← ClaudeAtlas

vpnlisted

VPN 配置与管理
ryukyagamilight/terminal-skills · ★ 1 · AI & Automation · score 75
Install: claude install-skill ryukyagamilight/terminal-skills
# VPN 配置与管理 ## 概述 OpenVPN、WireGuard、IPSec VPN 配置与管理技能。 ## WireGuard ### 安装 ```bash # Debian/Ubuntu apt install wireguard # CentOS/RHEL yum install epel-release elrepo-release yum install kmod-wireguard wireguard-tools # 验证安装 wg --version ``` ### 生成密钥 ```bash # 生成私钥 wg genkey > privatekey # 从私钥生成公钥 wg pubkey < privatekey > publickey # 一步生成 wg genkey | tee privatekey | wg pubkey > publickey # 生成预共享密钥(可选,增强安全) wg genpsk > presharedkey ``` ### 服务端配置 ```bash # /etc/wireguard/wg0.conf [Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = <server_private_key> # 启用 IP 转发 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <client_public_key> AllowedIPs = 10.0.0.2/32 ``` ### 客户端配置 ```bash # /etc/wireguard/wg0.conf [Interface] Address = 10.0.0.2/24 PrivateKey = <client_private_key> DNS = 8.8.8.8 [Peer] PublicKey = <server_public_key> Endpoint = server.example.com:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25 ``` ### 管理命令 ```bash # 启动 wg-quick up wg0 systemctl start wg-quick@wg0 # 停止 wg-quick down wg0 systemctl stop wg-quick@wg0 # 开机启动 systemctl enable wg-quick@wg0 # 查看状态 wg show wg show wg0 # 添加 peer wg set wg0 peer <public_key> allowed-ips 10.0.0.3/32 ``` ## OpenVPN ### 安装 ```bash # Debian/Ubuntu apt install openvpn easy-rsa # CentOS/RHEL yum install epel-release yum install op