wireguard(6)应用synology和mac通信

Posted on Edited on Views:

目的

synology nas上部署wireguard当做server端,mac部署wireguard当做client端,实现网络互通。(远程访问私有nas资源/服务)

env

  • synology-ds920+
  • mac
  • wireguard(p2p)

wireguard refer resouces

synology ds920+ (server)

package arch: geminilake, dsm:7.2, ssh nas

ds920 info.png

wireguard-module-synology

1.下载spk

1b107a9dbbb5f17222854bdf1a95ce1b.png

2.安装spk

2.1基于套件中心安装
fb6e0b7c9065f6ae6ed2b46d89f76555.png

2.2基于命令行安装

sudo synopkg install WireGuard-geminilake-1.0.20220627_DSM7.2.spk

3.启动wireguard服务

# 启动
sudo /var/packages/WireGuard/scripts/start

# 关闭
sudo /var/packages/WireGuard/scripts/start-stop-status

running.png

4.基于wg-quick配置

4.1准备工作

1.创建目录
mkdir /etc/wireguard/
touch /etc/wireguard/wg0.conf

2.生成私钥、公钥
cd /etc/wireguard/

# server/client privatekey
wg genkey >sprivatekey
wg genkey >cprivatekey

# server/client publickey
wg pubkey <sprivatekey >spublickey
wg pubkey <cprivatekey >cpublickey

4.2wg0.conf配置

/etc/wireguard/wg0.conf

1
2
3
4
5
6
7
8
9
10
11
[Interface]
Address = 10.24.24.1/24
PrivateKey = xxx 
ListenPort = 16677

#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = yyy
AllowedIPs = 10.24.24.0/24

xxx -> sprivatekey, yyy -> cpublickey

5.管理wg服务

# 启动
wg-quick up wg0

# 停止
wg-quick down wg0

# 查看wg状态
wg show

# wg0 enable autostart
sudo wg-autostart enable wg0

# wg0 disable autostart
sudo wg-autostart disable wg0

# check wireguard listen statue
netstat -aun |grep 16677

listen for udp protocol

up.png

down.png

info.png

listen.png

6.synology上配置

目的:暴漏wireguard服务在互联网上,方便client建立隧道通信。

6.1配置ddns
c12775dffc6233de5c8ee413f929e01b.png

6.2路由器端口
f31e96066572af8a594c2842d9fe785d.png

如果主路由器配置upnp则自动添加映射

7.路由器设置(暴露端口)

7.1主路由器上映射wireguard udp端口

  • dmz主机
    fd9697f2d53c84eda7c37d7a8b3b4c14.png

  • 开启UPNP
    c773654eebe7b1714702802ae4e41fa1.png

  • 端口转发(更加安全)
    e1f899a597f8ee8a07aeddea0a2802db.png

mac(client)

1.安装wireguard关联包

brew install wireguard-go  wireguard-tools

检测utun虚拟网卡占用情况
b3702eca457cde619006f305bf944ef8.png

2.配置uputu.conf

➜  ~ cat /etc/wireguard/utun4.conf
[Interface]
Address = 10.24.24.2
ListenPort = 16677
PrivateKey = xxx

[Peer]
PublicKey = yyy
AllowedIPs = 10.24.24.0/24, 192.168.3.0/24
Endpoint = zzz:16677

xxx 客户端私钥,yyy服务端公钥,zzz服务端暴漏在公网地址

3.启动wg-quick

3.1快速启动
wg-quick up/down utun4

eb68ba3e0eee151a71e8988024dd3cfc.png

3.2检查client监听udp情况
netstat -an |grep 16677

9a35b6f9d2e441a7b04e9c798ffd50d1.png

3.3ping server
ping 10.24.24.1

010a89153a64a19ba33590548020f20b.png

3.4查看配置及设备信息
sudo wg

73f96ffed95c2e2a9d5af749eb0fa5f4.png