sskaje's blog, study & research on technology
之前写过一个版本,基于380.x的,一开始好用,最近过来发现不好使了。索性把家里路由升级到384.9,重新配置。 拓扑结构基本不变,增加了需求让两边家里能互通,所以把NAT关了。 这回直接简化,搞了个github的repo,https://github.com/sskaje/merlin-pbr,把jffs的配置脚本放进去了,依旧是 dnsmasq + ipset,但是openvpn-event脚本 也可以手工维护路由列表,自动走openvpn的网卡。 Incoming search terms:killizjLink to this post!
前言 Network Topology RT-AC68U 使用PPPoE拨号上网,但是分配的IP是100.64.204.111, 看着像公网IP实际却是Carrier-grade NAT. 现在需要将RT-AC68U与一台在公网的EdgeRouter使用OpenVPN Site-to-Site连接起来,并在RT-AC68U端实现policy-based routing。 需要让RT-AC68U下的所有设备能访问EdgeRouter LAN的网络,并根据需求透过VPS访问指定互联网。 本实验参考下列文章: Set up OpenVPN Site-to-Site on UBNT EdgeRouter Lite EdgeRouter OpenVPN Connectivity Monitor EdgeRouter 策略路由实现分析 EdgeRouter Policy Based Routing Using DNSMASQ IPSET Incoming search terms:asus merlinmerlin openvpn policy basedunderkdfasus ac88 site to site openvpnshout6uxrunningafxopenvpn pbr iptables tagsofficesn8nosev67nervous8xdleft1i1golden2w5dryu82Create NAT on tunnelcountryljycopyozjcontinued8x6boxz65been1nnasus openvpnLink to this … Continue reading “OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter”
I have flashed my Asus RT-AC68U to Merlin, SSH has been enabled. This is a tutorial about setting up WPAD on Asus router. Environment Router: RT-AC68U Firmware: Merlin 380.59 Router IP: 192.168.1.1 Local Domain: my.home.local Router Admin Account: admin DHCPd: dnsmasq Prepare SSH to router, and check files.
|
1 |
ssh admin@192.168.1.1 |
Web root is set to /www, … Continue reading “Setup WPAD on Asus Merlin”
前言 我的阿里云服务器网络处于混合过度模式,逐步从经典网络往专有网络迁移。 之前每台经典网络主机都申请了公网IP和带宽,实际上对于大多数主机的业务而言,并不需要对外提供网络服务,只需要能访问外网即可。 所以这次新加的主机部分都没有去加弹性公网IP。 于是带来了问题:内网主机如何访问外网? 阿里云的dnat方案太贵了。不考虑。 尝试过本地配置网关,但是实验证明,阿里云的VPC交换机不是一个纯粹的二层交换,也许是设计有问题,也许是刻意阻止用户自己拿一台能访问公网的主机当内网网关。 所以这次使用WireGuard实现网络架构调整。 阿里云的经典网络主机里加了几条默认的路由:
|
1 2 3 |
10.0.0.0/8 172.16.0.0/12 100.64.0.0/10 |
前两个都好说,第三个是运营商级的NAT网络地址,之前在 OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter 里提过贵州电信的光纤网络对外就是这个地址段。 WireGuard的配置过程参考之前的文章,此处不多解释,只贴配置。 Incoming search terms:edgerouter wiregaurdwireguard vps部署WireGuard 全球 网DDDDDD===]D-==;PPPPP2]Q2]2]]]2]2]centos7 wireguardwireguard 内网wireguard节点equipmentc1qPackage: 1:wireguard-dkms-0 0 20181018-1 el7 noarch (jdoss-wireguard) Requires: dkmslackwwgfurtherpgnfollowe55exercise2lcError: Package: 1:wireguard-dkms-0 0 20181018-1 el7 noarch (jdoss-wireguard) Requires: dkError: Package: 1:wireguard-dkms-0 0 20180910-1 el7 noarch (jdoss-wireguard) … Continue reading “使用WireGuard为阿里云专有网络主机提供外网访问”
Previously, I wrote Setup WPAD on Asus Merlin. Similar on EdgeRouter. 1 Configure Domain name. System
|
1 |
set system domain-name int.sskaje.me |
DHCP service
|
1 |
set service dhcp-server shared-network-name dhcp-lan subnet 192.168.32.0/20 domain-name int.sskaje.me |
2 Prepare wpad.dat I don’t have wpad.dat deployed on my router, but an internal Ubuntu server with nginx as httpd, IP 192.168.36.20. wpad.dat is located to default server root, if you have your custom, make … Continue reading “Setup WPAD on EdgeRouter”