Tu Cai WireGuard VPN tren VPS: Huong Dan Day Du

WireGuard co nhieu uu diem so voi OpenVPN va cac giao thuc VPN cu:

• Nhanh hon: WireGuard co code base chi ~4000 dong (so voi hon 100,000 dong cua OpenVPN). It code hon = it bo nho dem hon = nhanh hon va it loi hon
• Bao mat hon: Su dung cac thuat toan mat ma hien dai: ChaCha20, Poly1305, Curve25519, BLAKE2s. Tat ca deu duoc kiem tra security can than
• Ket noi nhanh hon: WireGuard ket noi trong vai mili giay, trong khi OpenVPN can hang giay
• Don gian hon: Cau hinh WireGuard chi can vai chuc dong, so voi hun hang tram dong cua OpenVPN
• Tien pin hon tren mobile: Thiet ke UDP-based giup WireGuard on dinh hon khi chuyen mang (4G sang Wifi)

WireGuard da duoc tich hop vao nhan Linux tu kernel 5.6, co nghia la no san sang su dung tren moi VPS Linux hien dai ma khong can cai them module.

Cai WireGuard tren Ubuntu/Debian VPS cua AnubizHost:

apt update && apt install -y wireguard

# Tao cap key cho server
cd /etc/wireguard
wg genkey | tee server_private.key | wg pubkey > server_public.key
chmod 600 server_private.key

# Tao cap key cho client (lam cho moi thiet bi)
wg genkey | tee client1_private.key | wg pubkey > client1_public.key

# Xem key da tao
cat server_public.key
cat client1_public.key

Tao file cau hinh WireGuard server (/etc/wireguard/wg0.conf):

[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = $(cat /etc/wireguard/server_private.key)
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = PASTE_CLIENT1_PUBLIC_KEY_HERE
AllowedIPs = 10.0.0.2/32

De WireGuard hoat dong nhu VPN (chuyen huong toan bo traffic), can bat IP forwarding:

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
sysctl -p

Mo cong WireGuard trong firewall va khoi dong dich vu:

ufw allow 51820/udp comment 'WireGuard VPN'
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

# Kiem tra trang thai
wg show

Tao file cau hinh cho client (luu thanh client1.conf):

[Interface]
Address = 10.0.0.2/24
PrivateKey = PASTE_CLIENT1_PRIVATE_KEY_HERE
DNS = 1.1.1.1

[Peer]
PublicKey = PASTE_SERVER_PUBLIC_KEY_HERE
Endpoint = your-vps-ip:51820
AllowedIPs = 0.0.0.0/0, ::/0  # Toan bo traffic qua VPN
PersistentKeepalive = 25

Chuyen file client1.conf sang thiet bi cua ban. Voi thiet bi di dong, tao QR code tu file cau hinh:

apt install -y qrencode
qrencode -t ansiutf8 < client1.conf

Quy trinh them thiet bi moi vao WireGuard VPN:

# Tao key cho client moi
cd /etc/wireguard
wg genkey | tee client2_private.key | wg pubkey > client2_public.key

# Them peer vao cau hinh server (ma khong can restart)
wg set wg0 peer $(cat client2_public.key) allowed-ips 10.0.0.3/32

# Luu cau hinh vao file
wg-quick save wg0

File cau hinh cho client2:

[Interface]
Address = 10.0.0.3/24
PrivateKey = $(cat client2_private.key)
DNS = 1.1.1.1, 9.9.9.9

[Peer]
PublicKey = $(cat server_public.key)
Endpoint = your-vps-ip:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Lenh WireGuard huu ich:

wg show              # Hien thi tat ca peers va thong ke
wg show wg0 peers    # Chi hien thi danh sach peer
wg set wg0 peer KEY remove    # Xoa peer cu the

WireGuard tren AnubizHost VPS Iceland cho phep ban co VPN ca nhan chat luong cao, toc do nhanh va hoan toan rieng tu - khong co nha cung cap VPN trung gian nao co quyen truy cap du lieu ket noi cua ban.