key
server private
2FLgnela93kERzxH2JupS8gdJzvQWXfilvAKLIq5/Fc=
server public
QGUsrXaeXxN6IcaRrnGfxkwySCo7o5C9P7rlLVnK1Ag=
router private
sKfDyJN9d+9rwjIxgFx129T+XAGs7SGn6R9GvDb1l2s=
router public
hDTzJF22AN2IBpGxgAKFc4ibDnYNeQviKmALa0xRMmY=
client private
MBksZxbMK1GFAvqGW1kIl89thD7ft2TVWcd4QnYd2H4=
client public
js6bCFOqOuM41quj1vFVQ2X1JsMF/jXHblXcB5pFLTg=
router开启转发
echo 1 > /proc/sys/net/ipv4/ip_forward
路由客户端配置
[Interface]
Address = 10.0.0.4/32
PrivateKey = sKfDyJN9d+9rwjIxgFx129T+XAGs7SGn6R9GvDb1l2s=
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens33 -j MASQUERADE
//Server
[Peer]
PublicKey = QGUsrXaeXxN6IcaRrnGfxkwySCo7o5C9P7rlLVnK1Ag=
Endpoint = YOUDOMAIN:51820
AllowedIPs = 10.0.0.0/24
PersistentKeepalive = 25
客户端配置
[Interface]
PrivateKey = MBksZxbMK1GFAvqGW1kIl89thD7ft2TVWcd4QnYd2H4=
Address = 10.0.0.3/32
[Peer]
PublicKey = QGUsrXaeXxN6IcaRrnGfxkwySCo7o5C9P7rlLVnK1Ag=
AllowedIPs = 192.168.166.0/24, 10.0.0.1/24, 10.1.0.0/16
Endpoint = YOUDOMAIN:51820
PersistentKeepalive = 25
服务器配置
[Interface]
Address = 10.0.0.1/32
ListenPort = 51820
PrivateKey = 2FLgnela93kERzxH2JupS8gdJzvQWXfilvAKLIq5/Fc=
//Router LAN
[Peer]
PublicKey = hDTzJF22AN2IBpGxgAKFc4ibDnYNeQviKmALa0xRMmY=
AllowedIPs = 10.0.0.0/24, 192.168.166.0/24, 10.1.0.0/16
//Client
[Peer]
PublicKey = js6bCFOqOuM41quj1vFVQ2X1JsMF/jXHblXcB5pFLTg=
AllowedIPs = 10.0.0.3/32
路由路径
root@debian:~/# traceroute 10.1.3.167
traceroute to 10.1.3.167 (10.1.3.167), 30 hops max, 60 byte packets
1 10.0.0.4 (10.0.0.4) 177.417 ms 174.540 ms 175.595 ms
2 192.168.166.1 (192.168.166.1) 175.221 ms * *
3 10.1.3.167 (10.1.3.167) 177.647 ms 174.638 ms 183.288 msRemote LAN access with WireGuard
How to masquerade using iptables nat