1.环境准备

systemctl stop firewalld
systemctl disable firewalld
#关闭防火墙
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
#开启转发

2.安装WireGuard

yum install yum-utils epel-release
yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
yum install kernel-plus wireguard-tools
reboot

3.准备工作目录

mkdir -p /etc/wireguard && chmod 0777 /etc/wireguard
cd /etc/wireguard
umask 077

4.准备密钥

wg genpsk > sharekey
#获取共享密钥
wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey

5.创建配置文件

注意ens32修改为你的网卡名字
编辑 wg0.conf 文件

# 接口配置
[Interface]
PrivateKey = uKue1BVakLh1H7k33hj2irLDjdmihW//KBW5x/ZvTkc=
Address = 192.168.111.20/32
ListenPort = 9555
DNS = 114.114.114.114

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens32 -j MASQUERADE

# 节点配置
[Peer]
PublicKey =  U+bmjTBQRKWfhqk+4ZmlhnXIZjGcs6L7/pc6rwMJ+S8=
AllowedIPs = 192.168.111.2/32
PresharedKey = H9MAR5AZf80fq2enaxXICyROc26YMQX2BLAMVsu1veY=
PersistentKeepalive = 25

6.windows客户端配置

# 接口配置
[Interface]
PrivateKey = YKPHau1tkXQ6/nmQijEjDmdxF6eos/RDiDzpMRUU3Xo=
Address = 192.168.111.2/32
DNS = 114.114.114.114

# 节点配置
[Peer]
PublicKey = pP6ZDsXxtO3J2Mw7mp7GSLoTXmBlDstSUXCh0qyYN3M=
PresharedKey = H9MAR5AZf80fq2enaxXICyROc26YMQX2BLAMVsu1veY=
AllowedIPs = 172.24.24.0/24
Endpoint = 172.24.24.3:9555

6.启动配置

systemctl enable wg-quick@wg0
# 设置开机自动启动
wg-quick up wg0
# 启动
wg-quick down wg0
# 停止

7.windows客户端新增peer问题

以上演示是基于在一个WireGuard Server的情况下，如果存在多个Server，例如家庭网络、工作网络、业务区域等，可以设置多条线路，需要使用的时候在连接。比较麻烦

问题是如果需要频繁切换就需要考虑使用单条线路，在这种情况下就需要WireGuard Server Address配置在同一个网段上，密钥不能重复,ip地址也不能重复，配置文件中客户端的配置需要保持一致