25061202
This commit is contained in:
13
wirguard/拓扑.md
Normal file
13
wirguard/拓扑.md
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# 拓扑
|
||||||
|
|
||||||
|
主要有 4 种拓扑
|
||||||
|
|
||||||
|
1. 点到点 (point to point)
|
||||||
|
2. 中心节点和边缘节点 / 星型 (hub and spoke)
|
||||||
|
3. 点到站 (point to site)
|
||||||
|
4. 站到站 (site to site)
|
||||||
|
|
||||||
|
WireGuard 没有严格的 server 和 client 的角色区分 ,对端 (peer) 既可以是服务器也可以是客户端 。
|
||||||
|
|
||||||
|
## 点到点
|
||||||
|
|
||||||
42
wirguard/转发.md
Normal file
42
wirguard/转发.md
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
# 转发(forwarding) WireGuard 连接
|
||||||
|
|
||||||
|
## Windows
|
||||||
|
|
||||||
|
1. 中心节点转发 (hub forwarding)
|
||||||
|
2. 站点网关 (site gateway)
|
||||||
|
3. 点到站伪装 (point to site masquerading)
|
||||||
|
4. 点到站端口转发 (point to site forwarding)
|
||||||
|
|
||||||
|
## 中心节点转发
|
||||||
|
|
||||||
|
查看 Windows 网络接口的转发状态,PowerShell 下执行如下指令:
|
||||||
|
|
||||||
|
```code
|
||||||
|
PS> Get-NetIPInterface | Select IfIndex,InterfaceAlias,AddressFamily,ConnectionState,Forwarding | Sort-Object -Property IfIndex | Format-Table
|
||||||
|
```
|
||||||
|
|
||||||
|
以网络接口名称 wg0 为例,启用转发命令如下,这个指令同时启用 IPV4 和 IPV6 转发:
|
||||||
|
|
||||||
|
```code
|
||||||
|
PS> Set-NetIPInterface -InterfaceAlias wg0 -Forwarding Enabled
|
||||||
|
```
|
||||||
|
|
||||||
|
也可以用如下指令单独启用转发:
|
||||||
|
|
||||||
|
```code
|
||||||
|
> netsh interface ipv4 set interface wg0 forwarding=enabled
|
||||||
|
> netsh interface ipv6 set interface wg0 forwarding=enabled
|
||||||
|
```
|
||||||
|
|
||||||
|
对等的 linux 指令如下:
|
||||||
|
|
||||||
|
```code
|
||||||
|
# sysctl -w net.ipv4.conf.wg0.forwarding=1
|
||||||
|
# sysctl -w net.ipv6.conf.wg0.forwarding=1
|
||||||
|
```
|
||||||
|
|
||||||
|
## 站点网关
|
||||||
|
|
||||||
|
启用 WireGuard 站点网关的包转发比中心节点稍微复杂一点,除了 WireGuard 接口 (wg0) 外,还需要启用站点对应的网络适配器接口 (通常为 Ethernet)
|
||||||
|
|
||||||
|
此外,还需要更新局域网路由器的路由表,用于将内网其他终端路由到 WireGuard 主机上
|
||||||
Reference in New Issue
Block a user