影子屋 (文章分类:wireguard)https://blog.bgme.me/zh_cnContents © 2024 <a href="mailto:i@bgme.me">无影人</a> <a rel="license noopener nofollow" target="_blank" href="http://creativecommons.org/licenses/by-sa/4.0/" class="ui image" title="如无特别说明,本站文章均遵循 CC BY-SA 4.0 协议,转载请注明作者及出处。"> <img alt="Creative Commons Attribution-ShareAlike 4.0 International License" src="/license.png"> </a> Wed, 24 Apr 2024 12:02:13 GMTNikola (getnikola.com)http://blogs.law.harvard.edu/tech/rss在 Debian 上建立 Wireguard 隧道https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/无影人<p>因为一些原因将 Elasticsearch 部署在了另外一台机器上,之前两台 vps 是直接通过公网通迅的,只不过用防火墙限制了一下IP,但这终究是不安全的,想要靠谱还是要上VPN。但找了一找网上的<a class="reference external" href="https://www.digitalocean.com/community/tags/vpn?type=tutorials">VPN教程</a>大多是 OpenVPN ,虽然 OpenVPN 很安全,但部署操作实在太复杂了,于是就一直这样鸽了下来。</p> <p>今天,看到了 <a class="reference external" href="https://nova.moe/deploy-wireguard-on-ubuntu-bionic/">在 Ubuntu 18.04 上建立 WireGuard 隧道组建 VPS 大内网</a> 这篇文章时真是茅塞顿开,于是参考这篇文章外加 <a class="reference external" href="https://www.wireguard.com/">官方文档</a> 、<a class="reference external" href="https://wiki.debian.org/Wireguard">Debian Wiki Wireguard 条目</a> 使用 WireGuard 将自己的两台 VPS 组了一个私有网。</p> <!-- TEASER_END --> <p>以下步骤均建议,同时连接两台VPS同步操作。</p> <section id="section-1"> <h2>第一步:生成密匙</h2> <p>在服务端、客户端同时使用如下命令生成公钥与私钥。</p> <div class="code"><pre class="code bash"><a id="rest_code_1ea87905c1c74d2582e0fb47d02fbcd9-1" name="rest_code_1ea87905c1c74d2582e0fb47d02fbcd9-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_1ea87905c1c74d2582e0fb47d02fbcd9-1"></a>wg<span class="w"> </span>genkey<span class="w"> </span><span class="p">|</span><span class="w"> </span>tee<span class="w"> </span>privatekey<span class="w"> </span><span class="p">|</span><span class="w"> </span>wg<span class="w"> </span>pubkey<span class="w"> </span>&gt;<span class="w"> </span>publickey </pre></div> <aside class="admonition warning"> <p class="admonition-title">警告</p> <p>请注意保护私钥。</p> </aside> </section> <section id="section-2"> <h2>第二步:手动配置</h2> <p>请参考以下配置文件模版,和 <a class="reference external" href="https://manpages.debian.org/man/8/wg-quick">wg-quick</a> 完成配置文件,并将配置文件写入 <code class="docutils literal">/etc/wireguard/wg0.conf</code>。</p> <p>Server:</p> <div class="code"><pre class="code text"><a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-1" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-1"></a>[Interface] <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-2" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-2"></a>Address = 192.168.1.1/24 <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-3" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-3"></a>SaveConfig = true <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-4" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-4" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-4"></a>ListenPort = 51820 <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-5" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-5" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-5"></a>PrivateKey = 服务端私钥 <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-6" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-6" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-6"></a> <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-7" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-7" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-7"></a>[Peer] <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-8" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-8" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-8"></a>PublicKey = 客户端公钥 <a id="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-9" name="rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-9" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5e5a7972a9eb4dde9fef93cb80e56fa2-9"></a>AllowedIPs = 192.168.1.0/24 </pre></div> <p>Client:</p> <div class="code"><pre class="code text"><a id="rest_code_06877252823a4521ba94ec67a6d87b99-1" name="rest_code_06877252823a4521ba94ec67a6d87b99-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-1"></a>[Interface] <a id="rest_code_06877252823a4521ba94ec67a6d87b99-2" name="rest_code_06877252823a4521ba94ec67a6d87b99-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-2"></a>Address = 192.168.1.2/24 <a id="rest_code_06877252823a4521ba94ec67a6d87b99-3" name="rest_code_06877252823a4521ba94ec67a6d87b99-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-3"></a>PrivateKey = 客户端私钥 <a id="rest_code_06877252823a4521ba94ec67a6d87b99-4" name="rest_code_06877252823a4521ba94ec67a6d87b99-4" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-4"></a> <a id="rest_code_06877252823a4521ba94ec67a6d87b99-5" name="rest_code_06877252823a4521ba94ec67a6d87b99-5" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-5"></a>[peer] <a id="rest_code_06877252823a4521ba94ec67a6d87b99-6" name="rest_code_06877252823a4521ba94ec67a6d87b99-6" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-6"></a>PublicKey = 服务端公钥 <a id="rest_code_06877252823a4521ba94ec67a6d87b99-7" name="rest_code_06877252823a4521ba94ec67a6d87b99-7" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-7"></a>Endpoint = 服务器地址:51820 <a id="rest_code_06877252823a4521ba94ec67a6d87b99-8" name="rest_code_06877252823a4521ba94ec67a6d87b99-8" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_06877252823a4521ba94ec67a6d87b99-8"></a>AllowedIPs = 192.168.1.1/24 </pre></div> </section> <section id="section-3"> <h2>第三步:防火墙</h2> <p>服务端打开相应的监听端口,放行udp。</p> <div class="code"><pre class="code text"><a id="rest_code_8b49942fb2ef4abab6c6849178fce689-1" name="rest_code_8b49942fb2ef4abab6c6849178fce689-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_8b49942fb2ef4abab6c6849178fce689-1"></a>firewall-cmd --zone=public --add-port=51820/udp --permanent </pre></div> <p>根据实际需要,在服务端、客户端做出相应的防火墙配置。</p> <p>Server:</p> <div class="code"><pre class="code text"><a id="rest_code_fb51f76db7d64b0a818587e14eb702ca-1" name="rest_code_fb51f76db7d64b0a818587e14eb702ca-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_fb51f76db7d64b0a818587e14eb702ca-1"></a>firewall-cmd --new-zone=wg --permanent <a id="rest_code_fb51f76db7d64b0a818587e14eb702ca-2" name="rest_code_fb51f76db7d64b0a818587e14eb702ca-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_fb51f76db7d64b0a818587e14eb702ca-2"></a>firewall-cmd --zone=wg --add-interface=wg0 --permanent <a id="rest_code_fb51f76db7d64b0a818587e14eb702ca-3" name="rest_code_fb51f76db7d64b0a818587e14eb702ca-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_fb51f76db7d64b0a818587e14eb702ca-3"></a>firewall-cmd --zone=wg --add-masquerade --permanent <a id="rest_code_fb51f76db7d64b0a818587e14eb702ca-4" name="rest_code_fb51f76db7d64b0a818587e14eb702ca-4" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_fb51f76db7d64b0a818587e14eb702ca-4"></a>firewall-cmd --zone=wg --add-port=3000/tcp --permanent <a id="rest_code_fb51f76db7d64b0a818587e14eb702ca-5" name="rest_code_fb51f76db7d64b0a818587e14eb702ca-5" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_fb51f76db7d64b0a818587e14eb702ca-5"></a>firewall-cmd --zone=wg --add-port=4000/tcp --permanent <a id="rest_code_fb51f76db7d64b0a818587e14eb702ca-6" name="rest_code_fb51f76db7d64b0a818587e14eb702ca-6" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_fb51f76db7d64b0a818587e14eb702ca-6"></a>firewall-cmd --reload </pre></div> <p>Client:</p> <div class="code"><pre class="code text"><a id="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-1" name="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_b735ab0cbb174f42ac5ebaf6a659becc-1"></a>firewall-cmd --new-zone=wg --permanent <a id="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-2" name="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_b735ab0cbb174f42ac5ebaf6a659becc-2"></a>firewall-cmd --zone=wg --add-interface=wg0 --permanent <a id="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-3" name="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_b735ab0cbb174f42ac5ebaf6a659becc-3"></a>firewall-cmd --zone=wg --add-port=9200/tcp --permanent <a id="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-4" name="rest_code_b735ab0cbb174f42ac5ebaf6a659becc-4" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_b735ab0cbb174f42ac5ebaf6a659becc-4"></a>firewall-cmd --reload </pre></div> </section> <section id="section-4"> <h2>第四步:确认通道已连接</h2> <p>服务端、客户端同时启动 wireguard。</p> <div class="code"><pre class="code text"><a id="rest_code_f3007f59a1564f70a092c4960f53f351-1" name="rest_code_f3007f59a1564f70a092c4960f53f351-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_f3007f59a1564f70a092c4960f53f351-1"></a>wg-quick up wg0 </pre></div> <p>查看 ip 地址,并互 ping 对方主机,如果能 ping 通,说明隧道已经建立。</p> <div class="code"><pre class="code text"><a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-1" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-1"></a>$ ip addr <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-2" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-2"></a>3: wg0: &lt;POINTOPOINT,NOARP,UP,LOWER_UP&gt; mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-3" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-3"></a> link/none <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-4" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-4" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-4"></a> inet 192.168.1.1/24 scope global wg0 <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-5" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-5" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-5"></a> valid_lft forever preferred_lft forever <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-6" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-6" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-6"></a> <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-7" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-7" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-7"></a>$ ping 192.168.1.2 <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-8" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-8" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-8"></a>PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-9" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-9" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-9"></a>64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.74 ms <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-10" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-10" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-10"></a>64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=1.59 ms <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-11" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-11" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-11"></a>64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=1.64 ms <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-12" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-12" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-12"></a>64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=1.66 ms <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-13" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-13" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-13"></a>64 bytes from 192.168.1.2: icmp_seq=5 ttl=64 time=1.100 ms <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-14" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-14" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-14"></a>^C <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-15" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-15" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-15"></a>--- 192.168.1.2 ping statistics --- <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-16" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-16" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-16"></a>5 packets transmitted, 5 received, 0% packet loss, time 11ms <a id="rest_code_5333b2eafb2b46d3b7a69b227fe87673-17" name="rest_code_5333b2eafb2b46d3b7a69b227fe87673-17" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_5333b2eafb2b46d3b7a69b227fe87673-17"></a>rtt min/avg/max/mdev = 1.587/1.725/1.998/0.149 ms </pre></div> <p>可使用 <code class="docutils literal">wg show</code> 查看相应信息。</p> <div class="code"><pre class="code text"><a id="rest_code_c5cbe44542f24f40806e045783699fd9-1" name="rest_code_c5cbe44542f24f40806e045783699fd9-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-1"></a># wg show <a id="rest_code_c5cbe44542f24f40806e045783699fd9-2" name="rest_code_c5cbe44542f24f40806e045783699fd9-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-2"></a>interface: wg0 <a id="rest_code_c5cbe44542f24f40806e045783699fd9-3" name="rest_code_c5cbe44542f24f40806e045783699fd9-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-3"></a> public key: 服务端公钥 <a id="rest_code_c5cbe44542f24f40806e045783699fd9-4" name="rest_code_c5cbe44542f24f40806e045783699fd9-4" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-4"></a> private key: (hidden) <a id="rest_code_c5cbe44542f24f40806e045783699fd9-5" name="rest_code_c5cbe44542f24f40806e045783699fd9-5" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-5"></a> listening port: 51820 <a id="rest_code_c5cbe44542f24f40806e045783699fd9-6" name="rest_code_c5cbe44542f24f40806e045783699fd9-6" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-6"></a> <a id="rest_code_c5cbe44542f24f40806e045783699fd9-7" name="rest_code_c5cbe44542f24f40806e045783699fd9-7" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-7"></a>peer: 客户端公钥 <a id="rest_code_c5cbe44542f24f40806e045783699fd9-8" name="rest_code_c5cbe44542f24f40806e045783699fd9-8" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-8"></a> endpoint: 客户端地址:客户端当前端口 <a id="rest_code_c5cbe44542f24f40806e045783699fd9-9" name="rest_code_c5cbe44542f24f40806e045783699fd9-9" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-9"></a> allowed ips: 192.168.1.0/24 <a id="rest_code_c5cbe44542f24f40806e045783699fd9-10" name="rest_code_c5cbe44542f24f40806e045783699fd9-10" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-10"></a> latest handshake: 59 seconds ago <a id="rest_code_c5cbe44542f24f40806e045783699fd9-11" name="rest_code_c5cbe44542f24f40806e045783699fd9-11" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_c5cbe44542f24f40806e045783699fd9-11"></a> transfer: 135.63 KiB received, 209.95 KiB sent </pre></div> <p>如果测试没有问题,并需要长期保持隧道,使用 <code class="docutils literal"><span class="pre">wg-quick@.service</span></code> 实现自启。</p> <div class="code"><pre class="code text"><a id="rest_code_adf405cfe89c4c09802d3e77a87cb3f2-1" name="rest_code_adf405cfe89c4c09802d3e77a87cb3f2-1" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_adf405cfe89c4c09802d3e77a87cb3f2-1"></a>wg-quick down wg0 &amp;&amp; \ <a id="rest_code_adf405cfe89c4c09802d3e77a87cb3f2-2" name="rest_code_adf405cfe89c4c09802d3e77a87cb3f2-2" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_adf405cfe89c4c09802d3e77a87cb3f2-2"></a>systemctl start wg-quick@wg0.service &amp;&amp;\ <a id="rest_code_adf405cfe89c4c09802d3e77a87cb3f2-3" name="rest_code_adf405cfe89c4c09802d3e77a87cb3f2-3" href="https://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/#rest_code_adf405cfe89c4c09802d3e77a87cb3f2-3"></a>systemctl enable wg-quick@wg0.service </pre></div> </section>vpnwireguardhttps://blog.bgme.me/posts/2019/deploy-wireguard-on-debian/Fri, 20 Sep 2019 09:21:55 GMT