Skip to content

Latest commit

 

History

History
98 lines (68 loc) · 2.71 KB

1.wireguard learning 0.md

File metadata and controls

98 lines (68 loc) · 2.71 KB

0. See:

1. Side by Side Video

跟着视频操作,最后结果:

root@wg0:~# wg
interface: wg0
  public key: 2uAd5N2zQCxllbXacQgHrywQ07HRuqKoZVyquE1D/UI=
  private key: (hidden)
  listening port: 34194

peer: KT2JTsPWhTtgHORx+97EBF+hdvAMUWIFSvDUXqxD5kw=
  endpoint: 192.168.2.113:54971
  allowed ips: 10.0.0.2/32
  latest handshake: 1 hour, 14 minutes, 34 seconds ago
  transfer: 1.80 KiB received, 1.75 KiB sent
root@wg0:~#


root@wg1:~# wg
interface: wg0
  public key: KT2JTsPWhTtgHORx+97EBF+hdvAMUWIFSvDUXqxD5kw=
  private key: (hidden)
  listening port: 54971

peer: 2uAd5N2zQCxllbXacQgHrywQ07HRuqKoZVyquE1D/UI=
  endpoint: 192.168.2.111:34194
  allowed ips: 10.0.0.1/32
  latest handshake: 1 hour, 15 minutes, 21 seconds ago
  transfer: 1.75 KiB received, 1.80 KiB sent
root@wg1:~#

非常顺利!

2. Command-line Interface

A new interface can be added via ip-link(8), which should automatically handle module loading:

# ip link add dev wg0 type wireguard

(Non-Linux users will instead write wireguard-go wg0.)

An IP address and peer can be assigned with ifconfig(8) or ip-address(8)

# ip address add dev wg0 192.168.2.1/24

Or, if there are only two peers total, something like this might be more desirable:

# ip address add dev wg0 192.168.2.1 peer 192.168.2.2

The interface can be configured with keys and peer endpoints with the included wg(8) utility:

# wg setconf wg0 myconfig.conf

or

# wg set wg0 listen-port 51820 private-key /path/to/private-key peer ABCDEF... allowed-ips 192.168.88.0/24 endpoint 209.202.254.14:8172

Finally, the interface can then be activated with ifconfig(8) or ip-link(8):

# ip link set up dev wg0

There are also the wg show and wg showconf commands, for viewing the current configuration. Calling wg with no arguments defaults to calling wg show on all WireGuard interfaces.

wg(8) tool

Consult the man page of wg(8) for more information.

Much of the routine bring-up and tear-down dance of wg(8) and ip(8) can be automated by the included wg-quick(8) tool:

wg-quick(8) tool

3. Key Generation

WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:

$ umask 077
$ wg genkey > privatekey

This will create privatekey on stdout containing a new private key.

You can then derive your public key from your private key:

$ wg pubkey < privatekey > publickey

This will read privatekey from stdin and write the corresponding public key to publickey on stdout.

Of course, you can do this all at once:

$ wg genkey | tee privatekey | wg pubkey > publickey