通过 Wireguard 实现内网穿透

sudo apt install wireguard

# check
wg version

# 生成节点公私钥
wg genkey | tee yourhost_privatekey | wg pubkey > yourhost_publickey

# 生成 preshared key
# preshared key 是可选配置，配置后可以加一层对称加密更加安全
wg genpsk

[Interface]
# Name = host
Address = 192.168.168.1/24		# define the local IP for the server
ListenPort = 51820				# listen port of the server
PrivateKey = ... 				# private key of the server

# 配置 IP 伪装
#PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
#PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
# Name = nas
PublicKey = ... 				# public key of the machine behind NAT
PresharedKey = ... 				# preshared key of server <-> NAS
AllowedIPs = 192.168.168.2/32 	# the peer's local IP

[Peer]
# Name = iphone
PublicKey = ... 				# public key of client A
PresharedKey = ... 				# preshared key of server <-> client A
AllowedIPs = 192.168.168.3/32 	# the peer's local IP

[Peer]
# Name = notebook
PublicKey = ... 				# public key of client B
PresharedKey = ... 				# preshared key of server <-> client B
AllowedIPs = 192.168.168.4/32	# the peer's local IP

# 启动
wg-quick up mywg

# 启动后通过 ipconfig 可以看到多了一个虚拟网卡
ipconfig

# 停止
wg-quick down mywg

sudo systemctl enable wg-quick@mywg.service

sudo systemctl start wg-quick@mywg

# 查看运行状态
sudo systemctl status wg-quick@mywg

wg genkey | tee nas_privatekey | wg pubkey > nas_publickey

[Interface]
# Name = mynas
Address = 192.168.168.2/24 		# define the local IP of node
PrivateKey = ... 				# private key of node

[Peer]
# Name = host					# server's name
PublicKey = ...					# server's public key
PresharedKey = ...				# preshared key with server
Endpoint = {domain_or_public_ip}:51820	# domain/public:port of the public server
AllowedIPs = 192.168.168.0/24	# route 192.168.168.X traffic to the server
PersistentKeepalive = 25		# send keepalive to the server every 25 seconds