New out of a lot of people want to try Wireguard,Here VPN over the wall in the end it is appropriate for us to discuss not,Let's look at how fast service from a wireguard on vps。Many people have heard of this service particularly complex to configure,So discouraged,Actually quite simple。
The environment
Here I use the latest ubuntu 18.04.2 To configure,First you have to have a vps,After the best as I created After purchasing a VPS you should spare security measuresConfiguring credentials in ssh access。
installation
wireguard is promising to provide installation package ubuntu,But not integrated in the official source in,So we have to add their own ppa,Then install。
|
1 2 3 4 5 |
add-apt-repository ppa:wireguard/wireguard apt upgrade apt install wireguard resolvconf -y |
Configuration
Enter the configuration directory cd /etc/wireguard ,Execute the following two commands to generate a key pair:
|
1 2 |
wg genkey | tee server_privatekey | wg pubkey > server_publickey wg genkey | tee client_privatekey | wg pubkey > client_publickey |
Open traffic forwarding:
|
1 2 3 |
echo 1 > /proc/sys/net/ipv4/ip_forward echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p |
If you want to add the boot,Then:
|
1 |
systemctl enable wg-quick@wg0 |
use ifconfig Commands to view your card information,Found that the use of external network card,If you have multiple,To choose one,Wireguard used to monitor service。
The results you get are as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 128.199.152.999 netmask 255.255.192.0 broadcast 128.199.191.255 inet6 fe80::bc10:f7ff:feb7:226b prefixlen 64 scopeid 0x20<link> ether be:10:f7:b7:22:6b txqueuelen 1000 (Ethernet) RX packets 23440 bytes 56095614 (56.0 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9140 bytes 714939 (714.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 166 bytes 13998 (13.9 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 166 bytes 13998 (13.9 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
For example, here's an example,Obviously the name of the card is eth0 ,To remember this,One would use to write configuration。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
echo " [Interface] PrivateKey = $(cat server_privatekey) Address = 10.0.0.1/24 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ListenPort = 443 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat client_publickey) AllowedIPs = 10.0.0.2/32 " > wg0.conf |
Directly generate configuration,You can also manually write,But you need to read their own key to the,Note name,Make no mistake。Also highlighted in two block rows,Before we look at the card name,We should write in here,If your card is not eth0 ,Then replace your own manual。
Taking into account all the key pair on the server,Here again the way we generate client configuration:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
echo " [Interface] PrivateKey = $(cat client_privatekey) Address = 10.0.0.2/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat server_publickey) Endpoint = 128.199.152.999:443 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 " > client.conf |
Note the highlighted lines,The Remote IP into your server's IP。
start up
At this point,Configuration complete!
|
1 2 3 4 5 6 7 8 |
# 启动WireGuard wg-quick up wg0 # 停止WireGuard wg-quick down wg0 # 查看WireGuard运行状态 wg |
It's that simple -
Multi-user
First stop service by-quick down wg0
Then generate a new user key pair:
|
1 |
wg genkey | tee client0_privatekey | wg pubkey > client0_publickey |
Then add in the server configuration,Note that this is a command,Do not perform Branch:
|
1 2 3 4 |
echo " [Peer] PublicKey = $(cat client0_publickey) AllowedIPs = 10.0.0.3/32" >> wg0.conf |
Note the highlighted lines,The IP network segment to write different,Each "Peer" with a ip,Such as used above is 10.0.0.2,Here with 10.0.0.3,If you need more users,Then so。
Create a client configuration file,And here is the same as above,Just a note with a new key pair,This is also a command,Do not perform Branch:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
echo " [Interface] PrivateKey = $(cat client0_privatekey) Address = 10.0.0.3/24 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat server_publickey) Endpoint = 1.2.3.4:443 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25 " > client0.conf |
Then start the service: by-quick up wg0
References:
A high-speed、Safety、canIP is the resurrection of the wallThe VPN - WireGuard server tutorial manual
WIREGUARD toss to build and use a small mind
Original article written by LogStudio:R0uter's Blog » Ubuntu ultra-fast server deployment wireguard
Reproduced Please keep the source and description link:https://www.logcg.com/archives/3197.html
Very good article like