Skip to content

使用vps和wireguard提供homelab服务

背景

家里的宽带没有公网ip,某些服务需要在公网可以访问,不想使用ddns方案。使用个人感觉更简单的wireguard组网方案。

网络拓扑图

软硬件环境

1核心1GB内存 vps一个,ubuntu server 20.10

1核心1GB内存proxmox homelab vm一个, ubuntu server 20.10

操作

更新系统到最新版本

如果有必要就重启

# vps 和homelab系统
apt-get update && apt-get upgrade

vps 启用ipv4转发

(仅仅在vps端修改即可)

编辑/etc/sysctl.conf 

# 去掉这一行前面的注释
net.ipv4.ip_forward=1

让配置修改生效

sysctl -p 

安装wireguard,并生成各自的公私钥

(vps和homelab)

# 以下命令在vps和homelab端都执行
apt-get install wireguard
cd /etc/wiregaurd
umask 077; wg genkey | tee privatekey | wg pubkey > publickey

配置wireguard的interface

vps端配置文件wg0.conf

[Interface]
PrivateKey = vps生成的私钥
Address = 192.168.51.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey=homelab生成的公钥
AllowedIPs=192.168.51.2
PersistentKeepalive=25

homelab端配置文件wg0.conf

[Interface]
PrivateKey = homelab生成的私钥
Address = 192.168.51.2/24
[Peer]
PublicKey = vps生成公钥
AllowedIPs = 0.0.0.0/0
Endpoint = vps的服务器ip地址:51820
PersistentKeepalive = 25

启动wireguard服务

# vps和homelab都执行
wg-quick up wg0

验证组网成功

vps和homelab互ping ip

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 192.168.51.1  netmask 255.255.255.0  destination 192.168.51.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 113  bytes 7740 (7.7 KB)
        RX errors 2  dropped 0  overruns 0  frame 2
        TX packets 95  bytes 6100 (6.1 KB)
        TX errors 8  dropped 1 overruns 0  carrier 0  collisions 0

root@xxx:/etc/wireguard# ping 192.168.51.2
PING 192.168.51.2 (192.168.51.2) 56(84) bytes of data.
64 bytes from 192.168.51.2: icmp_seq=1 ttl=64 time=181 ms
64 bytes from 192.168.51.2: icmp_seq=2 ttl=64 time=180 ms
64 bytes from 192.168.51.2: icmp_seq=3 ttl=64 time=181 ms
64 bytes from 192.168.51.2: icmp_seq=4 ttl=64 time=181 ms
64 bytes from 192.168.51.2: icmp_seq=5 ttl=64 time=180 ms
64 bytes from 192.168.51.2: icmp_seq=6 ttl=64 time=181 ms
13: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 192.168.51.2/24 scope global wg0
       valid_lft forever preferred_lft forever
root@gateway:/etc/wireguard# ping 192.168.51.1
PING 192.168.51.1 (192.168.51.1) 56(84) bytes of data.
64 bytes from 192.168.51.1: icmp_seq=1 ttl=64 time=180 ms
64 bytes from 192.168.51.1: icmp_seq=2 ttl=64 time=180 ms
64 bytes from 192.168.51.1: icmp_seq=3 ttl=64 time=180 ms
Published inpve

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *