Debian12环境安装Wireguard

1.安装 WireGuard ，和辅助库 resolvconf

apt update

apt install wireguard resolvconf -y

2. 打开防火墙转发功能

echo 1 > /proc/sys/net/ipv4/ip_forward

echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.conf

然后使用sysctl -p使其生效。
自启动，使wireguard开机自动启动。
sudo systemctl enable wg-quick@wg0

modprobe wireguard (查看wireguard是否在内核）

如果没有，需要安装headers
First check your installed kernel version as well as kernel header package that matches your kernel version using following commands.

uname -r

apt search linux-headers-$(uname -r)

On Debian, Ubuntu and their derivatives, all kernel header files can be found under /usr/src directory. You can check if the matching kernel headers for your kernel version are already installed on your system using the following command.

ls -l /usr/src/linux-headers-$(uname -r)

Then install

apt update

apt install linux-headers-$(uname -r)

Next, check if the matching kernel headers have been installed on your system using the following command

ls -l /usr/src/linux-headers-$(uname -r)

wg genkey | tee peerkeyser | wg pubkey >> peerkeyser //每执行一次命令生成一对密钥，并保存在peerkey文件中（原先在peerkey中的内容被替换）。

cat peerkey //查看peerkey文件内容，第一行为私钥，第二行为公钥。

vi /etc/wireguard/wg0.conf

复制下面代码到wg0.conf文件中保存并推出
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[Interface]
PrivateKey = #填写服务端私钥
Address = 10.0.0.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
ListenPort = xxxxx #设置监听端口
DNS = 8.8.8.8
MTU = 1500

[Peer]
PublicKey = #客户端公钥1
AllowedIPs = 10.0.0.2/32
[Peer]
PublicKey = #客户端公钥2
AllowedIPs = 10.0.0.3/32
[Peer]
PublicKey = #客户端公钥3
AllowedIPs = 10.0.0.4/32
[Peer]
PublicKey = #客户端公钥4
AllowedIPs = 10.0.0.5/32

4.创建客户端配置文件
复制下面代码到 ../tunsafe/config/wg1.conf。按实际修改”Endpoint =“服务端地址和端口号。
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
[Interface]
PrivateKey = #客户端私钥1
Address = 10.0.0.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = #服务端公钥
Endpoint = xxx.xxx.xxx.xxx:xxxxx #按实际修改服务端地址和端口号
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25

启动wireguard
wg-quick up wg0

关闭wireguard
wg-quick down wg0

显示wg状态
wg