2. 云服务器安装wireguard
1. 查看内核版本¶
uname -r
# wireguard 需要内核5.4以上!
# 如果没达到,则需要安装5.4以上的内核!
root@baiduyun:~# uname -r
5.4.0-81-generic
2. 环境准备¶
# 公网IP:
#已有7
#新加1
# 准备创建的内网IP为
10.0.8.1
10.0.8.2
10.0.8.3
10.0.8.4
10.0.8.5
10.0.8.6
10.0.8.7
#新加
10.0.8.8
3. 安装WireGuard¶
sudo apt install wireguard -y
4. 生成通信密钥¶
sudo -i
#1. 进入wireguard配置文件目录
cd /etc/wireguard
ls
#2. 生成公钥和私钥
wg genkey | tee privatekey | wg pubkey > publickey
#3.查看密钥
ls /etc/wireguard
5. 网络规划¶
| 代号 | WireGuard 内部使用 | 服务商给的公网 IP | 说明 |
|---|---|---|---|
| M1 | 10.0.8.1/24 | 此节点作为服务节点 | |
| S1 | 10.0.8.2/24 | ||
| S2 | 10.0.8.3/24 | ||
| S3 | 10.0.8.4/24 | ||
| S4 | 10.0.8.5/24 | ||
| S5 | 10.0.8.6/24 | ||
| S6 | 10.0.8.7/24 | ||
| S7 | 10.0.8.8/24 | 新加 |
6. 创建S7节点的配置文件¶
1. 查看S7的私钥¶
# S7
cat /etc/wireguard/privatekey
root@baiduyun:/etc/wireguard# cat /etc/wireguard/privatekey
MEo87mTSXi/qoaukgPtCt7fK2r6SFqYmz2zA7E0W5FQ=
2. S7配置文件¶
# S7
vim /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.8.8 #1 这里改为要设置的内网IP
SaveConfig = true
ListenPort = 49152
PrivateKey = MEo87mTSXi/qoaukgPtCt7fK2r6SFqYmz2zA7E0W5FQ= #2 这里需要改为自己的私钥
[Peer]
PublicKey = QTZwHHuNp2H97eff46Hm5WzXL8DWJ89q/0e1BdkYV08=
Endpoint = 120.27.220.47:49152
AllowedIPs = 10.0.8.0/24
7. 修改M1节点的配置文件¶
1. 查看S7的公钥¶
#S7
cat /etc/wireguard/publickey
root@baiduyun:/etc/wireguard# cat /etc/wireguard/publickey
ojM/eHQ4By7WjNHeAxkH+Jzs7S0PuXrKZbZZx0zHTx8=
2. 关闭master上的wg0网络¶
# M1,貌似不关闭的话,修改不了配置文件!
wg-quick down wg0
3. 修改M1配置文件¶
# M1
vim /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.8.1
SaveConfig = true
ListenPort = 49152
PrivateKey = KIwSZNjGR8nt6hPGDy20VpbRGMSZyYfvOksestb9D0g=
[Peer]
PublicKey = /RQdv4PgvrlO5E4Y3tDntYSSt4MXQQMdZN9hbpRzhWw=
Endpoint = 81.70.42.71:49152 # 这一行不加应该也可以???
AllowedIPs = 10.0.8.2/32
[Peer]
PublicKey = LH7tpf6/Os/ul8mH4pFu/0rnjosY3gcsiwKRJZyd1G4=
Endpoint = 81.70.4.171:49152
AllowedIPs = 10.0.8.3/32
[Peer]
PublicKey = WCaTti5cPes194M/sqKPhzwDHYD0FYbJH5LblA9QKDo=
Endpoint = 52.53.223.25:49152
AllowedIPs = 10.0.8.4/32
[Peer]
PublicKey = pV4NzZe2H9UteVkfoAWSUayT3o8hjaLU60jpcxZNmAQ=
AllowedIPs = 10.0.8.5/32
Endpoint = 42.192.132.182:49152
[Peer]
PublicKey = wPEOl9+9fFa3O6HHSmvxaxPlZy4HN4gCTY/q/vOZIS8=
AllowedIPs = 10.0.8.6/32
Endpoint = 139.198.106.219:49152
[Peer]
PublicKey = JVGUiRsVVg7VEVgZqnPhXCya0ZMC12xmX9CTiZL2imM=
AllowedIPs = 10.0.8.7/32
Endpoint = 124.70.191.191:49152
# 新加下面4行,
[Peer]
PublicKey = ojM/eHQ4By7WjNHeAxkH+Jzs7S0PuXrKZbZZx0zHTx8= #1 改为s7的publickey
AllowedIPs = 10.0.8.8/32 #2 改为10.0.8.8/32
# Endpoint = 120.48.19.219:49152 #3 这个貌似不写也行,本机的IP
8. 开启防火墙¶
# all
# 由于都是使用的49152端口,所以防火墙需要开启 udp/49152
9. master节点启动网络接口¶
# master
wg-quick up wg0
root@ali:~# wg-quick down wg0
[#] wg showconf wg0
[#] ip link delete dev wg0
root@ali:~#
root@ali:~#
root@ali:~#
root@ali:~# vim /etc/wireguard/wg0.conf
root@ali:~#
root@ali:~# wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.8.1/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.0.8.7/32 dev wg0
[#] ip -4 route add 10.0.8.6/32 dev wg0
[#] ip -4 route add 10.0.8.5/32 dev wg0
[#] ip -4 route add 10.0.8.4/32 dev wg0
[#] ip -4 route add 10.0.8.3/32 dev wg0
[#] ip -4 route add 10.0.8.2/32 dev wg0
10. S7启动网络接口¶
# s7
wg-quick up wg0
root@huawei:/etc/wireguard# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.111 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::f816:3eff:fe56:f1a2 prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:56:f1:a2 txqueuelen 1000 (Ethernet)
RX packets 32060 bytes 36953037 (36.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16144 bytes 1796663 (1.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 390 bytes 36102 (36.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 390 bytes 36102 (36.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 10.0.8.7 netmask 255.255.255.255 destination 10.0.8.7
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
11. S7内网互通测试!¶
# S6
ping 10.0.8.1 -c 2
ping 10.0.8.2 -c 2
ping 10.0.8.3 -c 2
ping 10.0.8.4 -c 2
ping 10.0.8.5 -c 2
ping 10.0.8.6 -c 2
最后更新:
2022-02-18 07:50:18