配置 WireGuard 异地组网

云服务器

  • 安装 WireGuard

    1
    sudo apt install wireguard

  • 开启内核转发(必须,否则流量进得来出不去):

    1
    2
    echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
    sudo sysctl -p

  • 修改配置:

    1
    vim /etc/wireguard/wg0.conf

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    [Interface]
    Address = 10.0.0.1/24
    ListenPort = 51820
    PrivateKey = 2GjKxJ9hFY43zIiWFrUYqiyjCo+VGncrg0eRFBtoJ0g= # 服务端私钥

    # 开启流量转发
    PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

    # Peer 1: 实验室旧电脑
    [Peer]
    PublicKey = bQddTJ9XdOBcbtDV5w5VUamYrSi/iD1VmAKv9A3bMRw= # 旧电脑公钥
    AllowedIPs = 10.0.0.2/32, 172.22.0.0/16

    # Peer 2: 宿舍电脑
    [Peer]
    PublicKey = jSBYJC5JqL3GQRNCsYaqJiiVKyIRvjwGvTJC0jYDxnw= # 新电脑公钥
    AllowedIPs = 10.0.0.3/32

启动服务端: sudo wg-quick up wg0

配置实验室旧电脑

1
2
3
4
5
6
7
8
9
10
[Interface]
PrivateKey = gI5XuGJCIjsEATvw6ZU6HlU3Rzii8Uq2V1biVXFyUHg=
Address = 10.0.0.2/24
MTU = 1280

[Peer]
PublicKey = l7RlY4gEe4RTjSjyI8FPybv0WkGV62r9dnLy+o/NdRg=
AllowedIPs = 10.0.0.0/24
Endpoint = 服务器IP:服务器端口
PersistentKeepalive = 25

开启路由转发

1
Set-NetIPInterface -Forwarding Enabled

安装SSH服务

1
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0

设置自动执行

1
2
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'

配置新电脑

1
2
3
4
5
6
7
8
9
10
[Interface]
PrivateKey = QO6MT2kSCgNODOfyNjLzMfM+CuCXB7hMzwDGQUP1KmE=
Address = 10.0.0.3/24
MTU = 1280

[Peer]
PublicKey = l7RlY4gEe4RTjSjyI8FPybv0WkGV62r9dnLy+o/NdRg=
AllowedIPs = 10.0.0.0/24
Endpoint = 服务器IP:服务器端口
PersistentKeepalive = 25

配置 SSH 跳板:

1
2
3
4
5
6
7
8
9
Host v100
    HostName 172.22.11.215    # 实验室内部服务器的真实 IP
    User liuch                # 目标服务器的用户名
    ProxyJump lab-jump       # 核心:告诉 SSH 先跳到旧电脑

Host a100
    HostName 172.22.11.233   # 实验室内部服务器的真实 IP
    User fanb                # 目标服务器的用户名
    ProxyJump lab-jump       # 核心:告诉 SSH 先跳到旧电脑

配置 .ssh/config 免密访问

  • 实验室旧电脑上,以管理员身份打开记事本,编辑: C:\ProgramData\ssh\sshd_config

  • 拉到文件最底部,找到下面这两行,在它们前面加 # 注释掉:代码段

    # Match Group administrators # AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

  • 然后复制公钥到旧电脑即可

  • 重启 SSH 服务(在管理员 PowerShell 执行):

    1
    Restart-Service sshd

Techs
#Network #VPN
配置 WireGuard 异地组网
https://d4wnnn.github.io/2026/04/15/Notion/配置 WireGuard 异地组网/
作者
D4wn
发布于
2026年4月15日
许可协议