OpenWrt中使用wireguard教程|一个端口访问局域网内所有设备(如群晖NAS,路由器)

OpenWrt安装WireGuard命令(eSir精品小包已集成WireGuard,无需安装) opkg update opkg install luci-proto-wireguard luci-app-wireguard wireguard kmod-wireguard wireguard-tools reboot WireGuard密钥生成(视频介绍中不能出现尖括号请大家自行替换)

mkdir wireguard

cd wireguard

1.设置文件权限 umask 077 2.生成服务端Privatekey和Pubkey wg genkey | tee sprivatekey | wg pubkey > spublickey

cat sprivatekey

cat spublickey3.生成客户端端Privatekey和Pubkey wg genkey | tee cprivatekey | wg pubkey > cpublickey 4.生成预共享密钥PresharedKey wg genpsk 大于号 sharekey

自定义防火墙规则添加

iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o br-lan -j MASQUERADE

主路由要添加通讯端口 wg  udp  23456

客户端模板文件test.conf [Interface] Address = 192.168.100.2 PrivateKey = cprivatekey文件内容 DNS = 路由器IP [Peer] PublicKey = spublickey文件内容   AllowedIPs = 0.0.0.0/0 如果启用下面这行代码,表示只有192.168.2.0/24, 192.168.100.0/24这两个子网的IP走WireGuard AllowedIPs = 192.168.2.0/24, 192.168.100.0/24 Endpoint = 公网IP:端口号 PersistentKeepalive = 25 真实的test.conf的例子 [Interface] Address = 192.168.100.2 PrivateKey = qB5rRYDTF7b7iEQSZ91ixQ7XAvuiY2aXJtg3aasz01Y= DNS = 192.168.2.1 [Peer] PublicKey = SfBTCxkXG2P5QMin1CScP5eyaOD7RG9v2OSWlJrcWxY= AllowedIPs = 0.0.0.0/0 PresharedKey = ENLutSSKXVdHBokmrFu+gOq/JCATLbX+a7SmeXNpvTQ= Endpoint = yourhome.demo.com:23456 PersistentKeepalive = 25

1:在docker下面路径中创建并添加或修改镜像源

sudo nano /etc/docker/daemon.json

2:添加

{
"registry-mirrors": ["https://alzgoonw.mirror.aliyuncs.com"]
}

或

{

"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"]

}

3、重启

systemctl restart docker

systemctl status docker

systemctl start docker

docker安装wireguard

docker run -d \
  --name=wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Asia/Shanghai \
  -e SERVERURL=wireguard.domain.com `#optional` \
  -e SERVERPORT=51820 `#optional` \
  -e PEERS=1 `#optional` \
  -e PEERDNS=auto `#optional` \
  -e INTERNAL_SUBNET=10.13.13.0 `#optional` \
  -e ALLOWEDIPS=0.0.0.0/0 `#optional` \
  -e LOG_CONFS=true `#optional` \
  -p 51820:51820/udp \
  -v /root/docker/wireguard/config:/config \
  -v /root/docker/wireguard/modules:/lib/modules \
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
  --restart unless-stopped \
  linuxserver/wireguard
  
  linuxserver/wireguard:v1.0.20210914-ls70