wireguard on Ubuntu 20.04.4 LTS 配置访问

find /lib/modules -name "wireguard*"
/lib/modules/5.4.0-26-generic/kernel/wireguard
/lib/modules/5.4.0-26-generic/kernel/wireguard/wireguard.ko
/lib/modules/5.4.0-100-generic/kernel/wireguard
/lib/modules/5.4.0-100-generic/kernel/wireguard/wireguard.ko

#所以直接加载wireguard模块就可以。

apt-get install wireguard #安装配置工具
...wg-quick.target is a disabled or a static unit, not starting it.

dpkg -s wireguard-tools
Package: wireguard-tools
Status: install ok installed
Version: 1.0.20200513-1~20.04.2
Depends: libc6 (>= 2.14)
Recommends: nftables | iptables, wireguard-modules (>= 0.0.20171001) | wireguard-dkms (>= 0.0.20191219)
Suggests: openresolv | resolvconf
Description: fast, modern, secure kernel VPN tunnel (userland utilities)
 WireGuard is a novel VPN that runs inside the Linux Kernel and uses
 state-of-the-art cryptography (the "Noise" protocol). It aims to be
 faster, simpler, leaner, and more useful than IPSec, while avoiding
 the massive headache. It intends to be considerably more performant
 than OpenVPN. WireGuard is designed as a general purpose VPN for
 running on embedded interfaces and super computers alike, fit for
 many different circumstances. It runs over UDP.
 
 This package contains command-line tools to interact with the
 WireGuard kernel module.  Currently, it provides only a single tool:
 wg: set and retrieve configuration of WireGuard interfaces

#到/etc/wireguard目录下
wg genkey | tee privatekey | wg pubkey > publickey #一条命令生成公钥和私钥

#生成wireguard配置文件：
cat wg0.conf
[Interface]
Address = 172.19.0.1/24
PrivateKey = IDzTbvwErM9K3tuPRWlsThGAX1snmLgmuHRIyUONMOg=
ListenPort = 7777

[Peer]
AllowedIPs = 172.19.0.2/32
PublicKey = KE3PeMUzwklxYyXEBtKcxQUcYG+6gN7o1XiilVlxO2g=
Endpoint = 117.152.69.39:7777

配置好了，启动
systemctl start wg-quick@wg0
然后开ip_forward，并做eth0的MASQUERADE。这一端就是这样。

版本信息：

dmesg -wT|grep wireguard
[Tue May  2 18:23:25 2023] wireguard: WireGuard 1.0.20201112 loaded. See www.wireguard.com for information.
[Tue May  2 18:23:25 2023] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.

wg -v
wireguard-tools v1.0.20200513 - https://git.zx2c4.com/wireguard-tools/

在另一端windows机器上，安装wireguard，然后“新建空隧道”。补充一句，二端的wireguard版本是否兼容，好像不需要关注。

“新建空隧道”就自动生成好了公钥和私钥。在那个界面里继续编辑wireguard配置文件。与ubuntu端类似而信息对调。

配置好后，就可以连接。
这里存在一个问题，windows端可以主动发起连接成功，用wg可以看到状态来确认。但是反向不行，因为windows端是在一个NAT的家庭网络中，反向发起连接无法穿透进来的。

连接成功后，在windows端配置某个目标IP的路由，网关是ubuntu的wg0的IP
很重要的一点，在windows端配置的AllowedIPs里（而不是ubuntu那边），添加目标IP

AllowedIPs = 172.19.0.1/32, 142.25.10.4/32, 104.24.42.13/32

然后就可以达到效果：windows机器，通过wg隧道，连接到ubuntu机器，然后通过ubuntu机器去访问到目标IP，并原路返回。

使用了一下，感觉实用场景有限，且步骤繁琐。