Wireguard VPN
基于udp的vpn,代码行最少,已被集成到 linux 5.6 kernel

Update Linux内核

elrepo源
1
// for centos 7
2
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
3
// for centos 8
4
yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
5
Copied!
更新内核
1
yum -y --enablerepo=elrepo-kernel install kernel-ml
2
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
3
grub2-mkconfig -o /boot/grub2/grub.cfg
4
reboot
5
uname -a
Copied!

wg0接口配置工具

1
git clone https://github.com/WireGuard/wireguard-tools
2
cd wireguard-tools/src
3
make
4
make install
Copied!

其他配置

开启内核转发,net.ipv4.ip_forward = 1
sysctl.conf
1
net.ipv4.ip_forward = 1
2
3
# bbr
4
net.core.default_qdisc=fq
5
net.ipv4.tcp_congestion_control=bbr
6
Copied!
ifconfig参看网卡信息,修改ens160
wg0.conf
1
[Interface]
2
PrivateKey =
3
Address = 10.0.1.1/24
4
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT; iptables -I FORWARD -o wg0 -j ACCEPT; iptables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
5
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE
6
ListenPort = 443
7
MTU = 1420
8
[PEER]
9
PUBLICKEY =
10
ALLOWEDIPS = 10.0.1.10/32
11
12
Copied!
vi /etc/sysconfig/iptables, delete下面一行,允许Forward链数据转发。
1
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
Copied!

reference

Last modified 1yr ago