发表更新尝尝鲜4 分钟读完 (大约591个字)

Wireguard 组网

随着上一篇 WireGuard 简易上手,已经对 WireGuard 有了一定了解。
接着我们可以通过 WireGuard 进行进阶的组网操作。

可以查看一下下面的网络图,简单来说我们可以通过WireGuard 使 NodeA,NodeB 互通,并且也能访问到 UbuntuC 中所在网段(单向)

MasterMaster192.168.234.128100.64.0.1OpenwrtAOpenwrt A192.168.123.11100.64.0.2100.64.1.1OpenwrtBOpenwrt B192.168.123.12100.64.0.3100.64.1.1UbuntuCUbuntu C192.168.31.10100.64.0.4NodeANode A100.64.1.10NodeBNode B100.64.2.10VMnet0Vmware NAT(INTERNET)192.168.234.0/24VMnet0->MasterVMnet0->OpenwrtAVMnet0->OpenwrtBVMnet1Vmware NAT1100.64.1.0/24VMnet1->OpenwrtAVMnet1->NodeAVMnet2Vmware NAT2100.64.2.0/24VMnet2->OpenwrtBVMnet2->NodeBVMnet3Vmware NAT3(DHCP)192.168.31.0/24VMnet3->UbuntuCWGWG NAT100.64.0.0/24WG->MasterServerWG->OpenwrtAWG->OpenwrtBWG->UbuntuC

构建测试环境

Master 和 Ubuntu 两台主机,可以按照之前教程进行配置。Openwrt 需要安装 wireguard-tools
使用VMware 的虚拟网络进行组网

配置 Openwrt LAN

分配给 Openwrt A/B 分别是 100.64.1.0/24, 100.64.2.0/24 需要通过修改 接口LAN 相关配置

配置 Wireguard

生成相应密钥对

Master

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[Interface]
PrivateKey = ELjtwIswOI/qSV6oDkRbOdaZt+CuLWSWu3rY1Wh0XUU=

Address = 100.64.0.1/24
SaveConfig = true

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens33 -j MASQUERADE

ListenPort = 65535

[Peer]
PublicKey = YUMWodweSGW3S8kY45xOeCZHX0LwNUekDTs7fYM09T0=
AllowedIPs = 100.64.0.2/32
[Peer]
PublicKey = Nn4Z/TSRHrbtp2z0YC09S88Lm0MBtiZeTlAhtZ4AJwI=
AllowedIPs = 100.64.0.3/32
[Peer]
PublicKey = 2g83ZgKl56O/swhR6vHaiMg5TBiKhkN5R71qEsbpNhA=
AllowedIPs = 100.64.0.4/32

Openwrt A

/etc/config/network 最后添加配置

1
2
3
4
5
6
7
8
9
10
11
12
config interface 'link_main'
        option proto 'wireguard'
        option private_key 'gNAl0GGk6zJr6IVJjaDAdJvgOAWRss2m3fLL6PCpl38='
        list addresses '100.64.0.2/32'

config wireguard_link_main 'main'
        option public_key '/8LTHNe886/h8IxhjMdbXJyYHlSQQAuIFXtZtRBdGH0='
        option endpoint_host '192.168.234.128'
        option endpoint_port '65535'
        option persistent_keepalive '25'
        option route_allowed_ips '1'
        list allowed_ips '100.64.0.0/24'

重启网络

1
/etc/init.d/network restart

Openwrt B

同上操作

1
2
3
4
5
6
7
8
9
10
11
12
config interface 'link_main'
        option proto 'wireguard'
        option private_key '8PGe5bj8/1+t632qIVrXH4qqRH1tuKvvlTKCdymyWW8='
        list addresses '100.64.0.3/32'

config wireguard_link_main 'main'
        option public_key '/8LTHNe886/h8IxhjMdbXJyYHlSQQAuIFXtZtRBdGH0='
        option endpoint_host '192.168.234.128'
        option endpoint_port '65535'
        option persistent_keepalive '25'
        option route_allowed_ips '1'
        list allowed_ips '100.64.0.0/24'

网络互通

Openwrt 间

Wireguard 组网

https://blog.kur4ge.com/2023/01/wireguard-network-link/

作者

Kur4ge

发布于

2023-01-27

更新于

2023-01-27

许可协议

#

评论

关注我

目录

链接

分类

最新文章

归档

标签

Chromium1
DNS1
Hexo1
Network1
WireGuard2
bangumi1
flexget1
homelab1
plex1
tutorial1
×