WireGuard 内核模块式的加载, 效率非常高.
不过这东西是用UDP发送数据, 所以到了晚上就不会那么友好.
- 服务端和客户端: 官方支持: https://www.wireguard.com/install/ 第三方支持: https://tunsafe.com/download
- 部署:
wget --no-check-certificate -qO- 'https://moeclub.org/attachment/LinuxShell/wireguard.sh'| bash
- 使用的是官方默认端口,端口为:51820.
- WireGuard 需要 tun 设备才能正常工作.
- 配置文件在 /etc/wireguard .
- 配置文件 wg0.conf 为脚本自动生成的服务端配置文件.
- 服务端已配置自启动, 启动服务命令.
#配置文件为 wg0.conf 则命令中使用 wg0 wg-quick down wg0; wg-quick up wg0
- 配置文件 wg0-client.conf 为脚本自动生成的客户端配置文件.
将其导入客户端即可使用. - 客户端配置文件中Endpoint项可以用域名代替IP地址.
- 如果遇到错误请尝试重启,重新跑脚本.
- 如果以下错误请尝试自行更换内核.
RTNETLINK answers: Operation not supported Unable to access interface: Protocol not supported
#!/bin/bash
WG_PORT='51820'
IPAddr=`wget --no-check-certificate -qO- http://moeclub.org/address`
POOL='https://deb.debian.org/debian/pool/main/w/wireguard/'
[ `dpkg -s libc6 |grep '^Version' |grep -o '[0-9\.]\{4\}' |head -n1 |cut -d'.' -f2` -ge "14" ] || exit 0
apt-get update
apt-get install -y libmnl-dev libelf-dev linux-headers-$(uname -r) build-essential pkg-config dkms resolvconf dnsmasq qrencode
arch=`dpkg --print-architecture`
Version=`wget --no-check-certificate -qO- "${POOL}" |grep -o 'wireguard_[0-9\_\.\-]\{1,\}_' |head -n1 |cut -d'_' -f2`
[ -n "$Version" ] || exit 1
wget --no-check-certificate -qO "/tmp/wireguard_${Version}_all.deb" "${POOL}wireguard_${Version}_all.deb"
wget --no-check-certificate -qO "/tmp/wireguard-dkms_${Version}_all.deb" "${POOL}wireguard-dkms_${Version}_all.deb"
wget --no-check-certificate -qO "/tmp/wireguard-tools_${Version}_${arch}.deb" "${POOL}wireguard-tools_${Version}_${arch}.deb"
dpkg -i "/tmp/wireguard-tools_${Version}_${arch}.deb"
dpkg -i "/tmp/wireguard-dkms_${Version}_all.deb"
dpkg -i "/tmp/wireguard_${Version}_all.deb"
[ -d /etc/wireguard ] && {
command -v wg >/dev/null 2>&1
[ $? == 0 ] || exit 1
sed -i '/#\?net.ipv4.ip_forward/d' /etc/sysctl.conf
sed -i '$a\net.ipv4.ip_forward=1' /etc/sysctl.conf
sysctl -p
cat >/etc/dnsmasq.conf< publickey
wg genpsk > presharedkey
wg genkey |tee privatekey.client |wg pubkey > publickey.client
ServerKey=`cat privatekey`
ServerPub=`cat publickey`
ServerPsk=`cat presharedkey`
ClientKey=`cat privatekey.client`
ClientPub=`cat publickey.client`
cat >simple.conf</dev/null; wg-quick up wg0\n\n" >>/etc/crontab
# Try it!
wg-quick down wg0 2>/dev/null; wg-quick up wg0
}