天津测试环境
生成公钥与私钥
wg genkey | tee /etc/wireguard/key/company/company-privatekey | wg pubkey > /etc/wireguard/key/company/company-publickey
Peer-client 配置,作为客户端访问各资源池
cat > /etc/wireguard/company/company-client.conf <<EOF
[Interface]
PrivateKey = $(cat /etc/wireguard/key/peer-client-privatekey)
Address = 10.1.0.253/24
[Peer]
PublicKey = $(cat /etc/wireguard/key/gw-publickey)
AllowedIPs = 10.1.0.0/24,10.20.5.0/24,172.38.0.0/16
Endpoint = $(curl -s ip.sb):16000
PersistentKeepalive = 10
EOF
中继服务器配置
带公网的 Peer 配置文件,该 Peer 作为中继服务器,负责连通访问客户端和所有资源池
cat > /etc/wireguard/company-wg.conf <<EOF
[Interface]
ListenPort = 16000
Address = 10.1.0.254/24
PrivateKey = $(cat /etc/wireguard/key/gw-privatekey)
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
[Peer]
# 客户端
PublicKey = $(cat /etc/wireguard/key/peer-client-publickey)
AllowedIPs = 10.1.0.253/32
[Peer]
# 公司
PublicKey = $(cat /etc/wireguard/key/company/company-publickey)
AllowedIPs = 10.1.0.1/32, 172.38.0.0/16, 10.20.5.0/24
EOF
Peer company 公司 配置文件
cat > /etc/wireguard/company/company.conf <<EOF
[Interface]
PrivateKey = $(cat /etc/wireguard/key/company/company-privatekey)
Address = 10.1.0.1/24
# 其他的 Peer,同样需要开启转发以访问内网设备
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE
[Peer]
PublicKey = $(cat /etc/wireguard/key/gw-publickey)
AllowedIPs = 10.1.0.0/24, 192.168.0.0/24
Endpoint = $(curl -s ip.sb):16000
PersistentKeepalive = 10
EOF
反馈
此页是否对你有帮助?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.