图形化WireGuard-WG-EASY安装流程

VPS上安装的是ubuntu，以下都是以ubuntu进行举例：（也可以参考：WireGuard来创建虚拟网络）

1）安装docker

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

2）安装WireGuard Easy

docker run --detach \
  --name wg-easy \
  --env LANG=de \
  --env WG_HOST=服务器IP地址 \
  --env PASSWORD_HASH='你的HASH形式的密码' \
  --env PORT=51821 \
  --env WG_PORT=51820 \
  --volume ~/.wg-easy:/etc/wireguard \
  --publish 51820:51820/udp \
  --publish 51821:51821/tcp \
  --cap-add NET_ADMIN \
  --cap-add SYS_MODULE \
  --sysctl 'net.ipv4.conf.all.src_valid_mark=1' \
  --sysctl 'net.ipv4.ip_forward=1' \
  --restart unless-stopped \
  ghcr.io/wg-easy/wg-easy

如何获取HASH形式的密码

docker run --rm -it ghcr.io/wg-easy/wg-easy wgpw 'YOUR_PASSWORD'
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD

注意：’YOUR_PASSWORD’的引号一定要有

3）如何更新WireGuard Easy

docker stop wg-easy
docker rm wg-easy
docker pull ghcr.io/wg-easy/wg-easy

参考资料：WireGuard Easy

4）注意事项

默认的端口号一般很快就会被封，建议更改其它高端口号

MTU值从1420改为1380或者1280

用udp2raw工具把udp流量伪装成tcp流量

sudo udp2raw -s -l 端口号 -r 远程服务器地址 -a

配合动态端口转发

iptables -t nat -A PREROUTING -p udp --dport 51820 -j REDIRECT --to-port 12345

使用KeepAlive

[Peer]
PersistentKeepalive = 25

5）unraid上的设置