天津测试环境

生成公钥与私钥

wg genkey | tee /etc/wireguard/key/company/company-privatekey | wg pubkey > /etc/wireguard/key/company/company-publickey

Peer-client 配置,作为客户端访问各资源池

cat > /etc/wireguard/company/company-client.conf <<EOF [Interface] PrivateKey = $(cat /etc/wireguard/key/peer-client-privatekey) Address = 10.1.0.253/24 [Peer] PublicKey = $(cat /etc/wireguard/key/gw-publickey) AllowedIPs = 10.1.0.0/24,10.20.5.0/24,172.38.0.0/16 Endpoint = $(curl -s ip.sb):16000 PersistentKeepalive = 10 EOF

中继服务器配置

带公网的 Peer 配置文件,该 Peer 作为中继服务器,负责连通访问客户端和所有资源池

cat > /etc/wireguard/company-wg.conf <<EOF [Interface] ListenPort = 16000 Address = 10.1.0.254/24 PrivateKey = $(cat /etc/wireguard/key/gw-privatekey) PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE [Peer] # 客户端 PublicKey = $(cat /etc/wireguard/key/peer-client-publickey) AllowedIPs = 10.1.0.253/32 [Peer] # 公司 PublicKey = $(cat /etc/wireguard/key/company/company-publickey) AllowedIPs = 10.1.0.1/32, 172.38.0.0/16, 10.20.5.0/24 EOF

Peer company 公司 配置文件

cat > /etc/wireguard/company/company.conf <<EOF [Interface] PrivateKey = $(cat /etc/wireguard/key/company/company-privatekey) Address = 10.1.0.1/24 # 其他的 Peer,同样需要开启转发以访问内网设备 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE [Peer] PublicKey = $(cat /etc/wireguard/key/gw-publickey) AllowedIPs = 10.1.0.0/24, 192.168.0.0/24 Endpoint = $(curl -s ip.sb):16000 PersistentKeepalive = 10 EOF