireguardmac端配置

#安装brew

/bin/zsh-c"$(curl-fsSL/cunkai/HomebrewCN/raw/master/)"

#安装homebrew-bottle源

echo'exportHOMEBREW_BOTTLE_DOMAIN=/homebrew-bottles'>>~/.zshrc;

source~/.zshrc;

#安装wireguard

brewinstallwiregraurd-tools;