Ubuntu部署WireGuard

安装WireGuard

按照官方说明,可以使用下列命令装依赖,不够的自己看着装

直接从git里拉。

直接make就行

配置

参考前一篇文章“WireGuard wg-quick PostUp的高级玩法”,可以直接无视官方和其他各种第三方给的教程。

前文给了一个参考的配置。

按上述配置,假定的网络环境如下:
服务器:IP 1.1.1.1,WireGuard内网 IP 192.168.10.1,公网环境
节点1: IP 2.2.2.2,WireGuard内网 IP 192.168.10.40,LAN IP 192.168.1.0/24
节点2: IP 3.3.3.3,WireGuard内网 IP 192.168.10.50,LAN IP 192.168.2.0/24

此处,服务器、节点1、节点2均有公网IP

如果节点IP不固定,或者是没有公网IP,那就改为如下配置

VPS上,将配置文件保存为 /etc/wireguard/wg0.conf,执行下列命令,启用Wireguard:

为了让网络正常工作,还需要在VPS的公网接口上启用NAT

修改 /etc/sysctl.conf,启用 ‘net.ipv4.ip_forward=1‘,然后执行 ‘sysctl -p

接下来是大招

You are not authorised to read all content in this post.

Please login…

Ubuntu部署WireGuard by @sskaje: https://sskaje.me/2017/06/deploy-wireguard-on-ubuntu/

WireGuard wg-quick PostUp的高级玩法

真的很高级。

wg-quick是WireGuard用来启动网络设备的**脚本**。

注意了,迄今为止,wg-quick是用bash写的一个脚本,不知道未来会不会变,至少目前shebang是

Continue reading “WireGuard wg-quick PostUp的高级玩法” »

WireGuard wg-quick PostUp的高级玩法 by @sskaje: https://sskaje.me/2017/06/wireguard-wg-quick-postup%e7%9a%84%e9%ab%98%e7%ba%a7%e7%8e%a9%e6%b3%95/

EdgeRouter 策略路由实现分析

最近家里的路由规则越来越复杂,而且越来越好用。正好昨天跟朋友讨论他的家用路由改造方案,所以研究了一下EdgeRouter的策略路由(Policy-based Routing,PBR)的实现。

我家里的路由是EdgeRouter Lite,固件1.9.1.1,这个实现跟固件关系不大。

首先,我们可以参考一下官方的文档:EdgeRouter – Policy-based routing (source address based)

Continue reading “EdgeRouter 策略路由实现分析” »

EdgeRouter 策略路由实现分析 by @sskaje: https://sskaje.me/2017/06/edgerouter-policy-based-routing-analysis/

EdgeRouter + SoftEther Policy-based Routing Error

I have protocol config like

SoftEther TAP device name is tap_se, local ip is 192.168.10.2, remote ip 192.168.10.1.

Internet is connected via pppoe0.

Policy-based routing modified to table 4 route traffic to pppoe0 rather than tap_se.

Check current route table:

In my previous post, I added a softether start-up script in /config/scripts/post-config.d/.
I guess vpnserver is launched after policy-based routing rules been applied, that causes policy-based routing find no device/connected routes for 192.168.10.1, then pppoe0 is picked.

I don’t have any good idea (add custom config template is a good choice, but i’m lazy zzZZ..), just disable and re-enable that route table after router is booted.

EdgeRouter + SoftEther Policy-based Routing Error by @sskaje: https://sskaje.me/2017/06/edgerouter-softether-policy-based-routing-error/