WireGuard: fast, modern, secure VPN tunnel

安装

脚本安装

https://github.com/hwdsl2/wireguard-install

配置

macos cli

Using WireGuard on macOS via the CLI - Scott's Weblog - The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

sudo mkdir /usr/local/etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey

[Interface]
# Name = node1.example.tld
Address = 192.0.2.3/32
ListenPort = 51820
PrivateKey = localPrivateKeyAbcAbcAbc=
DNS = 1.1.1.1,8.8.8.8
Table = 12345
MTU = 1500
PreUp = /bin/example arg1 arg2 %i
PostUp = /bin/example arg1 arg2 %i
PreDown = /bin/example arg1 arg2 %i
PostDown = /bin/example arg1 arg2 %i

[Peer]
# Name = node2-node.example.tld
AllowedIPs = 192.0.2.1/24
Endpoint = node1.example.tld:51820
PublicKey = remotePublicKeyAbcAbcAbc=
PersistentKeepalive = 25

[Interface]#

这一节定义本地 VPN 配置。例如：

本地节点是客户端，只路由自身的流量，只暴露一个 IP。

[Interface] *# Name = phone.example-vpn.dev*Address = 192.0.2.5/32 PrivateKey = <private key for phone.example-vpn.dev>
本地节点是中继服务器，它可以将流量转发到其他对等节点（peer），并公开整个 VPN 子网的路由。

[Interface] *# Name = public-server1.example-vpn.tld*Address = 192.0.2.1/24 ListenPort = 51820 PrivateKey = <private key for public-server1.example-vpn.tld> DNS = 1.1.1.1

① # Name#

这是 INI 语法中的标准注释，用于展示该配置部分属于哪个节点。这部分配置会被 WireGuard 完全忽略，对 VPN 的行为没有任何影响。

安装

配置

macos cli

[Interface]#

① # Name#

② Address#