vi /etc/wireguard/wg0.conf
Now add the following lines to this file. You can then save and exit the vim using :x. For a better understanding, the individual lines are described by inline comments.
[Interface]
Address = <Configured client IP>/<Netmask> // For exaple the IP "10.11.0.20/32"
PrivateKey = <Private Key of the client>
[Peer]
PublicKey = <Public Key of the OPNsense Wireguard instance>
AllowedIPs = <Networks to which this client should have access>/<Netmask>
// For example "10.11.0.0/24, 192.168.1.0/24"
// | |
// +--> The network area of the OPNsense WireGuard VPNs
// |
// +--> Network behind the firewall
Endpoint = <Public IP of the OPNsense firewall>:<WireGuard Port>
添加网卡例如,wg0,wg1,wg2,参数规范如上所示,不要和其他网卡冲突就行。
然后
$ sudo systemctl enable [email protected]
Commands for controlling the Systemd service:
$ sudo systemctl start [email protected]
$ sudo systemctl status [email protected]
$ sudo systemctl stop [email protected]
wg命令就可以显示每个网卡的信息。终端客户的公钥也是用这里的。而不是wgxxx.conf里面的。
然后用wireguard-install.sh这个脚本添加新client(其他脚本也可,具体看自己情况而定),终端的私钥就是用脚本此脚本添加的私钥。
一下是两个终端客户的配置文件演示:
[Interface]
PrivateKey = wN2rax4ryZS0xSK8Wx6/jRzUfncip6ZjmDxqAMO9BHo=
Address = 10.77.1.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = 13vB3gCM/oyT6ztYfIMeQYOEyyLZTUV0m3YdRbUP9CQ=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 164.xxx.xxx.10:37148
PersistentKeepalive = 25
[Interface]
PrivateKey = kFY38Rpd7w+kK08NEzUFa8I7gbMb6Qk+5RS8COSDiVM=
Address = 10.77.31.3/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = SkNsxWDtizMQ9G2IBsXfQ74JZ4ScMC9KjpwvpRlPY3I=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 164.xxx.xxx.10:37149
PersistentKeepalive = 25
本文由 admin 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Apr 5, 2021 at 04:34 pm