上网服务器搭建时遇到的问题

Quick and easy VPNs with WireGuard

PHPer 2020-05-06 2065 0 0

If a message like the following is shown in this step:

Warning: `/etc/wireguard/wg0.conf' is world accessible

This means that the configuration file permissions are too broad - and they shouldn’t, as there’s a private key in there. This can be fixed withsudo chmod 600 /etc/wireguard/wg0.conf.

Sep 15, 2018 • Tiago Ilieve

WireGuard is the new kid on the block in the world of VPNs. It has been receiving a lot of attention lately, especially afterLinus Torvalds himself praised the projectlast month, resulting inin-depth guides about its characteristicsbeing published. The problem is thatpractical guides about its setup, including theofficial one, doesn’t show how quick and easy it is to do that. They are full of lengthy, complex and unneeded commands, when everything that is needed are simple configuration files.

This guide won’t describe how to actually install WireGuard, as this isthoroughly covered by the official documentationfor every supported platform. It consists of aloadable kernel modulethat allows virtual WireGuard network interfaces to be created. In here, an EC2 instance located in Ireland and a virtual machine (based on Vagrant/VirtualBox) in Germany, both running Ubuntu, will be connected.

The first step is to generate a pair of keys for every machine. WireGuard authentication system doesn’t rely passwords or certificates that includes hard-to-maintain Certification Authorities (CAs). Everything is done using private/public keys, like SSH authentication:

$ wg genkey | tee privatekey | wg pubkey > publickey $ ls -lh total 8.0K -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 privatekey -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 publickey

In the server, the/etc/wireguard/wg0.confconfiguration file will look like:

[Interface] PrivateKey = 4MtNd3vq/Zb5tc8VgoigLyuONWoCQmnzLKFNuSYLiFY= Address = 192.168.255.1/24 ListenPort = 51820 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=1 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; sysctl net.ipv4.ip_forward=0 [Peer] PublicKey = 0+/w1i901TEFRmEcUECqWab/nwmq0dZLehMzSOKUo04= AllowedIPs = 192.168.255.2/32

Here’s an explanation of its fields:

  • PrivateKeyis the server private key. It proves that the server is who it says it is, and the same will be valid for the clients on the other end. One will be able to validate the identity of the other.
  • Addressis the IP and network mask for the VPN network.
  • ListenPorttells in which UDP port the server will listen for connections.
  • PostUpare firewall rules and system commands that are needed for the server to act as a gateway, forwarding all network traffic.PostDownwill disable them when the VPN is deactivated.eth0is the name of the main network interface, which can be something different likeens5ifsystemd’s Predictable Network Interface Namesare being used.
  • PublicKeyandAllowedIPsdefines which peers can connect to this server through a combination of IPs/key pairs. It’s important to notice that the IPs defined here are within the VPN network range. Those are not the actual IPs which the client will use to connect to the server over the internet.

The client will also have a/etc/wireguard/wg0.confconfiguration file, but it will be a little bit different:

[Interface] PrivateKey = yDZjYQwYdsgDmySbUcR0X7b+rdwfZ91rFYxz6m/NT08= Address = 192.168.255.2/24 [Peer] PublicKey = e1HJ0ed/lUmCDRUGjCwFZ9Qm2Lt14jNE77TKXyIS1yk= AllowedIPs = 0.0.0.0/0 Endpoint = ec2-34-253-52-138.eu-west-1.compute.amazonaws.com:51820

ThePrivateKeyandAddressfields here have the same meaning as in the server. The difference is that theInterfacesection won’t contain the server parts, like the listening ports and firewall commands. ThePeersection contains the following fields:...

立即注册

更新于:2022-07-15 12:21:47
    您需要登录后才可以评论。 立即注册

    使用WireGuard快速轻松地VPN

    2018年9月15日•Tiago Ilieve

    WireGuard是VPN世界中的新生事物。Linus Torvalds上个月有关其特性的深入指南得以有关其设置的实用指南官方

    本指南将不介绍如何实际安装WireGuard,因为的官方文档可加载的内核模块,该

    第一步是为每台机器生成一对密钥。SSH身份验证

    $ wg genkey | tee privatekey | wg pubkey > publickey $ ls -lh total 8.0K -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 privatekey -rw-rw-r-- 1 ubuntu ubuntu 45 Sep 15 14:31 publickey ...

    立即注册
    更新于:2022-05-31 09:14:49
    相关内容

    (实测:超不省心,这个方法太陈旧了) 超省心游戏加速:Wireguard+udp加速...

    wireguard+udpspeeder+udp2raw多用户配置

    Wireguard+udpspeeder+udp2raw游戏加速方案改进版-实测有效

    服务器搭建

    centos7用yum搭建LAMP环境之一

    CentOS 7 安装 LNMP 环境,sh脚本一键安装

    安装phaclon遇到的各种问题。

    LNMP的那些事情

    centos7安装openssl

    Centos系统在Apache服务器上安装SSL证书

    Centos7.4 修改MySQL5.7 root 密码

    2020在godaddy首页上看到企业建站服务

    邮件发送报错No IDN encoder found(install the intl extension or the tr...

    yum安装php扩展intl报错:Error: php71w-common conflicts with php-comm...

    如何在CentOS上安装PHP intl扩展?

    服务器选择-阿里云轻量应用服务器 轻量应用服务器 (香港节点丢包严重,延迟25ms)

    阿里云香港服务器和大陆服务器区别在哪,如何选择

    关于网站的robots文件以及robots文件在线生成工具

    robots.txt 不让搜索引擎收录网站的方法

    Yii2生成sitemap,yii2-sitemap-module Yii2 module for automatically ...

    验证谷歌站长平台 – GOOGLE SEARCH CONSOLE 验证流程

    centos7下自动备份mysql数据库

    谷歌站长平台实测网站

    CentOS 7中看PHP运行时的Log文件日志信息

    Linux设置Swap虚拟内存方法

    CentOS 7一键安装桌面环境命令(可远程RDP连接)

    如何在 CentOS8/RHEL8 上安装配置 VNC 服务器

    查问我看服务器搭建和使用中遇到的问题

    服务器搭建2

    mysql报错问题解决MySQL server PID file could not be found!

    找了半天找不到看着靠谱的centos8开机启动后运行的脚本

    LAMP一键安装包安装的时候方便,增加开机启动的时候出了问题

    一键安装,用sh脚本一键安装LAMP

    QQ授权码(更改QQ密码以及独立密码会触发授权码过期)

    FileZilla设置主密码保护FTP密码,服务器主机网站更安全了。

    linux配置多个ssl证书,Apache 配置多个HTTPS站点(202204亲测)

    certbot-auto不再支持所有的操作系统,新的ssl证书安装方法。

    CentOS版 docker一键安装(2023年11月亲测可用)

    Apache 或Nginx 都报错 No input file specified.

    提示-bash: ffmpeg: command not found ffmpeg 安装和命令详解

    Chrome浏览器:The request client is not a secure context and the reso...

    推荐内容

    分享几个好用的bt搜索bt资源下载网址网站

    影视电影剧集动漫综艺bt资源在线播放网址网站推荐分享

    全网最新bt磁力搜索引擎bt资源bt网站网址分享

    人气美女女优百度指数排行榜(波多野结衣,苍井空,三上悠亚,深田咏美,桥本有菜,北条...

    最强人造人深田咏美,业界的社交女王

    人生起起落落的三上悠亚,成名前的清纯风,怎么搭配出来的?

    业内第一大长腿,桥本有菜的腿究竟有多长

    波多野结衣,岛国业界著作最多的超级劳模

    日本AV界NO.1,苍井空是多少宅男的疯狂?

    美女女优视频混剪 This Girl-Laza Morgan

    怎样使用V2Ray代理和SSTap玩如魔兽世界/绝地求生/LOL台服/战地3/黑色沙漠/彩...

    sstap游戏代理教程 从此玩如魔兽世界/绝地求生/LOL台服/战地3/黑色沙漠/彩虹六...

    影视电影剧集动漫综艺bt资源在线播放网址网站推荐分享