文章目录
软件需求及功能
wireguard 与对端建立隧道
bird2 与对端基于隧道建立EBGP邻居
安装并使用wireguard创建隧道
#LEDE & openwrt 安装wireguard
#这是官方的一篇安装教程:https://openwrt.org/docs/guide-user/services/vpn/wireguard/basic
opkg update && opkg install wireguard
opkg install luci-proto-wireguard
cd /root/
wg genkey | tee sprivatekey | wg pubkey > spublickey
chmod +x sprivatekey
chmod +x spublickey #执行到这里,后面的差不多跟centos相差不大,可以按后面的教程执行
#centos7根据提示先升级内核,重启后再次执行安装wireguard(适用于centos7)
wget https://raw.githubusercontent.com/atrandys/wireguard/master/wireguard_install.sh
/root/wireguard_install.sh
#删除示例配置
rm -rf /etc/wireguard/wg0.conf
#关闭linux内核源路径验证&已经路由转发(这是非常重要的)
echo "net.ipv4.conf.default.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
#确认自己的公钥及私钥(分别记录下来,后面有用)
[root@DN42-SJ wireguard]# cat /etc/wireguard/sprivatekey
0FijSfzq/AU4tO4L568ACcFU9UMUlemPiuYkVW8lHV**
[root@DN42-SJ wireguard]# cat /etc/wireguard/spublickey
XLqFy1tHzbRKcMbe6ExDwiaTo58Xm5C+ysPhyQKYKDE=
#创建wireguard隧道客户端配置文件
[root@DN42-SJ wireguard]# cat /etc/wireguard/ZJG_4242421114.conf
[Interface]
#这里填写自己的服务器私钥
PrivateKey = 0FijSfzq/AU4tO4L568ACcFU9UMUlemPiuYkVW8lHV**
ListenPort = 21114
[Peer]
#这里填写对方的服务器公钥
PublicKey = vuOR2/DRyBrdrAMrti4jwO838S9jlNBbNi26zlMooz4=
Endpoint = chi.us.dn42.fiatflux.is:51524
#注意若是你这里后面打算建立IGP协议,比如OSPF,这里必须允许所有IP AllowedIPs = 0.0.0.0/0,::/0,因为ospf是多播协议
AllowedIPs = 172.16.0.0/12
AllowedIPs = 10.0.0.0/8
AllowedIPs = fd00::/8
AllowedIPs = fe80::/10
#编写启动脚本,把下面的命令写进去
ip addr del dev ZJG_4242421114 172.20.58.196/32
ip link add dev ZJG_4242421114 type wireguard
wg setconf ZJG_4242421114 /etc/wireguard/ZJG_4242421114.conf
ip addr add fe80::f816:3eff:fe16:3c43/64 dev ZJG_4242421114
ip addr add 172.20.58.196/32 peer 172.20.6.249/32 dev ZJG_4242421114
ip link set ZJG_4242421114 up
#验证隧道是否能够正常通信
[root@DN42-SJ ~]# ip a show ZJG_4242421114
6: ZJG_4242421114: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 172.20.58.196 peer 172.20.6.249/32 scope global ZJG_4242421114
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe16:3c43/64 scope link
valid_lft forever preferred_lft forever
[root@DN42-SJ ~]# ping 172.20.6.249
PING 172.20.6.249 (172.20.6.249) 56(84) bytes of data.
64 bytes from 172.20.6.249: icmp_seq=1 ttl=64 time=57.7 ms
64 bytes from 172.20.6.249: icmp_seq=2 ttl=64 time=57.7 ms
^C
--- 172.20.6.249 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 57.730/57.758/57.786/0.028 ms
Debian 11 安装 wireguard 并完成隧道配置
#第一:安装 wireguard
root@sj-vps:~# apt install wireguard -y
#第二:生成 publickey 与 privatekey(私钥自己好好保存)
wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey
#第三:关闭linux内核源路径验证 & 以及路由转发(这是非常重要的)
echo "net.ipv4.conf.default.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 0" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
#第四:配置隧道文件参数(cq_to_hk.conf 是新创建的文件)
root@sj-vps:/etc/wireguard# cat /etc/wireguard/cq_to_hk.conf
[Interface]
Table = off #一定要加这条指令,不然下面 AllowedIPs的网段会被写成路由表,有冲突是就无法up,之前不知道一度把我弄得像放弃
PrivateKey = xxxxxxxxxxxxxx
ListenPort = 44195
PostUp = /sbin/ip addr add dev cq_to_hk 172.20.58.195/32 peer 172.20.58.193/32
[Peer]
PublicKey = NQ4X1LZ1p5PTs0uhr/8wq0ejKQB95DZAtUgHs+3y8C4=
AllowedIPs = 172.20.58.193/32
AllowedIPs = 172.16.0.0/12
AllowedIPs = 10.0.0.0/8
Endpoint = dn42-hk.wsfnk.cf:44193
#第五:快速启动隧道接口,测试ping 对端隧道ip 测试连通性
wg-quick up cq_to_hk
#第六:如何设置 开机自启动隧道接口
systemctl enable wg-quick@.service
systemctl enable wg-quick@cq_to_hk.service
#以后可以交给 systemctld控制
systemctl restart wg-quick.target
或者
systemctl restart wg-quick@cq_to_hk.service
https://www.vultr.com/docs/configuring-bgp-using-quagga-on-vultr-centos-7
http://ad-technica.com/fastnetmon-exabgp-and-bgp-integration-for-ddos-mitigation-part-1/
http://liedaoshou.com/face-book/687.html
https://dn42.dev/howto/wireguard
https://dn42.burble.com/peering
如果文章对你有帮助,欢迎点击上方按钮打赏作者
暂无评论