你的位置:首页 > 互联网IT
WireGuard安装,WireGuard搭建,WireGuard代理,如何在Windows上设置Wireguard VPN服务器,WireGuard VPN,wg代理,wg搭建,wg安装,wg vp
WireGuard安装,WireGuard搭建,WireGuard代理,如何在Windows上设置Wireguard VPN服务器,WireGuard VPN,wg代理,wg搭建,wg安装,wg vpn,Windows搭建Wireguard服务器端,Windows安装Wireguard服务器端
系统:windows/windows 2012
软件:WireGuard安装,WireGuard代理
功能:代理,上网,网络,vpn,代理上网
下载:
Windows客户端下载0.5.3:https://zgdl.lanzouw.com/it4Xe2eig7qj
Windows客户端下载老版本0.1.1:https://zgdl.lanzouw.com/iKSA82dzzxgf
https://download.wireguard.com/windows-client/wireguard-amd64-0.1.1.msi
android客户端下载:https://zgdl.lanzouw.com/i3HIg2eig81a
安卓客户端下载:https://zgdl.lanzouw.com/i0exz2e00irc
其它系统客户端下载:https://www.wireguard.com/install/
必应搜索:《wireguard》
WireGuard项目下载地址:https://www.wireguard.com/install/
WireGuard项目地址:https://github.com/WireGuard
其它
WireGuard安装教材:
https://www.zhuguodong.com/?id=842
https://www.zhuguodong.com/?id=841
https://www.zhuguodong.com/?id=843
https://www.zhuguodong.com/?id=839
以下是转载文章,配置有问题,请看另外一篇实战文章,出现的问题都解决了:
https://www.zhuguodong.com/?id=850
如何在Windows上设置Wireguard VPN服务器
本教程介绍了在Windows上设置Wireguard服务器的过程。互联网上的大多数Wireguard教程只让您选择在Linux环境中托管服务器。但是,安装windows服务器是很有可能的。
在搜索了一个教程却一无所获之后,我花了几天时间来找出最好的方法来做这件事,以及如何自动化这个过程。理想情况下,您仍然希望在Linux环境中运行它,但是如果您像我一样有windows服务器的使用案例,您将会体会到Wireguard是多么灵活!
先决条件
最新安装的Wireguard Windows客户端(从官方网站下载)
设置防火墙规则(就像Linux服务器设置一样:打开和转发端口51820,配置ddns等)
放弃:官方不支持在Windows上使用Wireguard作为服务器。使用风险自担。
步骤1:准备Wireguard服务器和客户端配置文件
这一步和其他Linux教程一样。我在下面提供了我自己的服务器端和客户端配置,请根据您自己的使用情况进行调整。
#Server Config
[Interface]
PrivateKey = #Replace with server private key#
ListenPort = 51820
Address = 192.168.200.1/24
[Peer]
#Client 1
PublicKey = #Replace with client public key#
PresharedKey = #Replace with pre-shared key#
AllowedIPs = 192.168.200.2/32
#Client Config
[Interface]
PrivateKey = #Replace with client private key#
Address = 192.168.200.2/24
DNS = 1.1.1.1, 8.8.8.8
[Peer]
PublicKey = #Replace with server public key#
PresharedKey = #Replace with pre-shared key#
AllowedIPs = 0.0.0.0/0
Endpoint = #Replace with server domain name or ip address#:51820
准备好服务器配置文件后,将其放在一个永久的文件夹中。对于本教程,我将假设服务器配置文件位于C:\wireguard\wg_server.conf
步骤2:启动服务器
我们将使用命令选项来启动服务器,而不是使用GUI。在本教程中,官方GUI一次只允许一个连接。如果我们用它来运行服务器,GUI将被占用,如果不丢弃服务器接口,我们将无法建立新的连接。使用命令行选项运行服务器使我们可以在日常使用中免费使用GUI。如果您不介意GUI被占用,您可以在GUI上启动服务器并跳到步骤3。
使用以下代码启动/停止服务器。不用说,如果文件路径在您的系统上不同,请调整它们。
您需要以管理权限运行这些!
#Start server
C:\Program Files\WireGuard\wireguard.exe /installtunnelservice "C:\wireguard\wg_server.conf"
#Stop server
C:\Program Files\WireGuard\wireguard.exe /uninstalltunnelservice wg_server
您只需运行该命令一次,wireguard的后台服务将在重启后记住运行状态。启动服务器后,wireguard将创建一个与服务器配置文件同名的新网络适配器。因此,对于我们的教程,网络适配器的名称应该是"工作组服务器"检查网络适配器是否已成功创建。
如果您将配置文件命名为“Wireguard_Server.conf ”,则创建的网络适配器也将相应地命名
步骤2.1:(可选)设置适配器配置文件
现在我们有了wireguard适配器设置,建议将其更改为“私有”配置文件,默认情况下,适配器被添加为“公共”。私人配置文件将允许更大的客户端兼容性(比如你想使用一些远程桌面等。).公共配置文件可能会阻止这些端口和服务。
为此,我们使用管理员权限手动运行三个简单的PowerShell命令:
#Open powershell with admin privilege and run the following:
$NetworkProfile = Get-NetConnectionProfile -InterfaceAlias "wg_server"
$NetworkProfile.NetworkCategory = "Private"
Set-NetConnectionProfile -InputObject $NetworkProfile
步骤3:启用服务器路由
现在服务器正在运行,客户端应该能够握手(假设您打开了正确的端口并正确转发)。但是,您会注意到客户端将无法访问互联网或局域网。这是因为默认情况下,windows不会将wireguard接口与您的实际物理互联网接口进行桥接或NAT。在Linux中,这是通过一些PostUp/PostDown防火墙命令来完成的,我们在这里不使用它们。相反,我们使用PowerShell脚本来启用NAT(或者用Windows术语“internet共享”)功能:
Function Set-NetConnectionSharing
{
Param
(
[Parameter(Mandatory=$true)]
[string]
$LocalConnection,
[Parameter(Mandatory=$true)]
[bool]
$Enabled
)
Begin
{
$netShare = $null
try
{
# Create a NetSharingManager object
$netShare = New-Object -ComObject HNetCfg.HNetShare
}
catch
{
# Register the HNetCfg library (once)
regsvr32 /s hnetcfg.dll
# Create a NetSharingManager object
$netShare = New-Object -ComObject HNetCfg.HNetShare
}
}
Process
{
#Clear Existing Share
$oldConnections = $netShare.EnumEveryConnection |? { $netShare.INetSharingConfigurationForINetConnection.Invoke($_).SharingEnabled -eq $true}
foreach($oldShared in $oldConnections)
{
$oldConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($oldShared)
$oldConfig.DisableSharing()
}
# Find connections
$InternetConnection = Get-NetRoute | ? DestinationPrefix -eq '0.0.0.0/0' | Get-NetIPInterface | Where ConnectionState -eq 'Connected'
$publicConnection = $netShare.EnumEveryConnection |? { $netShare.NetConnectionProps.Invoke($_).Name -eq $InternetConnection.InterfaceAlias }
$privateConnection = $netShare.EnumEveryConnection |? { $netShare.NetConnectionProps.Invoke($_).Name -eq $LocalConnection }
# Get sharing configuration
$publicConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($publicConnection)
$privateConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($privateConnection)
if ($Enabled)
{
$publicConfig.EnableSharing(0)
$privateConfig.EnableSharing(1)
}
else
{
$publicConfig.DisableSharing()
$privateConfig.DisableSharing()
}
}
}
注意:shell脚本最初是由伊戈拉夫尔,我做了一些修改,以简化过程,并消除我们的wireguard服务器应用程序的一些错误。
https://gist.github.com/igoravl/db02a8769fd6af3028f7
这个shell脚本是作为自定义函数“Set-NetConnectionSharing”编写的,需要加载到PowerShell中。
将脚本保存在以下位置:
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\wireguard\wireguard.psm1
wireguard.psm1需要位于名为wireguard的文件夹中,以便powershell加载该函数
现在,您可以使用管理权限打开PowerShell窗口,并运行以下命令来启用/禁用wireguard服务器接口的NAT。
#"wg_server" is the wireguard adapter name, replace it if you have something different.
#Enable NAT
Set-NetConnectionSharing "wg_server" $true
#Disable NAT
Set-NetConnectionSharing "wg_server" $false
如果一切顺利,当你打开你的主互联网网络适配器(在我的例子中是以太网3)的属性面板时,下面的选项应该被勾选:
另请注意,“家庭网络连接”字段应填入您的wireguard接口名称(图片显示的是Wireguar_Server,但如果您按照教程进行操作,则应为wg_server)。
从技术上讲,您可以通过windows gui使用properties菜单手动完成此操作,但是使用此脚本将允许您自动执行服务器启动/停止过程,您将在本教程的后面部分看到这一点。
现在一切都应该正常工作了,客户端应该能够访问您允许的互联网和局域网。
步骤3.1:更改默认互联网连接共享IP
默认情况下,当启用internet共享(NAT)时,Windows会将适配器的IP地址更改为其他地址(以避免冲突)。但是,我们已经知道我们想要适配器的IP地址(在wireguard配置的[interface]块中设置),在我们的例子中是192.168.200.1。
要修改默认的IP窗口将切换到,我们可以简单地改变注册表中的设置。打开注册表编辑器并转到以下路径:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters
那就简单的改变ScopeAddress和ScopeAddressBackup我们想要的IP地址(在我们的例子中是192.168.200.1)。
在步骤3中使用powershell命令禁用并重新启用互联网连接共享(NAT ),以确保此更改生效(您可能需要重新启动计算机)。
步骤4:重新启动时启用持续互联网共享(更新于2020年2月12日)
由于windows有一个错误,即互联网连接共享不会在重新启动时自动启动,我们需要更改一些设置,以确保互联网共享已启动。之前的教程使用了一个计划任务来完成这个任务,但是在阅读了windows错误修复之后,我发现了一个更好的方法这里.
打开服务窗口,找到“互联网连接共享”:
将启动类型更改为“自动”:
完成后,最后我们添加一个注册表:
Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedAccess
Type: DWORD (32bit)
Setting: EnableRebootPersistConnection
Value: 1
步骤4.1(可选)Bat文件,以方便手动启动/停止服务器
为了方便起见,我还创建了两个bat文件来运行这些命令,这样我就不必每次都打开命令提示符或PowerShell来启动和停止服务器。
服务器启动批处理脚本:(另存为“start.bat”并以管理员权限运行)
@echo off
"C:\Program Files\WireGuard\wireguard.exe" /installtunnelservice "C:\Henry-Scripts\Wireguard_Server.conf"
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" Set-NetConnectionSharing "Wireguard_Server" $true
服务器停止批处理脚本:(另存为“stop.bat”并以管理员权限运行)
@echo off
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" Set-NetConnectionSharing "Wireguard_Server" $false
"C:\Program Files\WireGuard\wireguard.exe" /uninstalltunnelservice Wireguard_Server
最后备注:
与Linux相比,设置windows wireguard服务器可能比较棘手。但是,我已经为您完成了大部分基础工作(启用NAT的PowerShell脚本)。以3分钟的延迟在启动时运行PowerShell脚本并不优雅,但它确实有效。在wireguard服务启动并运行后,应该有一种方法来运行该任务,但我无法让它工作。如果你知道如何让它工作,请与我分享。
-------------------------------------------------------------------------------------
这里开始是英文原文:
This tutorial goes through the process of setting up a Wireguard server on Windows. Most Wireguard tutorials on the internet only give you the choice of hosting a server in a Linux environment. However, it is very possible to setup a windows server.
After searching for a tutorial to no avail, I spent a couple days to figure out the best way to do it and how to automate the process. Ideally you would still want to run it in an Linux environment, but if you have a use case for a windows server like me, you would appreciate just how flexible Wireguard is!
Prerequisite
Latest Wireguard Windows Client installed (Download here from official site)
Setup firewall rules (just as you would for a Linux server setup: open and forward ports 51820, configure ddns etc)
Disclaimer: Using Wireguard on Windows as server is not officially supported. Use at your own risk.
Step 1: Prepare Wireguard Server And Client Config File
This step is the same as other Linux tutorials. I’ve provided my own server side and client side configs below, adjust to your own use case.
#Server Config
[Interface]
PrivateKey = #Replace with server private key#
ListenPort = 51820
Address = 192.168.200.1/24
[Peer]
#Client 1
PublicKey = #Replace with client public key#
PresharedKey = #Replace with pre-shared key#
AllowedIPs = 192.168.200.2/32
#Client Config
[Interface]
PrivateKey = #Replace with client private key#
Address = 192.168.200.2/24
DNS = 1.1.1.1, 8.8.8.8
[Peer]
PublicKey = #Replace with server public key#
PresharedKey = #Replace with pre-shared key#
AllowedIPs = 0.0.0.0/0
Endpoint = #Replace with server domain name or ip address#:51820
After you prepared the server config files, place it in a folder somewhere permanent. For this tutorial I will assume the server config file is placed at C:\wireguard\wg_server.conf
Step 2: Start Up The Server
Instead of using the GUI to start the server, we will start it using command options. At the time of this tutorial the official GUI only allows one connection at a time. If we use it to run the server, the GUI will be occupied and we won’t be able to make a new connection without dropping the server interface. Running the server using command line options allows us the keep the GUI free for daily use. If you don’t mind the GUI being occupied, you can just start the server on the GUI and skip to Step 3.
Use the following code to start / stop the server. Without saying, adjust the file paths if they are different on your system.
You need to run these with administrative privilege!
#Start server
C:\Program Files\WireGuard\wireguard.exe /installtunnelservice "C:\wireguard\wg_server.conf"
#Stop server
C:\Program Files\WireGuard\wireguard.exe /uninstalltunnelservice wg_server
You will only need to run the command once, wireguard’s background service will remember the run state over reboots. Once you start the server, wireguard will create a new network adapter as the same name as your server config file. Thus for our tutorial, the network adapter name would be “wg_server” Check if the network adapter is successfully created.
If you named your config file “Wireguard_Server.conf”, the network adapter created will also be name accordingly
Step 2.1: (Optional) Setting Adapter Profile
Now we have the wireguard adapter setup, it is recommended to change it to “Private” profile”, by defaults the adapter is added as “Public”. Private profile will allow greater compatibility for the clients (say you want to use some remote desktop etc.). Public profile may block these ports and services.
To Do this we run three simple PowerShell commands with admin privilege manually:
#Open powershell with admin privilege and run the following:
$NetworkProfile = Get-NetConnectionProfile -InterfaceAlias "wg_server"
$NetworkProfile.NetworkCategory = "Private"
Set-NetConnectionProfile -InputObject $NetworkProfile
Step 3: Enable Server Routing
Now that server is running, the client should be able to handshake (given that you have the correct ports open and forwarded correctly). However, you will notice the client won’t be able to access either the internet or the LAN network. This is because by default windows do not bridge or NAT the wireguard interface with your actual physical internet interface. In Linux this is done by some PostUp/PostDown firewall commands, which we do not use here. Instead, we use a PowerShell script to enable the NAT (or in Windows term “internet sharing”) function:
Function Set-NetConnectionSharing
{
Param
(
[Parameter(Mandatory=$true)]
[string]
$LocalConnection,
[Parameter(Mandatory=$true)]
[bool]
$Enabled
)
Begin
{
$netShare = $null
try
{
# Create a NetSharingManager object
$netShare = New-Object -ComObject HNetCfg.HNetShare
}
catch
{
# Register the HNetCfg library (once)
regsvr32 /s hnetcfg.dll
# Create a NetSharingManager object
$netShare = New-Object -ComObject HNetCfg.HNetShare
}
}
Process
{
#Clear Existing Share
$oldConnections = $netShare.EnumEveryConnection |? { $netShare.INetSharingConfigurationForINetConnection.Invoke($_).SharingEnabled -eq $true}
foreach($oldShared in $oldConnections)
{
$oldConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($oldShared)
$oldConfig.DisableSharing()
}
# Find connections
$InternetConnection = Get-NetRoute | ? DestinationPrefix -eq '0.0.0.0/0' | Get-NetIPInterface | Where ConnectionState -eq 'Connected'
$publicConnection = $netShare.EnumEveryConnection |? { $netShare.NetConnectionProps.Invoke($_).Name -eq $InternetConnection.InterfaceAlias }
$privateConnection = $netShare.EnumEveryConnection |? { $netShare.NetConnectionProps.Invoke($_).Name -eq $LocalConnection }
# Get sharing configuration
$publicConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($publicConnection)
$privateConfig = $netShare.INetSharingConfigurationForINetConnection.Invoke($privateConnection)
if ($Enabled)
{
$publicConfig.EnableSharing(0)
$privateConfig.EnableSharing(1)
}
else
{
$publicConfig.DisableSharing()
$privateConfig.DisableSharing()
}
}
}
Note: The shell script is originally created by igoravl, I made some modification to simplify the process and get rid of some errors for our wireguard server application.
https://gist.github.com/igoravl/db02a8769fd6af3028f7
This shell script is written as a custom function “Set-NetConnectionSharing” and needs to be loaded in PowerShell.
Save the script in the following location:
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\wireguard\wireguard.psm1
wireguard.psm1 needs to be in a folder named wireguard for the function to be loaded by powershell
Now you can open a PowerShell window with administrative privilege and run the following commands to enable / disable NAT for our wireguard server interface.
#"wg_server" is the wireguard adapter name, replace it if you have something different.
#Enable NAT
Set-NetConnectionSharing "wg_server" $true
#Disable NAT
Set-NetConnectionSharing "wg_server" $false
If everything goes well, when you open the properties panel of your main internet network adaptor (Ethernet 3 in my case) the following options should be ticked:
Notice also the “Home networking connection” field should be populated with your wireguard interface name (picture shows Wireguar_Server but should be wg_server if you are following the tutorial).
Technically you can do this through the windows gui using the properties menu manually, but having this script will allow you to automate the server start/stop process as you will see later on in the tutorial.
Now everything should be working correctly, the client should be able to reach the internet and LAN network you allow it to.
Step 3.1: Change Default Internet Connection Sharing IP
By default, when internet sharing (NAT) is enabled, Windows will change the IP address of the adapter to something else (to avoid conflicts). However, we already know what IP address we want to adapter to be (set in the [interface] block in our wireguard config), which is 192.168.200.1 in our case.
To modify the default IP Windows will switch to, we can simply change the setting in registry. Open Registry Editor and go to the following path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters
Then simply change ScopeAddress and ScopeAddressBackup to the IP address we desire (192.168.200.1 in our case).
Disable and re-enable Internet connection sharing (NAT) using the powershell command in Step 3 to make sure this change takes place (you might need to restart computer).
Step 4: Enable Persistent Internet Sharing On Restart (Updated 2/12/2020)
Since there is a windows bug that internet connection sharing will not auto start on reboot, we need to change a few settings to make sure internet sharing is started. The earlier tutorial used a scheduled task to accomplish this, but I’ve found a better way after reading the windows bug fix here.
Open the Service window and find “Internet Connection Sharing”:
Chang the startup type to “Automatic”:
After that’s done, finally we add a registry:
Path: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedAccess
Type: DWORD (32bit)
Setting: EnableRebootPersistConnection
Value: 1
Step 4.1 (Optional) Bat Files To Easily Start / Stop Server Manually
For convenience I also made two bat files to run these commands so I don’t have to open command prompt or PowerShell every time to start and stop the server.
Server start batch script: (save as “start.bat” and run with admin privilege)
@echo off
"C:\Program Files\WireGuard\wireguard.exe" /installtunnelservice "C:\Henry-Scripts\Wireguard_Server.conf"
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" Set-NetConnectionSharing "Wireguard_Server" $true
Server stop batch script: (save as “stop.bat” and run with admin privilege)
@echo off
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" Set-NetConnectionSharing "Wireguard_Server" $false
"C:\Program Files\WireGuard\wireguard.exe" /uninstalltunnelservice Wireguard_Server
Final Remarks:
Compared to Linux, setting up a windows wireguard server can be tricky. However, I have done most of the ground work for you (the PowerShell script to enable NAT). Running the PowerShell script on startup with 3 minutes delay is not elegant, but it works. There should be a way to run the task after the wireguard service is started and running, but I wasn’t able to get it to work. If you know how to get it to work, please share it with me.
参考来源:https://www.henrychang.ca/how-to-setup-wireguard-vpn-server-on-windows/
https://gist.github.com/igoravl/db02a8769fd6af3028f7
https://www.skyone.host/2024/wireguard-configure
发表评论: