Skip to main content

Building a Local Area Network with WireGuard

阿琛2/25/26About 1 minServerwindowslinux

1. Install WireGuard

Reference: https://www.wireguard.com/install/

  1. Windows Version Download Link: https://download.wireguard.com/windows-client/

  2. Ubuntu (Debian) Installation:

sudo apt update
sudo apt install wireguard

2. Server Configuration

  1. Generate server key pair
sudo umask 077
wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey
  1. Create server configuration file /etc/wireguard/wg0.conf
[Interface]
Address = 172.16.10.1/24
ListenPort = 5555
PrivateKey = <server-private-key>
PostUp = iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; iptables -I FORWARD 2 -i %i -j ACCEPT; iptables -t nat -I POSTROUTING 1 -s 172.16.10.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE

[Peer]
# This is the information for peer VPS-A
# Fill this in after generating the public key on VPS-A
PublicKey = <client-public-key>
# Private IP address assigned to VPS-A
AllowedIPs = 172.16.10.2/32
  1. Enable IP forwarding: To allow the server to forward client traffic, enable kernel IP forwarding
echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
  1. If you have a firewall, configure it
sudo ufw allow 51820/udp
  1. Start WireGuard service

Use the wg-quick tool to start the configured wg0 interface and enable auto-start at boot

sudo systemctl enable wg-quick@wg0 --now

Check service status and interface:

sudo systemctl status wg-quick@wg0
sudo wg show

3. Client Configuration

  1. Create client key pair
wg genkey | tee client-private.key | wg pubkey > client-public.key
  1. Add client to server configuration (already added), add multiple [Peer] sections for multiple clients
[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32
  1. Create client configuration file
[Interface]
PrivateKey = <client-private-key>
Address = 172.16.10.2/24
DNS = 114.114.114.114

[Peer]
Endpoint = 192.168.10.13:5555
PublicKey = <server-public-key>
AllowedIPs = 172.16.10.0/24
PersistentKeepalive = 25

4. Common Issues:

  1. iptables: command not found :
    sudo apt install iptables

AI Translation | AI 翻译

This article was translated from Chinese to English by AI. If there are any inaccuracies, please refer to the original Chinese version.


本文由 AI 辅助从中文翻译为英文。如遇不准确之处,请以中文原版为准。