WireGuard 组网网络打通方案

April 18, 2025Comments

一、基础环境

$ uname -a
Linux open-boots-1.localdomain 5.14.0-514.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Sep 30 14:56:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
$ uname -r
5.14.0-407.el9.x86_64
$ uname -m
x86_64
### 假设服务器公网IP分别是：1.1.1.1;2.2.2.2;3.3.3.3 ### 文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/cross-wireguard-config/

二、开启转发

cat >> /etc/sysctl.conf <<BYRD
# WireGuard configure start
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter=2
net.ipv4.conf.all.proxy_arp = 1
# WireGuard configure end
BYRD
sysctl -p
sysctl -w net.ipv4.ip_forward=1
# sysctl -w net.ipv4.conf.all.rp_filter=2
cat /proc/sys/net/ipv4/ip_forward
# echo "1" >  /proc/sys/net/ipv4/conf/all/proxy_arp
# cat /proc/sys/net/ipv4/conf/all/proxy_arp
firewall-cmd --permanent --new-zone=personal
firewall-cmd --new-zone=personal
firewall-cmd --zone=personal --add-masquerade

cat >> /etc/sysctl.conf <<BYRD

# WireGuard configure start

net.ipv4.ip_forward = 1

net.ipv4.conf.all.rp_filter=2

net.ipv4.conf.all.proxy_arp = 1

# WireGuard configure end

BYRD

sysctl -p

sysctl -w net.ipv4.ip_forward=1

# sysctl -w net.ipv4.conf.all.rp_filter=2

cat /proc/sys/net/ipv4/ip_forward

# echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp

# cat /proc/sys/net/ipv4/conf/all/proxy_arp

firewall-cmd --permanent --new-zone=personal

firewall-cmd --new-zone=personal

firewall-cmd --zone=personal --add-masquerade

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/cross-wireguard-config/

三、服务配置

1：服务端+客户端模式下,请根据需求启动服务端或者客户端服务

wg-quick down wg0 #启动服务端 wg-quick down client #启动客户端

0
1

wg-quick down wg0 #启动服务端
wg-quick down client #启动客户端

2：综合模式下,启动wg-quick即可

systemctl start wg-quick@wg0.service

0

systemctl start wg-quick@wg0.service

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/cross-wireguard-config/

wg genkey | tee server_privatekey | wg pubkey > server_publickey
wg genkey | tee client_privatekey | wg pubkey > client_publickey
wg-quick up /etc/wireguard/wg0.conf

wg genkey | tee server_privatekey | wg pubkey > server_publickey

wg genkey | tee client_privatekey | wg pubkey > client_publickey

wg-quick up /etc/wireguard/wg0.conf

文章源自 note.t4x.orgByrd's Blog-https://note.t4x.org/basic/cross-wireguard-config/

3.1 服务器1.1.1.1服务端配置文件

Login

四、搭建解释

dnf install wireguard-tools -y cd /etc/wireguard/ wg genkey | tee privatekey | wg pubkey > publickey && cat privatekey && cat publickey cat > /etc/wireguard/wg0.conf << BYRD # wg configure start [Interface] # 本机密钥 PrivateKey = $(cat privatekey) # 本机地址 Address = 10.0.0.1/24 # 监听端口 ListenPort = 8801 # 以下两个可选 #DNS = 1.1.1.1 MTU = 1420 # 客户端配置 # Client1_10.0.0.2 [Peer] PublicKey = Client2公钥，在客户端可看到 AllowedIPs = 10.0.0.2/32 # 对应的WireGuard服务器地址与端口 Endpoint = ${ip2}:8801 PersistentKeepalive = 25 # Client2_10.0.0.3 [Peer] PublicKey = Client3公钥，在客户端可看到 AllowedIPs = 10.0.0.3/32 # 对应的WireGuard服务器地址与端口 Endpoint = ${ip2}:8801 PersistentKeepalive = 25 # wg configure end BYRD #systemctl start wg-quick@wg0.service #wg-quick up wg0 #ip link add dev wg0 type wireguard #ip address add dev wg0 10.0.0.1/24 #ip link set wg0 up

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

dnf install wireguard-tools -y
cd /etc/wireguard/
wg genkey | tee privatekey | wg pubkey > publickey && cat privatekey && cat publickey
cat > /etc/wireguard/wg0.conf << BYRD
# wg configure start
[Interface]
# 本机密钥
PrivateKey = $(cat privatekey)
# 本机地址
Address = 10.0.0.1/24
# 监听端口
ListenPort = 8801
# 以下两个可选
#DNS = 1.1.1.1
MTU = 1420

# 客户端配置
# Client1_10.0.0.2
[Peer]
PublicKey = Client2公钥，在客户端可看到
AllowedIPs = 10.0.0.2/32
# 对应的WireGuard服务器地址与端口
Endpoint = ${ip2}:8801
PersistentKeepalive = 25

# Client2_10.0.0.3
[Peer]
PublicKey = Client3公钥，在客户端可看到
AllowedIPs = 10.0.0.3/32
# 对应的WireGuard服务器地址与端口
Endpoint = ${ip2}:8801
PersistentKeepalive = 25
# wg configure end
BYRD

#systemctl start wg-quick@wg0.service
#wg-quick up wg0
#ip link add dev wg0 type wireguard
#ip address add dev wg0 10.0.0.1/24
#ip link set wg0 up