Wireguard 如何通过 NAT 后面的对等点路由互联网

Wireguard 如何通过 NAT 后面的对等点路由互联网

我有两台具有动态/NAT 后 IP 地址的 Linux 笔记本电脑A( 10.0.0.2) 和B( ),它们使用静态 IP 地址10.0.0.3连接到同一个wireguard 服务器/端点 ( S( ))。10.0.0.1

如何将互联网流量从客户端 A( 10.0.0.2) 路由到客户端 B( 10.0.0.3)?我可以单独使用wireguard 配置或iptables 来做到这一点吗?

客户端A配置

[Interface]
PrivateKey = oBkg
Address = 10.0.0.2/32
DNS = 8.8.8.8

[Peer]
PublicKey = ZnD
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 54.87.125.111:51820
PersistentKeepalive = 15

[Peer]
PublicKey = 3baQ
PersistentKeepalive = 15

客户端B配置

    [Interface]
    PrivateKey = kBaMmx
    Address = 10.0.0.3/32
    DNS = 8.8.8.8
    
    [Peer]
    PublicKey = ZnD/WMx0k
    AllowedIPs = 0.0.0.0/0, ::/0
    Endpoint = 54.87.125.111:51820
    PersistentKeepalive = 5
    
    [Peer]
    PublicKey = IVZrsrnYXXXXXXX
    PersistentKeepalive = 5

服务器S配置

[Interface]
#DNS = 8.8.8.8
## Private IP address for the wg0 interface ##
Address = 10.0.0.1

## VPN server listening port ##
ListenPort = 51820

## VPN server private key ##
PrivateKey = mPIoXXXXXX

## Firewall rules ##
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


[Peer]
AllowedIPs = 10.0.0.3
PublicKey = 3baQl

[Peer]
PublicKey = IVZrsrnYXXXX
AllowedIPs = 10.0.0.2

编辑

这是最低配置,但随着网络的增长,我将拥有多对对等点,例如 A 和 B (例如,对等点C 希望通过对等点处理其流量D

相关内容