rockylinux 9 如何安装使用 WireGuard

Rocky Linux 9 已经包含 WireGuard 在默认仓库中，直接安装即可wg工具即可

yum provides wg
Last metadata expiration check: 0:26:20 ago on Fri Apr 25 23:45:25 2025.
wireguard-tools-1.0.20210914-3.el9.x86_64 : Fast, modern, secure VPN tunnel
Repo        : @System
Matched from:
Filename    : /usr/bin/wg

wireguard-tools-1.0.20210914-3.el9.x86_64 : Fast, modern, secure VPN tunnel
Repo        : appstream
Matched from:
Filename    : /usr/bin/wg

# 安装命令
yum install wireguard-tools -y

生成对应的公钥和私钥

# 生成私钥
wg genkey |  tee /etc/wireguard/privatekey
# 基于私钥生成公钥
cat /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey

添加配置文件,配置文件为 /etc/wireguard/wg0.conf

[Interface]
PrivateKey = <客户端私钥>
Address = 10.8.0.2/24

[Peer]
PublicKey = <服务器公钥>
Endpoint = <服务器IP>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

启动服务

wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.8.0.10/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63

ifconfig wg0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.8.0.10  netmask 255.255.255.0  destination 10.8.0.10
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12  bytes 1776 (1.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

通过 ifconfig wg0 可以看到配置信息说明成功。