illustrate
1. Please study before studying this chapter: https://blog.csdn.net/corosync/article/details/129056804
2. Software download address: https://www.123pan.com/s/M6RKVv-JNNad Extraction code: Wz9Z Or go to the official website to download
3. Home broadband must have an external network IP address
4. The main route uses an openwrt router and supports wireguard
configuration
1. Download WireGuard
2. Double click to open it
3. Click New Tunnel-New Empty Tunnel
4. Open the interface for creating a new tunnel. The private key must be kept secret, and no one will tell it; the public key must be told to openwrt, and the name can be named casually. Here we name it wg0
5. Go back to the openwrt interface-wg0 interface and click Modify to enter the modification page Click Add to add a peer to the computer
6. Paste the computer public key to openwrt
7. Set the IP address of the client (computer side), that is, the ip address of WireGuard on the computer side must be set to 192.168.40.11. If the setting is different, it will not be able to connect to the server. Check the IP allowed by the route, and keep the default 0 for keep-alive.
8. Click Save
9. Back to the windows WireGuard interface, we add some necessary configurations
10. A configuration template is given below
[Interface]
PrivateKey = 这个不要动,保存生成默认值
Address = openwrt的peers中设置的允许的IP地址
DNS = 接口wg0中 一般配置-基础设置中你设置的IP地址
[Peer]
PublicKey = openwrt根据一般配置-基础设置中的私钥生成的公钥
AllowedIPs = 允许走WireGuardVPN的网段
Endpoint = openwrt的wan口的(外网的)IP地址:端口号
PersistentKeepalive = openwrt端peers中配置的keep-alive的值,默认为0,不建议改动11. We complete the configuration file of WireGuard according to the above template
a.PrivateKey This value has been generated by default, do not touch it
The value of b.Address should be set to: 192.168.40.11/32
c.DNS This value should be set to: 192.168.40.1
We will not set the value of d.PublicKey first
e.AllowedIPs This value is set according to your needs. The format is ip address/subnet mask. If you want all traffic to go through the proxy, set it to 0.0.0.0/0. If you want a certain network segment to go through the proxy, such as 192.168 .1.X, then set it to 192.168.1.0/24, multiple separated by English commas Here we set it as: 192.168.10.0/24, 192.168.100.0/24
f.Endpoint is the address and port of the server, here is the address and port of the wan port of the openwrt external network. For example: 99.33.22.333:2001
The value of g.PersistentKeepalive is not officially recommended to be set, we can set it to 0. 0 is the default value of the official website.
12. Generate the public key of openwrt according to the private key of openwrt. The generated public key must be kept well. This public key needs to be copied to the client for future configuration of windows client, ios client, android client, etc. ! ! ! ! ! !
Order:
echo "openwrt的私钥" | wg pubkey13. Copy the public key generated in 12 to the PublicKey value of the configuration file in 11
14. Final example:
[Interface]
PrivateKey = eLPmxxF3O马赛克马赛马赛克马赛克wdopdWzhk+0A=
Address = 192.168.40.11/32
DNS = 192.168.40.1
[Peer]
PublicKey = LumSbSogY3n马赛克马赛马赛克k8Ry93y7WA=
AllowedIPs = 192.168.10.0/24, 192.168.100.0/24
Endpoint = 马赛克:2001
PersistentKeepalive = 0Schematic Summary
15. Fill the configuration file into the windows WireGuard client, click Save
16. Click Save and Apply
17. Go back to the interface list interface of openwrt, find the wg0 interface, first click to disable the client, and then click the connection after the deactivation is successful, which is equivalent to restarting the interface wg0. Note that every time you add a peer, you must first disable the client and then click the connection . Otherwise, the newly configured peer cannot connect.
18. Configure the firewall and allow port 2001 to open the network-firewall-communication rules
Add a release rule
Click the Add button first, then click Save and Apply when finished
19. Open WireGuard on the windows side and click the connect button
20. Test
21. After the connection is successful, try to access the intranet address
At this point, the windows configuration is complete