編輯 leaf.cfg加入
wireguard
編輯 /etc/modules 加入
wireguard
編輯 /etc/shorewall/interfaces 加入
wg0 wg0 tcpflags,nosmurfs,routefilter,routeback
編輯 /etc/shorewall/zones 加入
wg0 ipv4
編輯 /etc/shorewall/rules 加入
ACCEPT net fw UDP 51820
ACCEPT wg0:192.168.226.1 wg0 TCP 22
ACCEPT wg0 wg0:192.168.226.1 TCP 4119,4120,4122,22
DROP wg0 wg0 all
Ping(ACCEPT) wg0 fw
產生 設定檔
#!/bin/sh
nodenum=20
spri=$(wg genkey); spub=$(echo $spri|wg pubkey)
# wireguard server
Endpoint=192.168.228.2:51820
# configure file
wg0conf=wg0.conf-
client=client.conf-
:>${client}
cat <<EOF0 >$wg0conf
#pri=${spri}
#pub=${spub}
[Interface]
Address = 192.168.226.253/24
ListenPort = 51820
PrivateKey = ${spri}
EOF0
for i in `seq 1 $nodenum`;do
pri=$(wg genkey); pub=$(echo $pri|wg pubkey)
cat <<EOF >>$client
## node $i ##############################################
[Interface]
PrivateKey = ${pri}
Address = 192.168.226.${i}/24
[Peer]
PublicKey = $spub
AllowedIPs = 192.168.226.0/24
Endpoint = ${Endpoint}
PersistentKeepalive = 25
EOF
cat <<EOF0 >>$wg0conf
## node $i ##############################################
[Peer]
PublicKey = ${pub}
AllowedIPs = 192.168.226.$i/32
EOF0
done
沒有留言:
張貼留言