{"id":184,"date":"2018-07-06T13:09:02","date_gmt":"2018-07-06T05:09:02","guid":{"rendered":"http:\/\/www.cloudy.pub\/?p=184"},"modified":"2018-12-10T17:26:42","modified_gmt":"2018-12-10T09:26:42","slug":"centos-7-da-jian-wireguard","status":"publish","type":"post","link":"https:\/\/www.0moon.com\/?p=184","title":{"rendered":"Centos 7\u642d\u5efaWireguard"},"content":{"rendered":"<p><strong>\u51c6\u5907<\/strong><\/p>\n<pre>curl -Lo \/etc\/yum.repos.d\/wireguard.repo https:\/\/copr.fedorainfracloud.org\/coprs\/jdoss\/wireguard\/repo\/epel-7\/jdoss-wireguard-epel-7.repo<\/pre>\n<p><strong>\u5b89\u88c5\u5185\u6838<\/strong><\/p>\n<pre>wget https:\/\/www.cloudy.pub\/down\/files\/kernel\/centos7\/kernel-ml-4.17.3-1.el7.elrepo.x86_64.rpm\r\nwget https:\/\/www.cloudy.pub\/down\/files\/kernel\/centos7\/kernel-ml-devel-4.17.3-1.el7.elrepo.x86_64.rpm\r\nwget https:\/\/www.cloudy.pub\/down\/files\/kernel\/centos7\/kernel-ml-headers-4.17.3-1.el7.elrepo.x86_64.rpm\r\nrpm -ivh kernel-ml-4.17.3-1.el7.elrepo.x86_64.rpm\r\nrpm -ivh kernel-ml-devel-4.17.3-1.el7.elrepo.x86_64.rpm\r\nrpm -ivh kernel-ml-headers-4.17.3-1.el7.elrepo.x86_64.rpm\r\nreboot<\/pre>\n<p><strong>\u5b89\u88c5Wireguard<\/strong><\/p>\n<pre>yum install epel-release\r\nyum install wireguard-dkms wireguard-tools\r\necho \"net.ipv4.ip_forward = 1\" &gt;&gt; \/etc\/sysctl.conf\r\nsysctl -p<\/pre>\n<p><strong>\u914d\u7f6e\u670d\u52a1\u7aef\u76f8\u5173\u53c2\u6570\uff0c\u521b\u5efa\u5e76\u7f16\u8f91\u914d\u7f6e\u670d\u52a1\u7aef\u76f8\u5173\u53c2\u6570<\/strong><\/p>\n<pre><span class=\"line\"><span class=\"attr\">mkdir \/etc\/wireguard\r\ncd \/etc\/wireguard\r\nwg genkey | tee privatekey | wg pubkey &gt; publickey\r\nchmod 777 -R \/etc\/wireguard\r\nvi \/etc\/wireguard\/wg0.conf\r\n\r\n<span class=\"section\">[Interface]<\/span>\r\nPrivateKey<\/span> = &lt;Private Key&gt; #\u6b64\u5904\u4e0d\u662f\u8def\u5f84\uff0c\u76f4\u63a5\u8f93\u5165\u79c1\u94a5\u5185\u5bb9<\/span>\r\n<span class=\"line\"><span class=\"attr\">Address<\/span> = <span class=\"number\">10.200.200<\/span><span class=\"number\">.1<\/span>\/<span class=\"number\">24<\/span><\/span>\r\n<span class=\"line\"><span class=\"attr\">ListenPort<\/span> = <span class=\"number\">56660<\/span><\/span>\r\n<span class=\"line\"><span class=\"attr\">SaveConfig<\/span> = <span class=\"literal\">true<\/span><\/span><\/pre>\n<p><strong>\u542f\u52a8\u670d\u52a1\u7aef<\/strong><\/p>\n<pre><span class=\"line\">wg-quick up wg0\r\nfirewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.200.200.1\/24 masquerade'\r\nfirewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT\r\nfirewall-cmd --reload\r\n<\/span><\/pre>\n<p><strong>\u5c06-WireGuard-\u8bbe\u7f6e\u6210\u5f00\u673a\u542f\u52a8&#8221;&gt;\u5c06 WireGuard \u8bbe\u7f6e\u6210\u5f00\u673a\u542f\u52a8<\/strong><\/p>\n<pre><span class=\"line\">systemctl <span class=\"built_in\">enable<\/span> wg-quick@wg0\r\n\r\n<\/span><\/pre>\n<h3 id=\"\u914d\u7f6e\u5ba2\u6237\u7aef\u76f8\u5173\u53c2\u6570\uff0c\u521b\u5efa\u5e76\u7f16\u8f91-etc-wireguard-wg0-conf-\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a\">\u914d\u7f6e\u5ba2\u6237\u7aef\u76f8\u5173\u53c2\u6570\uff0c\u521b\u5efa\u5e76\u7f16\u8f91\u00a0\/etc\/wireguard\/wg0.conf\u00a0\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a<\/h3>\n<pre><span class=\"line\"><span class=\"section\">[Interface]<\/span><\/span>\r\n<span class=\"line\"><span class=\"attr\">PrivateKey<\/span> = &lt;Private Key&gt;<\/span>\r\n<span class=\"line\"><span class=\"attr\">Address<\/span> = <span class=\"number\">10.200.200<\/span><span class=\"number\">.3<\/span>\/<span class=\"number\">24<\/span><\/span>\r\n<span class=\"line\"><span class=\"attr\">DNS<\/span> = <span class=\"number\">8.8<\/span>.<span class=\"number\">8.8<\/span><\/span>\r\n\r\n<span class=\"line\"><span class=\"section\">[Peer]<\/span><\/span>\r\n<span class=\"line\"><span class=\"attr\">PublicKey<\/span> = xxxxxxxxxx<\/span>\r\n<span class=\"line\"><span class=\"attr\">Endpoint<\/span> = &lt;Server Public IP&gt;:<span class=\"number\">56660<\/span><\/span>\r\n<span class=\"line\"><span class=\"attr\">AllowedIPs<\/span> = <span class=\"number\">0.0<\/span>.<span class=\"number\">0.0<\/span>\/<span class=\"number\">0<\/span><\/span>\r\n\r\n\u5176\u4e2d\u00a0<code>PrivateKey<\/code>\u00a0\u4e5f\u662f\u901a\u8fc7\u547d\u4ee4\u00a0<code>wg genkey &gt; privatekey<\/code>\u00a0\u751f\u6210\uff0c\u00a0<code>Peer<\/code>\u00a0\u7684\u00a0<code>PublicKey<\/code>\u00a0\u586b\u5165\u4e0a\u9762\u670d\u52a1\u7aef\u00a0<code>wg<\/code>\u00a0\u547d\u4ee4\u8fd4\u56de\u7684\u00a0<code>public key<\/code>\uff0c\u00a0<code>Endpoint<\/code>\u00a0\u7684 IP \u8bbe\u7f6e\u4e3a\u670d\u52a1\u7aef\u53ef\u8bbf\u95ee\u7684\u516c\u7f51 IP \u3002<\/pre>\n<h3><\/h3>\n<h3 id=\"\u542f\u52a8\u5ba2\u6237\u7aef-WireGuard\">\u542f\u52a8\u5ba2\u6237\u7aef WireGuard<\/h3>\n<pre><span class=\"line\">wg-quick up wg0\r\nsystemctl enable wg-quick@wg0\r\n<\/span><\/pre>\n<h3 id=\"\u5728\u670d\u52a1\u7aef\u6dfb\u52a0\u5ba2\u6237\u7aef\u4fe1\u606f\">\u5728\u670d\u52a1\u7aef\u6dfb\u52a0\u5ba2\u6237\u7aef\u4fe1\u606f<\/h3>\n<pre><span class=\"line\">\r\nwg <span class=\"built_in\">set<\/span> wg0 peer &lt;Public Key&gt; allowed-ips 10.200.200.3\/32<\/span><\/pre>\n<p><code>Public Key<\/code>\u00a0\u662f\u5ba2\u6237\u7aef\u7684\u516c\u94a5\u3002 \u5982\u679c\u5728\u670d\u52a1\u7aef\u914d\u7f6e\u4fe1\u606f\u91cc\u8bbe\u7f6e\u4e86\u00a0<code>SaveConfig = true<\/code>\u00a0\u90a3\u4e48\u521a\u624d\u6dfb\u52a0\u7684\u5ba2\u6237\u7aef\u53c2\u6570\u4fe1\u606f\u4f1a\u5728\u670d\u52a1\u7aef\u5173\u95ed\u65f6\u81ea\u52a8\u4fdd\u5b58\u5230\u914d\u7f6e\u6587\u4ef6\u4e2d\u3002\u5982\u679c\u60f3\u7acb\u5373\u5b58\u50a8\u521a\u8bbe\u7f6e\u7684\u53c2\u6570\u4e5f\u53ef\u4ee5\u6267\u884c\u547d\u4ee4\u00a0wg-quick save wg0\u00a0\u3002<\/p>\n<p><strong>\u6ce8\uff1a<\/strong><br \/>\n\u80fd\u591f\u63d0\u4f9b\u7c7b\u4f3c TCP keepalive \u7684\u529f\u80fd\uff0c\u5982\u679c\u5ba2\u6237\u7aef\u5728 NAT \u5b50\u7f51\u53ef\u4ee5\u8003\u8651\u5f00\u542f\u8fd9\u4e00\u9009\u9879<br \/>\nWireGuard \u76ee\u524d\u4ec5\u5b9e\u73b0\u4e86 Linux \u5185\u6838\u6a21\u5757\u7248\u672c\uff0c\u6240\u4ee5\u76ee\u524d\u5ba2\u6237\u7aef\u4ec5\u652f\u6301\u90e8\u5206 Linux \u548c Android \u3002<\/p>\n<pre><\/pre>\n<pre><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u51c6\u5907 curl -Lo \/etc\/yum.repos.d\/wireguard.repo https:\/\/cop [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,13],"tags":[60,49],"class_list":["post-184","post","type-post","status-publish","format-standard","hentry","category-linux","category-study","tag-lian-lu-ceng","tag-sui-dao"],"_links":{"self":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=184"}],"version-history":[{"count":32,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions"}],"predecessor-version":[{"id":323,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions\/323"}],"wp:attachment":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}