安装
从 https://github.com/Lochnair/vyatta-wireguard/releases 下载对应的包
ERL, ER等 mips架构的,下载 octeon 版本
ERX 下载 ralink版本。
可以选择上传到路由上,或者ssh登录路由,sudo su到root,执行类似如下的命令
1 |
curl https://github.com/Lochnair/vyatta-wireguard/releases/download/0.0.20170612-2/wireguard-octeon-0.0.20170612-2.deb -o wireguard-octeon-0.0.20170612-2.deb |
或
1 |
curl https://github.com/Lochnair/vyatta-wireguard/releases/download/0.0.20170612-2/wireguard-ralink-0.0.20170612-2.deb -o wireguard-ralink-0.0.20170612-2.deb |
下载完成后
1 |
dpkg -i xxx.deb |
配置
执行下列命令生成私钥、共享密钥,公钥
1 2 3 4 |
wg genkey > /config/auth/wg.private wg genpsk > /config/auth/wg.psk chmod 0600 /config/auth/wg.* wg pubkey < /config/auth/wg.private |
将最后一个命令的输出复制下来,配置到服务器端
获取服务器端的公钥,替换下文的“公钥”并执行命令
1 2 3 4 5 6 7 8 9 10 |
configure set interfaces wireguard wg0 address 192.168.10.40/24 set interfaces wireguard wg0 listen-port 本地端口 set interfaces wireguard wg0 peer 公钥 allowed-ips 0.0.0.0/0 set interfaces wireguard wg0 peer 公钥 endpoint '服务器IP:端口' set interfaces wireguard wg0 peer 公钥 preshared-key /config/auth/wg-eos.psk set interfaces wireguard wg0 private-key /config/auth/wg.private set interfaces wireguard wg0 route-allowed-ips false commit save |
配置好设备后,配置nat服务
1 2 3 4 5 |
configure set service nat rule 5032 outbound-interface wg0 set service nat rule 5032 type masquerade commit save |
剩下就是配置路由规则了,可以参考我的其他blog.
EdgeRouter 部署 WireGuard by @sskaje: https://sskaje.me/2017/06/deploy-wireguard-on-edgerouter/
Incoming search terms:
- wireguard
- wireguard edgerouter
- edgeos wiregaurd
- edgeos wireguard
- cryfbg
- develop2mb
- eaten3nd
- edge router wireguard
- flowftz
- terribleva9
- vapork91
- winter9qs
- yellowsa9
Link to this post!