背景
家里的宽带没有公网ip,某些服务需要在公网可以访问,不想使用ddns方案。使用个人感觉更简单的wireguard组网方案。
网络拓扑图
软硬件环境
1核心1GB内存 vps一个,ubuntu server 20.10
1核心1GB内存proxmox homelab vm一个, ubuntu server 20.10
操作
更新系统到最新版本
如果有必要就重启
# vps 和homelab系统
apt-get update && apt-get upgrade
vps 启用ipv4转发
(仅仅在vps端修改即可)
编辑/etc/sysctl.conf
# 去掉这一行前面的注释
net.ipv4.ip_forward=1
让配置修改生效
sysctl -p
安装wireguard,并生成各自的公私钥
(vps和homelab)
# 以下命令在vps和homelab端都执行
apt-get install wireguard
cd /etc/wiregaurd
umask 077; wg genkey | tee privatekey | wg pubkey > publickey
配置wireguard的interface
vps端配置文件wg0.conf
[Interface]
PrivateKey = vps生成的私钥
Address = 192.168.51.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey=homelab生成的公钥
AllowedIPs=192.168.51.2
PersistentKeepalive=25
homelab端配置文件wg0.conf
[Interface]
PrivateKey = homelab生成的私钥
Address = 192.168.51.2/24
[Peer]
PublicKey = vps生成公钥
AllowedIPs = 0.0.0.0/0
Endpoint = vps的服务器ip地址:51820
PersistentKeepalive = 25
启动wireguard服务
# vps和homelab都执行
wg-quick up wg0
验证组网成功
vps和homelab互ping ip
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 192.168.51.1 netmask 255.255.255.0 destination 192.168.51.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 113 bytes 7740 (7.7 KB)
RX errors 2 dropped 0 overruns 0 frame 2
TX packets 95 bytes 6100 (6.1 KB)
TX errors 8 dropped 1 overruns 0 carrier 0 collisions 0
root@xxx:/etc/wireguard# ping 192.168.51.2
PING 192.168.51.2 (192.168.51.2) 56(84) bytes of data.
64 bytes from 192.168.51.2: icmp_seq=1 ttl=64 time=181 ms
64 bytes from 192.168.51.2: icmp_seq=2 ttl=64 time=180 ms
64 bytes from 192.168.51.2: icmp_seq=3 ttl=64 time=181 ms
64 bytes from 192.168.51.2: icmp_seq=4 ttl=64 time=181 ms
64 bytes from 192.168.51.2: icmp_seq=5 ttl=64 time=180 ms
64 bytes from 192.168.51.2: icmp_seq=6 ttl=64 time=181 ms
13: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 192.168.51.2/24 scope global wg0
valid_lft forever preferred_lft forever
root@gateway:/etc/wireguard# ping 192.168.51.1
PING 192.168.51.1 (192.168.51.1) 56(84) bytes of data.
64 bytes from 192.168.51.1: icmp_seq=1 ttl=64 time=180 ms
64 bytes from 192.168.51.1: icmp_seq=2 ttl=64 time=180 ms
64 bytes from 192.168.51.1: icmp_seq=3 ttl=64 time=180 ms
Be First to Comment