Wireguard:wireguard on LXC (標準版本安裝)

首先先在 PVE HOST 內執行:

apt install wireguard

然後重開機生效:

reboot

載入模塊:

modprobe wireguard

設定開機自動載入:

echo "wireguard" >> /etc/modules-load.d/modules.conf

---

建立 LXC 並在第一個畫面取消勾選非特權

apt update && apt upgrade -y && apt install wireguard

開啟 TUN/TAP >>> 點我前往

並建立開機自啟動後配置轉發服務:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p

生成 WG Key

cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey

建立 Server 端設置:

echo "[Interface]
PrivateKey = $(cat sprivatekey)
Address = 10.0.100.1/24 
PostUp   = iptables -t nat -A POSTROUTING -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -j MASQUERADE
ListenPort = 6666
MTU = 1420

[Peer]
PublicKey = $(cat cpublickey)
AllowedIPs = 10.0.100.2/32"    | sed '/^#/d;/^\s*$/d' > wg0.conf

建立用戶端設置:

echo "[Interface]
PrivateKey = $(cat cprivatekey)
Address = 10.0.100.2/24
DNS = 8.8.8.8
MTU = 1420

[Peer]
PublicKey = $(cat spublickey)
Endpoint = 你的服務IP:6666
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 30" | sed '/^#/d;/^\s*$/d' > wg-client.conf

啟用服務:

wg-quick up wg0

會大概像這樣:

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.100.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -t nat -A POSTROUTING -j MASQUERADE

選配:產生 QR code 供用戶端使用:

apt install qrencode
qrencode -t ansiutf8 < wg-client.conf

建立開機自啟動:

systemctl enable wg-quick@wg0

<注意:GW Port轉發需要開啟 TCP/UDP，只開TCP不會通>

---

Docker 須先在 Kernel上安裝好模組並啟用之後，右轉這 2 篇教學 >>> 點我前往1  點我前往2(推薦使用)

---

遇到 /usr/bin/wg-quick: line 31: resolvconf: command not found 錯誤解決方法:

ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf