Home » Ubuntu系统入门教程 » Ubuntu系统入门教程-整合wireguard实现异域局域网

Ubuntu系统入门教程-整合wireguard实现异域局域网

Ubuntu系统入门教程-整合wireguard实现异域网

说明:

  • 介绍如何实现搭建wireguard异域网
  • 环境: ubuntu20.04/ubuntu22.04

拓扑结构:

  • 设备A:ubuntu服务器端, 位于外部机房, 假设公网IP: 192.168.0.128, wireguard内网IP:192.168.6.1
  • 设备B:ubuntu客户端, 位于办公室, wireguard内网IP:192.168.6.2
  • 可以根据自己实际情况修改安装脚本对应的IP

1.设备A配置:

  • 安装RCM
rm online.sh ; wget https://gitee.com/ncnynl/commands/raw/master/online.sh ; sudo chmod +x ./online.sh; ./online.sh
  • 使用RCM安装和配置wireguard服务器端
cs -s install_wireguard_server.sh
  • 确认安装
  • 脚本的具体地址:~/commands/common/shell/install_wireguard_server.sh
  • 可以根据自己的ip地址配置后再执行安装
  • 安装之后,wg的配置位于/etc/wireguard/wg0.conf
  • 查看设备A的虚拟网卡信息
$ sudo wg
interface: wg0
  public key: cDXCWwz2s10FALcYVNTsj6Uun3u0QrejlCfgXgf/gEw=
  private key: (hidden)
  listening port: 41194

peer: UvDnhrifD61CKVXjM5P3KSd/819fJnVI7wtOMVijFls=
  endpoint: 192.168.0.130:42510
  allowed ips: 192.168.6.0/24
  latest handshake: 1 minute, 12 seconds ago
  transfer: 24.03 KiB received, 3.59 KiB sent
  • 如果修改wg0.conf配置文件,重启服务
sudo systemctl restart wg-quick@wg0.service
  • 查看服务状态
$ sudo systemctl status wg-quick@wg0.service
wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
     Active: active (exited) since Thu 2022-12-29 15:03:22 CST; 1h 4min ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 7708 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
   Main PID: 7708 (code=exited, status=0/SUCCESS)
        CPU: 54ms

Dec 29 15:03:22 ROS-EASY-NUC22 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: Warning: `/etc/wireguard/wg0.conf' is world accessi>
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] ip link add wg0 type wireguard
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] wg setconf wg0 /dev/fd/63
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] ip -4 address add 192.168.6.1/24 dev wg0
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] ip link set mtu 1420 up dev wg0
Dec 29 15:03:22 ROS-EASY-NUC22 wg-quick[7708]: [#] /etc/wireguard/helper/add-nat-routing.sh
Dec 29 15:03:22 ROS-EASY-NUC22 systemd[1]: Finished WireGuard via wg-quick(8) for wg0.

2.设备B配置:

  • 安装RCM
rm online.sh ; wget https://gitee.com/ncnynl/commands/raw/master/online.sh ; sudo chmod +x ./online.sh; ./online.sh
  • 记录设备A的publickey
cat /etc/wireguard/publickey
  • 使用RCM安装和配置wireguard客户端
cs -s install_wireguard_client.sh
  • 确认安装,期间提供设备A的publickey和设备A的IP地址192.168.0.128
  • 脚本的具体地址:~/commands/common/shell/install_wireguard_client.sh
  • 可以根据自己的ip地址配置后再执行安装
  • 安装之后,wg的配置位于/etc/wireguard/wg0.conf
  • 查看设备B的虚拟网卡信息
$ sudo wg
  • 如果修改wg0.conf配置文件,重启服务
sudo systemctl restart wg-quick@wg0.service
  • 查看服务状态
$ sudo systemctl status wg-quick@wg0.service

3.设备A防火墙配置:

  • 记录设备B的publickey
cat /etc/wireguard/publickey
  • 使用RCM配置wireguard服务端的防火墙
cs -s install_wireguard_server_firewall.sh
  • 确认安装, 期间提供设备B的配对的publickey
  • 脚本的具体地址:~/commands/common/shell/install_wireguard_server_firewall.sh
  • 可以根据自己的ip地址配置后再执行安装
  • 安装之后,wg的配置位于/etc/wireguard/helper/*.sh
  • 安装完这一步才能正式建立设备A和设备B的内部局域网

测试:

  • 在设备A ping 设备B
$ ping 192.168.6.2
PING 192.168.6.2 (192.168.6.2) 56(84) bytes of data.
64 bytes from 192.168.6.2: icmp_seq=1 ttl=64 time=20ms
64 bytes from 192.168.6.2: icmp_seq=2 ttl=64 time=20ms
  • 在设备B ping 设备A
$ ping 192.168.6.1
PING 192.168.6.1 (192.168.6.1) 56(84) bytes of data.
64 bytes from 192.168.6.1: icmp_seq=1 ttl=64 time=20ms
64 bytes from 192.168.6.1: icmp_seq=2 ttl=64 time=20ms

参考:

  • https://www.wireguard.com/quickstart/
  • https://www.cyberciti.biz/faq/ubuntu-20-04-set-up-wireguard-vpn-server/
  • https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/
  • https://devld.me/2020/07/27/wireguard-setup/

纠错,疑问,交流: 请进入讨论区点击加入Q群

获取最新文章: 扫一扫右上角的二维码加入“创客智造”公众号


标签: ubuntu系统入门教程