很久没用自己的VPS了, 最近临时用下, 才发现早期安装的wireguard已经废了, ipv4的 udp端口已经不行了。
索性就修改下配置,改为了 ipv6的方式。 这里简单记录下关键配置,方便以后复用
注意
每次修改 服务端配置 前
-
先要停掉服务 (
wg-quick down wg0) -
再修改 (
vim /etc/wireguard/wg0.conf) -
最后恢复服务 (
wg-quick up wg0)
密钥生成
wg genkey | tee client_???_privatekey | wg pubkey > client_???_publickey
客户端配置模板
/etc/wireguard/client.conf
[Interface]
PrivateKey = ?????????????
Address = 10.0.0.?/24, 2001:20:2333::?/28
DNS = 8.8.8.8, 2001:4860:4860::8888
[Peer]
PublicKey = b09ncrsip88vyHJFBFuGuNni98xbAAAOlayExmT6ABE=
Endpoint = ?.?.?.?:?
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
服务端配置
/etc/wireguard/wg0.conf
[Interface]
PrivateKey = ???????????????
Address = 10.0.0.1/24, 2001:20:2333::1/28
ListenPort = ?????
MTU = 1420
DNS = 8.8.8.8, 2001:4860:4860::8888
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = ???????????????
AllowedIPs = 10.0.0.2/32, 2001:20:2333::2/28
[Peer]
PublicKey = ???????????????
AllowedIPs = 10.0.0.3/32, 2001:20:2333::3/28
转发配置
vim /etc/sysctl.conf
# net.ipv4.ip_forward=1
# net.ipv6.conf.all.forwarding=1
# 0:不接受路由通告
# 1:当forwarding禁止时接受路由通告
# 2:任何情况下都接受路由通告
# net.ipv6.conf.all.accept_ra=2
sysctl -p
开机启动
systemctl enable wg-quick@wg0
