russel053/ 26 3 月, 2020/ 網路服務

建立 LXC 並在第一個畫面取消勾選非特權

apt update && apt upgrade -y && apt-get install libmnl-dev libelf-dev build-essential pkg-config

開啟 TUN/TAP >>> 點我前往

並建立開機自啟動後配置轉發服務:

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p

建立Golang環境並編譯 Wireguard-Go 模組:

wget -O /tmp/golang.tar.gz https://dl.google.com/go/go1.12.4.linux-amd64.tar.gz
tar -C /usr/local -xvzf /tmp/golang.tar.gz
export PATH=$PATH:/usr/local/go/bin
mkdir -p /tmp/gobuild/ && cd /tmp/gobuild/
git clone https://git.zx2c4.com/wireguard-go
cd wireguard-go
export GOPATH="/tmp/gobuild/"
go build -v -o "wireguard-go"
cp wireguard-go /usr/sbin/wireguard-go

安裝 Wireguard 工具:

mkdir -p /tmp/build/ && cd /tmp/build/
git clone https://git.zx2c4.com/WireGuard
cd WireGuard/src/tools
make && make install

執行:

export WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
wireguard-go wg

建立目錄:

mkdir -p /etc/wireguard/ && cd /etc/wireguard/

生成 WG Key

cd /etc/wireguard
wg genkey | tee sprivatekey | wg pubkey > spublickey
wg genkey | tee cprivatekey | wg pubkey > cpublickey

建立 Server 端設置:

echo "[Interface]
PrivateKey = $(cat sprivatekey)
Address = 10.0.100.1/24 
PostUp   = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
ListenPort = 6666
MTU = 1420

[Peer]
PublicKey = $(cat cpublickey)
AllowedIPs = 10.0.100.2/32" | sed '/^#/d;/^\s*$/d' > wg0.conf

建立用戶端設置:

echo "[Interface]
PrivateKey = $(cat cprivatekey)
Address = 10.0.100.2/24
DNS = 8.8.8.8
MTU = 1420

[Peer]
PublicKey = $(cat spublickey)
Endpoint = 你的服務IP:6666
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 30" | sed '/^#/d;/^\s*$/d' > wg-client.conf

啟用服務:

wg-quick up wg0

會大概像這樣:

選配:產生 QR code 供用戶端使用:

apt install qrencode
qrencode -t ansiutf8 < wg-client.conf

建立開機自啟動:

systemctl enable [email protected]

清理辣雞:

rm -rf /tmp/gobuild/
rm -rf /tmp/build/
rm -f /tmp/golang.tar.gz

<注意:GW Port轉發需要開啟 TCP/UDP,只開TCP不會通>

部分參考來源: 極光星空

Share this Post