使用 WireGurad 组建局域网
1. 安装
-
Centos8 安装 wireguard
sudo yum install elrepo-release epel-release sudo yum install kmod-wireguard wireguard-tools -
Archlinux 安装 wireguard
sudo pacman -S wireguard-tools
其他发行版和平台请参考:https://www.wireguard.com/install/
2. 生成公钥和私钥
wg genkey | tee private.key | wg pubkey > public.key3. 配置服务器开启中转
`` echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf sudo sysctl -p /etc/sysctl.conf ``
4. 添加服务器 wireguard 配置
sudo touch /etc/wireguard/wg0.conf
[Interface]
# CIDR 网域配置
Address = 192.6.0.1/24
# 服务器端口
ListenPort = 34120
# 服务器上的私钥
PrivateKey = kJLH7O*************************ZRElym8=
# 第一个客户端
[Peer]
# 第一个客户端上的公钥
PublicKey = Enx****************************RkPhw1k=
# 第一个客户端的局域网ip
AllowedIPs = 192.6.0.2/32
# 第二个客户端
[Peer]
# 第二个客户端上的公钥
PublicKey = Z+pSLf*************************iBqUjg=
# 第二个客户端的局域网ip
AllowedIPs = 192.6.0.3/325.编辑客户端一的 wireguard 配置
sudo touch /etc/wireguard/wg0.conf
[Interface]
# 客户端的ip
Address = 192.6.0.2/32
# 客户端的私钥
PrivateKey = +Kcvb*************************d0Z/jM1c=
[Peer]
# 服务器的公开地址 端口
Endpoint = 121.1.17.32:34120
# 服务器的公钥
PublicKey = Hwzs*************************8NL//y20=
# 要转发流量的ip
# 即在客户端访问 192.6.0.1 - 192.6.0.255时都会转发到wireguard局域网
AllowedIPs = 192.6.0.0/24
# 客户端保活
PersistentKeepalive = 306.编辑客户端二的 wireguard 配置
sudo touch /etc/wireguard/wg0.conf
[Interface]
# 客户端的ip
Address = 192.6.0.3/32
# 客户端的私钥
PrivateKey = +bcvc*************************ds/jc1c=
[Peer]
# 服务器的公开地址 端口
Endpoint = 121.1.17.32:34120
# 服务器的公钥
PublicKey = Hwzs*************************8NL//y20=
# 要转发流量的ip
# 即在客户端访问 192.6.0.1 - 192.6.0.255时都会转发到wireguard局域网
AllowedIPs = 192.6.0.0/24
# 客户端保活30s ping一次
PersistentKeepalive = 30使用 wiregurad 管理局域网
wireguard-ui:
image: ngoduykhanh/wireguard-ui:latest
container_name: wireguard-ui
cap_add:
- NET_ADMIN
network_mode: host
environment:
- BIND_ADDRESS=0.0.0.0:5800
- SUBNET_RANGES=SR Name:10.8.8.1/24;
- WGUI_USERNAME=admin
- WGUI_PASSWORD=<You Password>
- WGUI_MANAGE_START=true
- WGUI_MANAGE_RESTART=true
- WGUI_SERVER_INTERFACE_ADDRESSES=10.8.8.1/24
- WGUI_DEFAULT_CLIENT_ALLOWED_IPS=10.8.8.1/24
- WGUI_DEFAULT_CLIENT_USE_SERVER_DNS=True
- WGUI_ENDPOINT_ADDRESS=<You Domain>
- WGUI_SERVER_LISTEN_PORT=<You Port>
- SESSION_SECRET=<You Secret Key>
logging:
driver: json-file
options:
max-size: 50m
volumes:
- ${PWD}/config/wireguard/data:/app/db
- /etc/wireguard:/etc/wireguard参考
- https://www.wireguard.com/install/
- https://www.wireguard.com/quickstart/
- https://wiki.archlinux.org/title/WireGuard
- https://docs.sweeting.me/s/wireguard
- https://tailscale.com/blog/how-nat-traversal-works/
- https://songxwn.com/WireGuard-UI-install/
- https://github.com/ngoduykhanh/wireguard-ui/blob/master/examples/docker-compose/system.yml
- https://yangpin.link/archives/1601.html