Merge pull request #21867 from DCOLIVERSUN/translating

translated

translated/tech/20210503 Configure WireGuard VPNs with NetworkManager.md

@@ -7,58 +7,56 @@
 [#]: publisher: ( )
 [#]: url: ( )
 
-Configure WireGuard VPNs with NetworkManager
+用 NetworkManager 配置 WireGuard 虚拟私有网络
 ======
 
 ![wireguard][1]
 
-Photo excerpted from [Thin Ethernet Ramble (TS 10:38)][2] by [High Treason][3]
+照片由[High Treason][3]节选自[Thin Ethernet Ramble (TS 10:38)][2]
 
-Virtual Private Networks (VPNs) are used extensively. Nowadays there are different solutions available which allow users access to any kind of resource while maintaining their confidentiality and privacy.
+<ruby>虚拟私有网络<rt>Virtual Private Networks</rt></ruby>应用广泛。如今有各种方案可供使用，用户可通过这些方案访问任意类型的资源，同时保持其机密性与隐私性。
 
-Lately, one of the most commonly used VPN protocols is WireGuard because of its simplicity, speed and the security it offers. WireGuard’s implementation started in the Linux kernel but currently it is available in other platforms such as iOS and Android among others.
+最近，WireGuard 因为其简单性、速度与安全性成为最广泛使用的虚拟私有网络协议之一。WireGuard 最早应用于 Linux 内核，但目前可以用在其他平台，例如 iOS、Android 等。
 
-WireGuard uses UDP as its transport protocol and it bases the communication between peers upon Critokey Routing (CKR). Each peer, either server or client, has a pair of keys (public and private) and there is a link between public keys and allowed IPs to communicate with. For further information about WireGuard please visit its [page][4].
+WireGuard 使用 UDP 作为其传输协议，基于 Critokey Routing (CKR) 建立对等节点之间的通信。服务器或客户端的每一个对等节点都有一对<ruby>密钥<rt>key</rt></ruby>（公钥与私钥），公钥与许可 IP 间建立通信连接。有关 WireGuard 更多信息请访问[主页][4]。
 
-This article describes how to set up WireGuard between two peers: PeerA and PeerB. Both nodes are running Fedora Linux and both are using NetworkManager for a persistent configuration.
+本文描述了如何在两个对等方——PeerA 与 PeerB——间设置 WireGuard。两个节点均运行 Fedora Linux 系统，使用 NetworkManager 为持久性配置。
 
-## **WireGuard set up and networking configuration**
+## **WireGuard 设置与网络配置**
 
-You are only three steps away from having a persistent VPN connection between PeerA and PeerB:
+在 PeerA 与 PeerB 之间建立持久性虚拟私有网络连接只需三步：
 
-  1. Install the required packages.
-  2. Generate key pairs.
-  3. Configure the WireGuard interfaces.
+  1. 安装所需软件包。
+  2. 生成<ruby>密钥对<rt>key pair</rt></ruby>。
+  3. 配置 WireGuard 接口。
 
+### **安装**
 
-
-### **Installation**
-
-Install the _wireguard-tools_ package on both peers (PeerA and PeerB):
+在两个对等节点（PeerA 与 PeerB）上安装 _wireguard-tools_ 软件包：
 
 ```
 $ sudo -i
 # dnf -y install wireguard-tools
 ```
 
-This package is available in the Fedora Linux updates repository. It creates a configuration directory at _/etc/wireguard/_. This is where you will create the keys and the interface configuration file.
+这个包可以从 Fedora Linux 更新库中找到。它在 _/etc/wireguard/_ 中创建一个配置目录。在这里你将创建密钥和接口配置文件。
 
-### **Generate the key pairs**
+### **生成密钥对**
 
-Next, use the _wg_ utility to generate both public and private keys on each node:
+现在，使用 _wg_ 工具在每个节点上生成公钥与私钥：
 
 ```
 # cd /etc/wireguard
 # wg genkey | tee privatekey | wg pubkey > publickey
 ```
 
-### **Configure the WireGuard interface on PeerA**
+### **在 PeerA 上配置 WireGuard 接口**
 
-WireGuard interfaces use the names: _wg0_, _wg1_ and so on. Create the configuration for the WireGuard interface. For this, you need the following items:
+WireGuard 接口命名规则为 _wg0_、_wg1_等等。完成下述步骤为 WireGuard 接口创建配置：
 
-  * The IP address and MASK you want to configure in the PeerA node.
-  * The UDP port where this peer listens.
-  * PeerA’s private key.
+  * PeerA 节点上配置想要的 IP 地址与 MASK。
+  * 该节点监听的 UDP 端口。
+  * PeerA 的私钥。
 
 
 
@@ -76,7 +74,7 @@ AllowedIPs = 172.16.1.2/32
 EOF
 ```
 
-Allow UDP traffic through the port on which this peer will listen:
+节点监听端口的许可 UDP 流量：
 
 ```
 # firewall-cmd --add-port=60001/udp --permanent --zone=public
@@ -84,14 +82,14 @@ Allow UDP traffic through the port on which this peer will listen:
 success
 ```
 
-Finally, import the interface profile into NetworkManager. As a result, the WireGuard interface will persist after reboots.
+最后，将接口配置文件导入 NetworkManager。因此，WireGuard 接口在重启后将持续存在。
 
 ```
 # nmcli con import type wireguard file /etc/wireguard/wg0.conf
 Connection 'wg0' (21d939af-9e55-4df2-bacf-a13a4a488377) successfully added.
 ```
 
-Verify the status of device _wg0_:
+验证 _wg0_ 的状态：
 
 ```
 # wg
@@ -130,16 +128,16 @@ IP6.GATEWAY:                            --
 -------------------------------------------------------------------------------
 ```
 
-The above output shows that interface _wg0_ is connected. It is now able to communicate with one peer whose VPN IP address is 172.16.1.2.
+上述输出显示接口 _wg0_ 已连接。现在，它可以和虚拟私有网络 IP 地址为 172.16.1.2 的对等节点通信。
 
-### Configure the WireGuard interface in PeerB
+### 在 PeerB 上配置 WireGuard 接口
 
-It is time to create the configuration file for the _wg0_ interface on the second peer. Make sure you have the following:
+现在可以在第二个对等节点上创建 _wg0_ 接口的配置文件了。确保你已经完成以下步骤：
 
-  * The IP address and MASK to set on PeerB.
-  * The PeerB’s private key.
-  * The PeerA’s public key.
-  * The PeerA’s IP address or hostname and the UDP port on which it is listening for WireGuard traffic.
+  * PeerB 节点上设置 IP 地址与 MASK。
+  * PeerB 的私钥。
+  * PeerA 的公钥
+  * PeerA 的 IP 地址或主机名、监听 WireGuard 流量的 UDP 端口。
 
 
 
@@ -157,14 +155,14 @@ Endpoint = peera.example.com:60001
 EOF
 ```
 
-The last step is about importing the interface profile into NetworkManager. As I mentioned before, this allows the WireGuard interface to have a persistent configuration after reboots.
+最后一步是将接口配置文件导入 NetworkManager。如上所述，这一步是重启后保持 WireGuard 接口持续存在的关键。
 
 ```
 # nmcli con import type wireguard file /etc/wireguard/wg0.conf
 Connection 'wg0' (39bdaba7-8d91-4334-bc8f-85fa978777d8) successfully added.
 ```
 
-Verify the status of device _wg0_:
+验证 _wg0_ 的状态：
 
 ```
 # wg
@@ -203,11 +201,11 @@ IP6.GATEWAY:                            --
 -------------------------------------------------------------------------------
 ```
 
-The above output shows that interface _wg0_ is connected. It is now able to communicate with one peer whose VPN IP address is 172.16.1.254.
+上述输出显示接口 _wg0_ 已连接。现在，它可以和虚拟私有网络 IP 地址为 172.16.1.254 的对等节点通信。
 
-### **Verify connectivity between peers**
+### **验证节点间通信**
 
-After executing the procedure described earlier both peers can communicate to each other through the VPN connection as demonstrated in the following ICMP test:
+完成上述步骤后，两个对等节点可以通过虚拟私有网络连接相互通信，以下是 ICMP 测试结果：
 
 ```
 [root@peerb ~]# ping 172.16.1.254 -c 4
@@ -218,13 +216,13 @@ PING 172.16.1.254 (172.16.1.254) 56(84) bytes of data.
 64 bytes from 172.16.1.254: icmp_seq=4 ttl=64 time=1.47 ms
 ```
 
-In this scenario, if you capture UDP traffic on port 60001 on PeerA you will see the communication relying on WireGuard protocol and the encrypted data:
+在这种情况下，如果你在 PeerA 端口 60001 上捕获 UDP 通信，则将看到依赖 WireGuard 协议的通信过程和加密的数据：
 
-![Capture of UDP traffic between peers relying on WireGuard protocol][5]
+![捕获依赖 WireGuard 协议的节点间 UDP 流量][5]
 
-## Conclusion
+## 总结
 
-Virtual Private Networks (VPNs) are very common. Among a wide variety of protocols and tools for deploying a VPN, WireGuard is a simple, lightweight and secure choice. It allows secure point-to-point connections between peers based on CryptoKey routing and the procedure is very straight-forward. In addition, NetworkManager supports WireGuard interfaces allowing persistent configurations after reboots.
+虚拟私有网络很常见。在用于部署虚拟私有网络的各种协议和工具中，WireGuard 是一种简单、轻巧和安全的选择。它可以基于 CryptoKey Routing 的对等节点间建立安全的<ruby>点对点通信<rt>point-to-point connection</rt></ruby>>，过程非常简单。此外，NetworkManager 支持 WireGuard 接口，允许重启后进行持久配置。
 
 --------------------------------------------------------------------------------
 
@@ -232,7 +230,7 @@ via: https://fedoramagazine.org/configure-wireguard-vpns-with-networkmanager/
 
 作者：[Maurizio Garcia][a]
 选题：[lujun9972][b]
-译者：[译者ID](https://github.com/译者ID)
+译者：[DCOLIVERSUN](https://github.com/DCOLIVERSUN)
 校对：[校对者ID](https://github.com/校对者ID)
 
 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出