VPN

Contents[+]

VPN[+]
1. WireGuard[+]
  1. Архитектура
  2. Сервер

WireGuard

Архитектура

Linux client
   |
   |  WireGuard (0.0.0.0/0)
   |
VPS (public IP)
   |
   |  NAT
   |
Internet (hashicorp.com, registry, etc)

Сервер

# --- установка
apt install wireguard
# --- включаем форвардинг
sysctl -w net.ipv4.ip_forward=1
# --- создаем ключи
wg genkey | tee server.key | wg pubkey > server.pub
wg genkey | tee client.key | wg pubkey > client.pub

Конфигурация '/etc/wireguard/wg0.conf'

[Interface]
Address = 10.10.0.1/24
ListenPort = 51820
PrivateKey = <server.key>
PostUp   = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client.pub>
AllowedIPs = 10.10.0.2/32

Запуск

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0