# Wireguard VPN

##  Update Linux内核

elrepo源

```
// for centos 7
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
// for centos 8
yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm

```

更新内核

```
    yum -y --enablerepo=elrepo-kernel install kernel-ml
    sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
    grub2-mkconfig -o /boot/grub2/grub.cfg
    reboot
    uname -a
```

## wg0接口配置工具

```
git clone https://github.com/WireGuard/wireguard-tools
cd wireguard-tools/src
make 
make install
```

## 其他配置

开启内核转发，net.ipv4.ip\_forward = 1

{% tabs %}
{% tab title="sysctl.conf" %}

```
net.ipv4.ip_forward = 1

# bbr
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

```

{% endtab %}
{% endtabs %}

ifconfig参看网卡信息，修改ens160

{% tabs %}
{% tab title="wg0.conf" %}

```
[Interface]
PrivateKey = 
Address = 10.0.1.1/24
PostUp   = iptables -I FORWARD -i wg0 -j ACCEPT; iptables -I FORWARD -o wg0 -j ACCEPT; iptables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE
ListenPort = 443
MTU = 1420
[PEER]
PUBLICKEY = 
ALLOWEDIPS = 10.0.1.10/32


```

{% endtab %}
{% endtabs %}

vi /etc/sysconfig/iptables, delete下面一行，允许Forward链数据转发。

```
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
```

### [reference](https://www.wireguard.com/install/)

###