修改openwrt 网络配置 建立wireguard 服务连接 适合旁路由openwrt22.03





YouTube:https://youtu.be/gkmddGYEGM8

bilibili:

GitHubhttps://github.com/wandduse/openwrt_server
openwrt旁路由和VPS固件下载地址: https://d.wanuse.com/openwrt

vps安装openwrt命令


bash -c "$(wget -O- https://d.wanuse.com/op)"

修改network网路配置
文件路径:etc/config/network

option private_key :私钥 (推荐修改一下 自己使用)
option listen_port '18889' :端口可以修改

config wireguard_123(是对端设置)
option private_key:对端私钥
option public_key:对端公钥 (必须修改成 电脑或是手机 以及软路由的。)


config interface '123'
	option proto 'wireguard'
	option private_key 'wPZ2RMlRCAR/nPDwGKEVX6laKASQzVHvISRkUnMHXXc='
	option listen_port '18889'
	list addresses '192.168.11.1/24'

config wireguard_123
	list allowed_ips '192.168.11.0/24'
	option private_key '2LklEhkX2hkKTntlXPJHfr5RZFfz4+u9aUWMfHc6dFM='
	option public_key 'gqmjfo3rmr7gaiYJrAw7lDooGOJTVZCpI8Be7KU/nE4='

添加防火墙配置
文件路径:etc/config/firewall


config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	list network 'lan'
	list network '123'
config nat
	option target 'MASQUERADE'
	list proto 'all'
	option src 'lan'

电脑wireguard配置文件
AllowedIPs = 0.0.0.0/0 (做内网穿透 可用)
下面配置排除的ip段(192.168.0.0/16,172.16.0.0/12,10.0.0.0/8)


[Interface]
PrivateKey = 本地私钥
Address = 192.168.11.2/32
DNS = 8.8.8.8, 114.114.114.114
[Peer]
PublicKey = 对端公钥
AllowedIPs = 0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/2,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4,224.0.0.0/3
Endpoint = 对端地址:端口


在线生成wireguard排除的ip地址段:
https://www.procustodibus.com/blog/2021 ... alculator/