# 启用系统级 IP 路由转发（永久生效）
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "IPEnableRouter" -Value 1

# 立即启用 IPv4 全局转发（无需重启）
netsh interface ipv4 set global forwarding=enabled

# 放行 WireGuard 端口（UDP 51820，可自定义）
New-NetFirewallRule -DisplayName "WireGuard" -Direction Inbound -Protocol UDP -LocalPort 51820 -Action Allow




Get-NetNat
Get-NetNatSession # 查看活跃 NAT 会话


# 启用所有网络接口的 IPv4 转发
Set-NetIPInterface -AddressFamily IPv4 -Forwarding Enabled

# 验证是否启用成功
Get-NetIPInterface -AddressFamily IPv4 | Select InterfaceAlias, Forwarding




<br>
[Interface]
# 服务端私钥（用 wg genkey 生成）
PrivateKey = 你的服务端私钥
# 服务端虚拟 IP
Address = 10.0.0.1/24
# 监听端口
ListenPort = 51820

# 启动时：创建 NAT + 放行转发
PostUp = powershell -Command "New-NetNat -Name WireGuardNAT -InternalIPInterfaceAddressPrefix 10.0.0.0/24; netsh advfirewall firewall add rule name='WireGuard Forward' dir=in action=allow remoteip=10.0.0.0/24"
# 停止时：删除 NAT + 清理规则
PostDown = powershell -Command "Remove-NetNat -Name WireGuardNAT -Confirm:$false; netsh advfirewall firewall delete rule name='WireGuard Forward'"

# 客户端1
[Peer]
PublicKey = 客户端1公钥
AllowedIPs = 10.0.0.2/32

# 客户端2
[Peer]
PublicKey = 客户端2公钥
AllowedIPs = 10.0.0.3/32
</br>



New-NetIPAddress -IPAddress <NAT Gateway IP> -PrefixLength <NAT Subnet Prefix Length> -InterfaceIndex <ifIndex>




New-NetNat -Name <NATOutsideName> -InternalIPInterfaceAddressPrefix <NAT subnet prefix>