如何在 Debian 12 上安装 WireGuard

Linux命令 Edge插件网 1年前 (2023-10-14) 790次浏览 已收录 0个评论

在日益关注在线安全和隐私的时代,建立虚拟专用网络(VPN)已成为最重要的需求。WireGuard 是一种现代且高效的 VPN 协议,为互联网上的安全通信提供了简化的解决方案。

如何在 Debian 12 上安装 WireGuard

在 Debian 12 书虫上安装 WireGuard

第 1 步。在我们安装任何软件之前,通过在终端中运行以下命令来确保您的系统是最新的非常重要:apt

<span class="pln">sudo apt update
sudo apt upgrade</span>

此命令将刷新存储库,允许您安装最新版本的软件包。

第 2 步。安装依赖项。

可以使用以下命令安装这些依赖项:

<span class="pln">sudo apt install linux</span><span class="pun">-</span><span class="pln">headers</span><span class="pun">-</span><span class="pln">$</span><span class="pun">(</span><span class="pln">uname </span><span class="pun">-</span><span class="pln">r</span><span class="pun">)</span><span class="pln"> wget</span>

第 3 步。在 Debian 12 上安装 WireGuard。

WireGuard 不包含在默认的 Debian 12 存储库中。我们需要添加 WireGuard 存储库来访问所需的包:

<span class="pln">sudo </span><span class="kwd">add</span><span class="pun">-</span><span class="pln">apt</span><span class="pun">-</span><span class="pln">repository ppa</span><span class="pun">:</span><span class="pln">wireguard</span><span class="pun">/</span><span class="pln">wireguard</span>

现在我们已经添加了存储库,请更新包列表以包含 WireGuard:

<span class="pln">sudo apt update</span>

让我们安装 WireGuard 并加载内核模块:

<span class="pln">sudo apt install wireguard
sudo modprobe wireguard</span>

要验证是否正确安装了 WireGuard,让我们检查模块的状态并确保 WireGuard 工具可用:

<span class="com"># Verify the WireGuard module is loaded</span><span class="pln">
lsmod </span><span class="pun">|</span><span class="pln"> grep wireguard

</span><span class="com"># Check if WireGuard tools are installed</span><span class="pln">
wg </span><span class="pun">--</span><span class="pln">version</span>

第 4 步。配置线卫

安装WireGuard后,让我们逐步配置它。

  1. 生成密钥对

WireGuard 使用密钥对进行加密和身份验证。我们需要为服务器和客户端生成密钥对:

服务器密钥对:

<span class="com"># Generate the server's private key</span><span class="pln">
wg genkey </span><span class="pun">></span><span class="pln"> server</span><span class="pun">-</span><span class="kwd">private</span><span class="pun">.</span><span class="pln">key

</span><span class="com"># Derive the server's public key from the private key</span><span class="pln">
wg pubkey </span><span class="pun"><</span><span class="pln"> server</span><span class="pun">-</span><span class="kwd">private</span><span class="pun">.</span><span class="pln">key </span><span class="pun">></span><span class="pln"> server</span><span class="pun">-</span><span class="kwd">public</span><span class="pun">.</span><span class="pln">key</span>

客户端密钥对:

<span class="com"># Generate the client's private key</span><span class="pln">
wg genkey </span><span class="pun">></span><span class="pln"> client</span><span class="pun">-</span><span class="kwd">private</span><span class="pun">.</span><span class="pln">key

</span><span class="com"># Derive the client's public key from the private key</span><span class="pln">
wg pubkey </span><span class="pun"><</span><span class="pln"> client</span><span class="pun">-</span><span class="kwd">private</span><span class="pun">.</span><span class="pln">key </span><span class="pun">></span><span class="pln"> client</span><span class="pun">-</span><span class="kwd">public</span><span class="pun">.</span><span class="pln">key</span>
  1. 配置服务器

为 WireGuard 服务器创建配置文件。替换为服务器的公共 IP 地址:<server_ip>

<span class="pln">sudo nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">wireguard</span><span class="pun">/</span><span class="pln">wg0</span><span class="pun">.</span><span class="pln">conf</span>

添加以下配置,将 替换为之前生成的实际密钥:<server_private_key><client_public_key>

<span class="pun">[</span><span class="typ">Interface</span><span class="pun">]</span>
<span class="typ">Address</span> <span class="pun">=</span> <span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.1</span><span class="pun">/</span><span class="lit">24</span>
<span class="typ">ListenPort</span> <span class="pun">=</span> <span class="lit">51820</span>
<span class="typ">PrivateKey</span> <span class="pun">=</span> 

<span class="pun">[</span><span class="typ">Peer</span><span class="pun">]</span>
<span class="typ">PublicKey</span> <span class="pun">=</span> 
<span class="typ">AllowedIPs</span> <span class="pun">=</span> <span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.2</span><span class="pun">/</span><span class="lit">32</span>

启用 IP 转发以允许流量通过服务器:

<span class="com"># Enable IP forwarding</span><span class="pln">
echo </span><span class="str">'net.ipv4.ip_forward=1'</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">-</span><span class="pln">a </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">sysctl</span><span class="pun">.</span><span class="pln">conf
sudo sysctl </span><span class="pun">-</span><span class="pln">p</span>

设置防火墙规则以允许 WireGuard 流量:

<span class="com"># Allow WireGuard through the firewall</span><span class="pln">
sudo iptables </span><span class="pun">-</span><span class="pln">A INPUT </span><span class="pun">-</span><span class="pln">i wg0 </span><span class="pun">-</span><span class="pln">j ACCEPT
sudo iptables </span><span class="pun">-</span><span class="pln">A FORWARD </span><span class="pun">-</span><span class="pln">i wg0 </span><span class="pun">-</span><span class="pln">j ACCEPT
sudo iptables </span><span class="pun">-</span><span class="pln">t nat </span><span class="pun">-</span><span class="pln">A POSTROUTING </span><span class="pun">-</span><span class="pln">o eth0 </span><span class="pun">-</span><span class="pln">j MASQUERADE</span>
    1. 配置客户端

    为 WireGuard 客户端创建配置文件。替换为服务器的公钥:<server_public_key>

<span class="pln">nano client</span><span class="pun">.</span><span class="pln">conf</span>

添加以下配置:

<span class="pun">[</span><span class="typ">Interface</span><span class="pun">]</span>
<span class="typ">PrivateKey</span> <span class="pun">=</span> 
<span class="typ">Address</span> <span class="pun">=</span> <span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.2</span><span class="pun">/</span><span class="lit">24</span><span class="pln">
DNS </span><span class="pun">=</span> <span class="lit">8.8</span><span class="pun">.</span><span class="lit">8.8</span>

<span class="pun">[</span><span class="typ">Peer</span><span class="pun">]</span>
<span class="typ">PublicKey</span> <span class="pun">=</span> 
<span class="typ">Endpoint</span> <span class="pun">=</span> <span class="pun">:</span><span class="lit">51820</span>
<span class="typ">AllowedIPs</span> <span class="pun">=</span> <span class="lit">0.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">0</span>
  1. 启动 WireGuard 接口

让我们启动服务器和客户端的 WireGuard 接口:

<span class="com"># Start the server interface</span><span class="pln">
sudo wg</span><span class="pun">-</span><span class="pln">quick up </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">wireguard</span><span class="pun">/</span><span class="pln">wg0</span><span class="pun">.</span><span class="pln">conf

</span><span class="com"># Start the client interface</span><span class="pln">
sudo wg</span><span class="pun">-</span><span class="pln">quick up </span><span class="pun">./</span><span class="pln">client</span><span class="pun">.</span><span class="pln">conf</span>
  1. 检查 WireGuard 接口的状态

为确保一切顺利运行,请检查 WireGuard 接口的状态:

<span class="com"># Check the server interface</span><span class="pln">
sudo wg show

</span><span class="com"># Check the client interface</span><span class="pln">
wg show client</span>

第5步。测试WireGuard VPN。

现在配置了 WireGuard,让我们在服务器和客户端之间建立连接:

<span class="pln">sudo wg</span><span class="pun">-</span><span class="pln">quick up </span><span class="pun">./</span><span class="pln">client</span><span class="pun">.</span><span class="pln">conf</span>

要确认 VPN 是否正常工作,请尝试从客户端 ping 服务器,反之亦然:

在客户端上:

<span class="pln">ping </span><span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.1</span>

在服务器上:

<span class="pln">ping </span><span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.2</span>

通过从客户端访问 WhatIsMyIP.com 等网站来确保您的真实 IP 地址被隐藏。

感謝您使用本教鬥在 Debian 12 Bookworm 上安裝最新版本的 WireGuard。有关其他帮助或有用信息,我们建议您查看官方 WireGuard 网站


Edge插件网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:如何在 Debian 12 上安装 WireGuard
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址