Debian 12 WireGuard - shenhaoyu/AnyGW GitHub Wiki
root@cn3:~# apt-get install wireguard
root@cn3:~# cd /etc/wireguard/
root@cn3:/etc/wireguard# wg genkey | sudo tee /etc/wireguard/private.key
SERVER PRIVATE KEY
root@cn3:/etc/wireguard# sudo chmod go= /etc/wireguard/private.key
root@cn3:/etc/wireguard# sudo cat /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
SERVER PUBLIC KEY
root@cn3:/etc/wireguard# wg genkey | tee client_beta_private.key
CLIENT PRIVATE KEY
root@cn3:/etc/wireguard#
root@cn3:/etc/wireguard# cat client_beta_private.key | wg pubkey | tee client_beta_public.key
CLIENT PUBLIC KEY
root@cn3:/etc/wireguard# cat wg0.conf
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = SERVER PRIVATE KEY
[Peer]
PublicKey = CLIENT PUBLIC KEY
AllowedIPs = 10.0.0.2/32
root@cn3:/etc/wireguard# cat client_beta.conf
[Interface]
PrivateKey = CLIENT PRIVATE KEY
Address = 10.0.0.2/32
[Peer]
PublicKey = SERVICE PUBLIC KEY
Endpoint = cn3.anygw.com:51820
AllowedIPs = 10.0.0.0/24
root@cn3:/etc/wireguard# ufw allow 51820/udp
root@cn3:~# cat /etc/sysctl.conf
...
net.ipv4.ip_forward=1
...
root@cn3:~# sysctl -p
root@cn3:/etc/wireguard# systemctl enable wg-quick@wg0
Created symlink /etc/systemd/system/multi-user.target.wants/[email protected] → /lib/systemd/system/[email protected].
root@cn3:/etc/wireguard#
root@cn3:/etc/wireguard# systemctl start wg-quick@wg0
root@cn3:/etc/wireguard# systemctl status wg-quick@wg0
● [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; preset: enabled)
Active: active (exited) since Mon 2024-12-23 06:05:00 CST; 17s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 3967 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 3967 (code=exited, status=0/SUCCESS)
CPU: 39ms
Dec 23 06:05:00 cn3 systemd[1]: Starting [email protected] - WireGuard via wg-quick(8) for wg0...
Dec 23 06:05:00 cn3 wg-quick[3967]: [#] ip link add wg0 type wireguard
Dec 23 06:05:00 cn3 wg-quick[3967]: [#] wg setconf wg0 /dev/fd/63
Dec 23 06:05:00 cn3 wg-quick[3967]: [#] ip -4 address add 10.0.0.1/24 dev wg0
Dec 23 06:05:00 cn3 wg-quick[3967]: [#] ip link set mtu 1420 up dev wg0
Dec 23 06:05:00 cn3 systemd[1]: Finished [email protected] - WireGuard via wg-quick(8) for wg0.
wg genkey | tee client_beta_private.key
cat client_beta_private.key | wg pubkey | tee client_beta_public.key
or
wg genkey | tee peer2_privatekey | wg pubkey > peer2_publickey
/etc/wireguard/wg0.conf
...
[Peer]
PublicKey = <新客户端的公钥> # 替换为 peer2_publickey 文件中的内容
AllowedIPs = 10.0.0.3/32 # 为新客户端分配一个独立 IP
...
peer2.conf
...
[Interface]
PrivateKey = <新客户端的私钥> # 替换为 peer2_privatekey 文件中的内容
Address = 10.0.0.3/24 # 客户端的 IP 地址
DNS = 8.8.8.8, 1.1.1.1 # 可选的 DNS 配置
[Peer]
PublicKey = <服务器的公钥> # 替换为服务器的公钥
Endpoint = <服务器公网IP>:51820
AllowedIPs = 0.0.0.0/0, ::/0 # 转发所有流量
PersistentKeepalive = 25 # 保持连接
...
wg set wg0 peer <新客户端的公钥> allowed-ips 10.0.0.3/32
wg-quick down wg0
wg-quick up wg0
wg show
Sometime 51820 port is filtred, just change it to 443