Linux WireGuard VPN 入坑指南 1 编译内核

|

内核编译-占坑-待完善

内核编译-待完成

PPA 模式安装 WireGuard

在线安装 WireGuard

1
2
3
4
5
6
7
root@ubuntu:~# apt-get install software-properties-common
root@ubuntu:~# add-apt-repository ppa:wireguard/wireguard
root@ubuntu:~# apt-get update
root@ubuntu:~# apt install wireguard
root@ubuntu:~# modinfo wireguard   # 查看模块信息
root@ubuntu:~# modprobe wireguard  # 载入模块到内核
root@ubuntu:~# reboot # 可选操作

安装验证

1
2
3
4
5
root@ubuntu:~# lsmod |grep wire
wireguard             221184  0
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             16384  1 wireguard
root@ubuntu:~#

WireGuard 配置生成脚本

gen.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
rm -rf *.conf
SERVER_IP="fly.li-chunli.top"
SERVER_LISTEN=20001

CLIENT_IP_START="192.168.175.100"
CLIENT_IP_NUM=6

IP_START=$(echo $CLIENT_IP_START|awk -F \. '{print $4}')+1
IP_PREFIX=$(echo $CLIENT_IP_START|awk -F \. '{printf "%s.%s.%s", $1, $2, $3}')
IP_END=$(($IP_START+$CLIENT_IP_NUM))

################ GEN KEY S #####################################
server_key=$(wg genkey)
server_pub=$(echo $server_key|wg pubkey)
for ((i=$IP_START; i<$IP_END; i++))
do
    eval "client_key_$i"=$(wg genkey)
    eval "client_pub_$i"=$(eval echo '$'client_key_${i}|wg pubkey)
done

echo "$server_key $server_pub"
for ((i=$IP_START; i<$IP_END; i++))
do
    eval echo '$'client_key_${i} '$'client_pub_${i}
done
################ GEN KEY E #####################################
################ GEN SERVER CONF S #####################################
cat > VPN.conf << EOF
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf; sysctl -p
# wg-quick up ./VPN.conf ;   wg-quick down ./VPN.conf
# /etc/wireguard/VPN.conf;   systemctl   restart wg-quick@VPN

[Interface]
PrivateKey = $server_key
Address    = $CLIENT_IP_START/24
PostUp     = iptables -A FORWARD -i VPN -j ACCEPT; iptables -A FORWARD -o VPN -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown   = iptables -D FORWARD -i VPN -j ACCEPT; iptables -D FORWARD -o VPN -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = $SERVER_LISTEN
MTU = 1420
EOF

for ((i=$IP_START; i<$IP_END; i++))
do
cat >> VPN.conf << EOF

[peer]
PublicKey  = $(eval echo '$'client_pub_${i})
AllowedIPs = $IP_PREFIX.$i/32
EOF
done
################ GEN SERVER CONF E #####################################
################ GEN CLIENT CONF S #####################################
for ((i=$IP_START; i<$IP_END; i++))
do
cat > ${IP_PREFIX}.${i}.conf << EOF
[Interface]
PrivateKey = $(eval echo '$'client_key_${i})
Address = ${IP_PREFIX}.${i}/24
DNS = $CLIENT_IP_START
MTU = 1420

[Peer]
PublicKey = $server_pub
AllowedIPs = 0.0.0.0/0,0.0.0.0/0
Endpoint = $SERVER_IP:$SERVER_LISTEN
PersistentKeepalive = 25
EOF
done
################ GEN CLIENT CONF E #####################################