Ubuntu系统入门教程-整合wireguard实现异域局域网
Ubuntu系统入门教程-整合wireguard实现异域网
说明:
- 介绍如何实现搭建wireguard异域网
- 环境: ubuntu20.04/ubuntu22.04
拓扑结构:
- 设备A:ubuntu服务器端, 位于外部机房, 假设公网IP: 192.168.0.128, wireguard内网IP:192.168.6.1
- 设备B:ubuntu客户端, 位于办公室, wireguard内网IP:192.168.6.2
- 可以根据自己实际情况修改安装脚本对应的IP
1.设备A配置:
- 安装RCM
rm online.sh ; wget https://gitee.com/ncnynl/commands/raw/master/online.sh ; sudo chmod +x ./online.sh; ./online.sh
- 使用RCM安装和配置wireguard服务器端
cs -s install_wireguard_server.sh
- 确认安装
- 脚本的具体地址:~/commands/common/shell/install_wireguard_server.sh
- 可以根据自己的ip地址配置后再执行安装
- 安装之后,wg的配置位于/etc/wireguard/wg0.conf
- 查看设备A的虚拟网卡信息
$ sudo wg
interface: wg0
public key: cDXCWwz2s10FALcYVNTsj6Uun3u0QrejlCfgXgf/gEw=
private key: (hidden)
listening port: 41194
peer: UvDnhrifD61CKVXjM5P3KSd/819fJnVI7wtOMVijFls=
endpoint: 192.168.0.130:42510
allowed ips: 192.168.6.0/24
latest handshake: 1 minute, 12 seconds ago
transfer: 24.03 KiB received, 3.59 KiB sent
- 如果修改wg0.conf配置文件,重启服务
sudo systemctl restart wg-quick@wg0.service
- 查看服务状态
$ sudo systemctl status wg-quick@wg0.service
wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2022-12-29 15:03:22 CST; 1h 4min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 7708 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 7708 (code=exited, status=0/SUCCESS)
CPU: 54ms
Dec 29 15:03:22 ROS-EASY-NUC22 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: Warning: `/etc/wireguard/wg0.conf' is world accessi>
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] ip link add wg0 type wireguard
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] wg setconf wg0 /dev/fd/63
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] ip -4 address add 192.168.6.1/24 dev wg0
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] ip link set mtu 1420 up dev wg0
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] /etc/wireguard/helper/add-nat-routing.sh
Dec 29 15:03:22 ROS-EASY-NUC22 systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
2.设备B配置:
- 安装RCM
rm online.sh ; wget https://gitee.com/ncnynl/commands/raw/master/online.sh ; sudo chmod +x ./online.sh; ./online.sh
- 记录设备A的publickey
cat /etc/wireguard/publickey
- 使用RCM安装和配置wireguard客户端
cs -s install_wireguard_client.sh
- 确认安装,期间提供设备A的publickey和设备A的IP地址192.168.0.128
- 脚本的具体地址:~/commands/common/shell/install_wireguard_client.sh
- 可以根据自己的ip地址配置后再执行安装
- 安装之后,wg的配置位于/etc/wireguard/wg0.conf
- 查看设备B的虚拟网卡信息
$ sudo wg
- 如果修改wg0.conf配置文件,重启服务
sudo systemctl restart wg-quick@wg0.service
- 查看服务状态
$ sudo systemctl status wg-quick@wg0.service
3.设备A防火墙配置:
- 记录设备B的publickey
cat /etc/wireguard/publickey
- 使用RCM配置wireguard服务端的防火墙
cs -s install_wireguard_server_firewall.sh
- 确认安装, 期间提供设备B的配对的publickey
- 脚本的具体地址:~/commands/common/shell/install_wireguard_server_firewall.sh
- 可以根据自己的ip地址配置后再执行安装
- 安装之后,wg的配置位于/etc/wireguard/helper/*.sh
- 安装完这一步才能正式建立设备A和设备B的内部局域网
测试:
- 在设备A ping 设备B
$ ping 192.168.6.2
PING 192.168.6.2 (192.168.6.2) 56(84) bytes of data.
64 bytes from 192.168.6.2: icmp_seq=1 ttl=64 time=20ms
64 bytes from 192.168.6.2: icmp_seq=2 ttl=64 time=20ms
- 在设备B ping 设备A
$ ping 192.168.6.1
PING 192.168.6.1 (192.168.6.1) 56(84) bytes of data.
64 bytes from 192.168.6.1: icmp_seq=1 ttl=64 time=20ms
64 bytes from 192.168.6.1: icmp_seq=2 ttl=64 time=20ms
参考:
- https://www.wireguard.com/quickstart/
- https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
- https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/
- https://devld.me/2020/07/27/wireguard-setup/
获取最新文章: 扫一扫右上角的二维码加入“创客智造”公众号