You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Peer]
PublicKey = uprojPW6Sr3DpKpF+S2238IliLi4t9M++uqya22AGCc=
AllowedIPs = 10.9.0.3/32
EOF
#sleep 60
modprobe wireguard
ip link add dev wg0 type wireguard
ip addr add 10.9.0.1/24 dev wg0
wg setconf wg0 "/etc/storage/wireguard/wg0.conf"
sleep 2 && ip link set wg0 up
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
добрый день! вы выложили скрипт клиента wireguard padavan https://gitlab.com/dm38/padavan-ng
не могли бы вы сделать скрипт для сервера - чтобы router с постоянным ip был сервером wireguard
сделал как тут - но не заработало - сеть не дает при подключении
https://4pda.to/forum/index.php?showtopic=837667&view=findpost&p=101606550
mkdir /etc/storage/wireguard
cat << 'EOF' > /etc/storage/wireguard/wg0.conf
#10.9.0.1/24 iproutera:51960 SUIQez781W5qUBZfVsOdlq2ardvpJt/FJYq+GUWvM0k= 8.8.8.8,8.8.4.4
[Interface]
ListenPort = 51960
PrivateKey = 2BGEyj+0c8lfkCfyl2hFmATCc87Y3kwCXCAlry42M10=
[Peer]
PublicKey = uprojPW6Sr3DpKpF+S2238IliLi4t9M++uqya22AGCc=
AllowedIPs = 10.9.0.3/32
EOF
#sleep 60
modprobe wireguard
ip link add dev wg0 type wireguard
ip addr add 10.9.0.1/24 dev wg0
wg setconf wg0 "/etc/storage/wireguard/wg0.conf"
sleep 2 && ip link set wg0 up
iptables -I INPUT -i
nvram get wan_ifname-p udp -m udp --dport 51960 -j ACCEPTiptables -I INPUT -i wg0 -j ACCEPT
iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT
iptables -I FORWARD -i wg0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o wg0 -j ACCEPT
iptables -I FORWARD -i wg0 -o
nvram get wan_ifname-j ACCEPTiptables -I FORWARD -i
nvram get wan_ifname-o wg0 -j ACCEPTiptables -t nat -A POSTROUTING -s 10.9.0.1/24 -o
nvram get wan_ifname-j MASQUERADEконфиг клиента wireguard
[Interface]
PrivateKey = gCRao2RC1JjX4XMVyYRat+eT4xxhsnY5jhvkKwChx2c=
Address = 10.9.0.3/24
DNS = 8.8.8.8, 8.8.4.4
[Peer]
PublicKey = SUIQez781W5qUBZfVsOdlq2ardvpJt/FJYq+GUWvM0k=
AllowedIPs = 0.0.0.0/0
Endpoint = iproutera:51960
PersistentKeepalive = 25
` iptables -L -nv
Chain INPUT (policy DROP 1423 packets, 363K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- wg0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:51960
713K 149M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
136K 7379K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
1056 73636 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
27048 1292K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
90356 4018K doslimit all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
1731 101K ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:443
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp !type 8
0 0 ACCEPT icmp -- * * 66.220.2.74 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth3 wg0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wg0 eth3 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 wg0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wg0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wg0 wg0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
97761 5184K TCPMSS tcp -- * !br0 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
4308K 1240M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
5779 289K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
20457 1226K doslimit all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW
160K 16M ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
20457 1226K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
Chain OUTPUT (policy ACCEPT 1394 packets, 231K bytes)
pkts bytes target prot opt in out source destination
Chain bfplimit (0 references)
pkts bytes target prot opt in out source destination
Chain doslimit (2 references)
pkts bytes target prot opt in out source destination
107K 4854K RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 20/sec burst 30
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
489 23846 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 2/sec burst 5
80 6670 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
Chain upnp (0 references)
pkts bytes target prot opt in out source destination
Chain vpnlist (0 references)
pkts bytes target prot opt in out source destination`
`iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 4483 packets, 362K bytes)
pkts bytes target prot opt in out source destination
108K 5082K vserver all -- * * 0.0.0.0/0 iproutera
Chain INPUT (policy ACCEPT 78 packets, 5807 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 131 packets, 7875 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 136 packets, 7575 bytes)
pkts bytes target prot opt in out source destination
152K 13M SNAT all -- * ppp0 192.168.1.0/24 0.0.0.0/0 to:iproutera
0 0 MASQUERADE all -- * eth3 192.168.1.0/24 0.0.0.0/0
357 31455 SNAT all -- * br0 192.168.1.0/24 192.168.1.0/24 to:192.168.1.1
0 0 MASQUERADE all -- * eth3 10.9.0.0/24 0.0.0.0/0
Chain upnp (0 references)
pkts bytes target prot opt in out source destination
Chain upnp-post (0 references)
pkts bytes target prot opt in out source destination`
и что я сделал не так ?
Beta Was this translation helpful? Give feedback.
All reactions