最後更新: 2023-11-24

WireGuard 簡介

WireGuard securely encapsulates IP packets over UDP.

核心

WireGuard interface

It works by adding a network interface (wg0, wg1, etc), like eth0 or wlan0, called.

Cryptokey Routing

Each network interface has a private key and a list of peers.
Each peer has a public key.
Public keys with a list of tunnel IP addresses that are allowed inside the tunnel.(AllowedIPs)

Public key must be unique between multiple peers on the same tunnel. Otherwise,
 traffic to the conflicting networks will only be routed to the last peer in the list.

優點

Minimal Attack Surface

It is meant to be easily implemented in very few lines of code,
 and easily auditable for security vulnerabilities.

High Performance

WireGuard lives inside the Linux kernel

Simple & Easy-to-use

At the heart of WireGuard is a concept called Cryptokey Routing
simply match on "is it from this IP? on this interface?

Ready for Containers

Known Limitations

• WireGuard does not focus on obfuscation
• WireGuard explicitly does not support tunneling over TCP
• WireGuard uses ChaCha20Poly1305
  (does not support hardware encryption devices)

Other Project

• tailscale
• headscale

目錄

• 同時建立 wireguard 的 pri & pub key

常見的死機不外乎三個原因

1. 軟件問題
2. 硬件問題
3. 受攻擊

如果係硬體問題的話, 不外於以下三個原因

1. 主機板老化
2. RAM 老化
3. CPU 老化

主機板只有目測而已, 而且多數電溶會漲左的

而 Ram , 我們可以用 memtest86 的軟件來測試

而 cpuburn 則是測試 CPU 的軟件來