VPN

Contents[+]
  1. VPN[+]
    1. WireGuard[+]
      1. Архитектура
      2. Сервер
      3. Клиент

WireGuard

Архитектура

Linux client
   |
   |  WireGuard (0.0.0.0/0)
   |
VPS (public IP)
   |
   |  NAT
   |
Internet (hashicorp.com, registry, etc)

Сервер

# --- установка
apt install wireguard
# --- включаем форвардинг
sysctl -w net.ipv4.ip_forward=1
# --- создаем ключи
wg genkey | tee server.key | wg pubkey > server.pub
wg genkey | tee client.key | wg pubkey > client.pub

Конфигурация '/etc/wireguard/wg0.conf'

[Interface]
Address = 10.10.0.1/24
ListenPort = 51820
PrivateKey = <server.key>
PostUp   = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <client.pub>
AllowedIPs = 10.10.0.2/32

Запуск

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Клиент

Конфигурация '/etc/wireguard/wg0.conf'

[Interface]
Address = 10.10.0.2/24
PrivateKey = <client.key>
DNS = 1.1.1.1

[Peer]
PublicKey = <server.pub>
Endpoint = <VPS_IP>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Запуск

wg-quick up wg0

Остановка

wg-quick down wg0