Wireguard VPN
基于udp的vpn,代码行最少,已被集成到 linux 5.6 kernel

Update Linux内核

elrepo源
// for centos 7
yum install https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
// for centos 8
yum install https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpm
更新内核
yum -y --enablerepo=elrepo-kernel install kernel-ml
sed -i "s/GRUB_DEFAULT=saved/GRUB_DEFAULT=0/" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
uname -a

wg0接口配置工具

git clone https://github.com/WireGuard/wireguard-tools
cd wireguard-tools/src
make
make install

其他配置

开启内核转发,net.ipv4.ip_forward = 1
sysctl.conf
net.ipv4.ip_forward = 1
# bbr
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
ifconfig参看网卡信息,修改ens160
wg0.conf
[Interface]
PrivateKey =
Address = 10.0.1.1/24
PostUp = iptables -I FORWARD -i wg0 -j ACCEPT; iptables -I FORWARD -o wg0 -j ACCEPT; iptables -t nat -I POSTROUTING -o ens160 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens160 -j MASQUERADE
ListenPort = 443
MTU = 1420
[PEER]
PUBLICKEY =
ALLOWEDIPS = 10.0.1.10/32
vi /etc/sysconfig/iptables, delete下面一行,允许Forward链数据转发。
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

reference

Copy link
On this page
Update Linux内核
wg0接口配置工具
其他配置
reference