Iptables

今天在hacker news上看到 wireguard macos client 发布了，决定试用一下。 和所有的vpn安装一样，wireguard的安装也是分两步，一是安装vpn server，二是安装 vpn的client。 安装不分先后，配置先配置vpn server，然后再配置client。 服务端 安装wireguard server 服务器为 RHEL 7.6 (Maipo)， 服务端的安装流程: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 #!/bin/bash sudo -i [root@deoops ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.6 (Maipo) [root@deoops ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf [root@deoops ~]# sysctl -p ### install packages [root@deoops ~]# curl -Lo /etc/yum.repos.d/wireguard.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo [root@deoops ~]# yum install -y epel-release wireguard-dkms wireguard-tools [root@deoops ~]# yum install -y epel-release [root@deoops ~]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm [root@deoops ~]# yum update -y [root@deoops ~]# yum install -y epel-release wireguard-dkms wireguard-tools [root@deoops ~]# init 6 配置wireguard server 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ### wireguard server conf [root@deoops ~]# cat wg.conf [Interface] ListenPort = 58855 PrivateKey = private_key [Peer] PublicKey = public_key_one #AllowedIPs = 0.0.0.0/0 AllowedIPs = 10.0.0.7/32 [Peer] PublicKey = public_key_two #AllowedIPs = 0.0.0.0/0 AllowedIPs = 10.0.0.9/32 启动服务端wg0 设备 记得加上iptables设置： ...