上网服务器搭建时遇到的问题

Quick and easy VPNs with WireGuard

PHPer 2020-05-06 1604 0 0
If a message like the following is shown in this step: Warning: `/etc/wireguard/wg0.conf' is world accessible This means that the configuration file permissions are too broad - and they shouldn’t, as there’s a private key in there. This can be fixed withsudo chmod 600 /etc/wireguard/wg0.conf.

Sep 15, 2018 • Tiago Ilieve

WireGuard is the new kid on the block in the world of VPNs. It has been receiving a lot of attention lately, especially afterLinus Torvalds himself praised the projectlast month, resulting inin-depth guides about its characteristicsbeing published. The problem is thatpractical guides about its setup, including theofficial one, doesn’t show how quick and easy it is to do that. They are full of lengthy, complex and unneeded commands, when everything that is needed are simple configuration files.

This guide won’t describe how to actually install WireGuard, as this isthoroughly covered by the official documentationfor every supported platform. It consists of aloadable kernel modulethat allows virtual WireGuard network interfaces to be created. In here, an EC2 instance located in Ireland and a virtual machine (based on Vagrant/VirtualBox) in Germany, both running Ubuntu, will be connected.

The first step is to generate a pair of keys for every machine. WireGuard authentication system doesn’t rely passwords or certificates that includes hard-to-maintain Certification Authorities (CAs). Everything is done using private/public keys, like SSH authentication:

$ wg genkey | tee privatekey | wg pubkey > publickey $ ls -lh total 8.0K -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 privatekey -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 publickey

In the server, the/etc/wireguard/wg0.confconfiguration file will look like:

[Interface] PrivateKey = 4MtNd3vq/Zb5tc8VgoigLyuONWoCQmnzLKFNuSYLiFY= Address = 192.168.255.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=1 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=0 [Peer] PublicKey = 0+/w1i901TEFRmEcUECqWab/nwmq0dZLehMzSOKUo04= AllowedIPs = 192.168.255.2/32

Here’s an explanation of its fields:

  • PrivateKeyis the server private key. It proves that the server is who it says it is, and the same will be valid for the clients on the other end. One will be able to validate the identity of the other.
  • Addressis the IP and network mask for the VPN network.
  • ListenPorttells in which UDP port the server will listen for connections.
  • PostUpare firewall rules and system commands that are needed for the server to act as a gateway, forwarding all network traffic.PostDownwill disable them when the VPN is deactivated.eth0is the name of the main network interface, which can be something different likeens5ifsystemd’s Predictable Network Interface Namesare being used.
  • PublicKeyandAllowedIPsdefines which peers can connect to this server through a combination of IPs/key pairs. It’s important to notice that the IPs defined here are within the VPN network range. Those are not the actual IPs which the client will use to connect to the server over the internet.

The client will also have a/etc/wireguard/wg0.confconfiguration file, but it will be a little bit different:

[Interface] PrivateKey = yDZjYQwYdsgDmySbUcR0X7b+rdwfZ91rFYxz6m/NT08= Address = 192.168.255.2/24 [Peer] PublicKey = e1HJ0ed/lUmCDRUGjCwFZ9Qm2Lt14jNE77TKXyIS1yk= AllowedIPs = 0.0.0.0/0 Endpoint = ec2-34-253-52-138.eu-west-1.compute.amazonaws.com:51820

ThePrivateKeyandAddressfields here have the same meaning as in the server. The difference is that theInterfacesection won’t contain the server parts, like the listening ports and firewall commands. ThePeersection contains the following fields:...

立即注册

更新于:2022-07-15 12:21:47
    您需要登录后才可以评论。 立即注册

    使用WireGuard快速轻松地VPN

    2018年9月15日•Tiago Ilieve

    WireGuard是VPN世界中的新生事物。Linus Torvalds上个月有关其特性的深入指南得以有关其设置的实用指南官方

    本指南将不介绍如何实际安装WireGuard,因为的官方文档可加载的内核模块,该

    第一步是为每台机器生成一对密钥。SSH身份验证

    $ wg genkey | tee privatekey | wg pubkey > publickey $ ls -lh total 8.0K -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 privatekey -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 publickey ...

    立即注册
    更新于:2022-05-31 09:14:49
    相关内容

    (实测:超不省心,这个方法太陈旧了) 超省心游戏加速:Wireguard+udp加速...

    wireguard+udpspeeder+udp2raw多用户配置

    Wireguard+udpspeeder+udp2raw游戏加速方案改进版-实测有效

    服务器搭建

    centos7用yum搭建LAMP环境之一

    CentOS 7 安装 LNMP 环境,sh脚本一键安装

    安装phaclon遇到的各种问题。

    LNMP的那些事情

    centos7安装openssl

    Centos系统在Apache服务器上安装SSL证书

    Centos7.4 修改MySQL5.7 root 密码

    2020在godaddy首页上看到企业建站服务

    邮件发送报错No IDN encoder found(install the intl extension or the tr...

    yum安装php扩展intl报错:Error: php71w-common conflicts with php-comm...

    如何在CentOS上安装PHP intl扩展?

    服务器选择-阿里云轻量应用服务器 轻量应用服务器 (香港节点丢包严重,延迟25ms)

    阿里云香港服务器和大陆服务器区别在哪,如何选择

    关于网站的robots文件以及robots文件在线生成工具

    robots.txt 不让搜索引擎收录网站的方法

    Yii2生成sitemap,yii2-sitemap-module Yii2 module for automatically ...

    验证谷歌站长平台 – GOOGLE SEARCH CONSOLE 验证流程

    centos7下自动备份mysql数据库

    谷歌站长平台实测网站

    CentOS 7中看PHP运行时的Log文件日志信息

    Linux设置Swap虚拟内存方法

    CentOS 7一键安装桌面环境命令(可远程RDP连接)

    如何在 CentOS8/RHEL8 上安装配置 VNC 服务器

    查问我看服务器搭建和使用中遇到的问题

    服务器搭建2

    mysql报错问题解决MySQL server PID file could not be found!

    找了半天找不到看着靠谱的centos8开机启动后运行的脚本

    LAMP一键安装包安装的时候方便,增加开机启动的时候出了问题

    一键安装,用sh脚本一键安装LAMP

    QQ授权码(更改QQ密码以及独立密码会触发授权码过期)

    FileZilla设置主密码保护FTP密码,服务器主机网站更安全了。

    linux配置多个ssl证书,Apache 配置多个HTTPS站点(202204亲测)

    服务器搭建3

    CentOS8下yum安装LNMP

    Linux查看端口使用状态、关闭端口方法

    LNMP与LAMP有哪些区别,安装哪个好?

    Centos杀死进程kill方法大全

    CentOS如何查看端口是否被占用

    xampp更改mysql数据库密码

    Vultr主机Centos Stream8系统上修改 Root 密码的方法(2022年版)

    Centos Stream8上安装ImageMagick和php的imagick扩展

    在 CentOS 7 上搭建属于自己的 “完美” 邮件系统

    Vultr如何发工单联系客服(2022年6月最新版)

    Could not get lock /var/lib/dpkg/lock-frontend Linux系统 sudo apt upda...

    Ubuntu Linux服务器安装图形化界面并用VNC Viewer连接(2022年6月实测有效)

    Centos7系统下图形化界面安装以及VNC远程连接教程(2022年6月实测ok)

    sudo 出现unable to resolve host 解决方法

    一键测试脚本bench.sh

    LNMP一键安装包添加、删除虚拟主机及伪静态使用教程

    Failed to update header with correct duration

    Centos7 安装Apache过程详解

    推荐内容

    分享几个好用的bt搜索bt资源下载网址网站

    影视电影剧集动漫综艺bt资源在线播放网址网站推荐分享

    全网最新bt磁力搜索引擎bt资源bt网站网址分享

    怎样使用V2Ray代理和SSTap玩如魔兽世界/绝地求生/LOL台服/战地3/黑色沙漠/彩...

    sstap游戏代理教程 从此玩如魔兽世界/绝地求生/LOL台服/战地3/黑色沙漠/彩虹六...

    人气美女女优百度指数排行榜(波多野结衣,苍井空,三上悠亚,深田咏美,桥本有菜,北条...

    最强人造人深田咏美,业界的社交女王

    人生起起落落的三上悠亚,成名前的清纯风,怎么搭配出来的?

    业内第一大长腿,桥本有菜的腿究竟有多长

    波多野结衣,岛国业界著作最多的超级劳模

    日本AV界NO.1,苍井空是多少宅男的疯狂?

    美女女优视频混剪 This Girl-Laza Morgan

    使用V2Ray的mKCP协议加速游戏