通过 openvpn 的 Wireguard

tag-icon tag-icon docker routing openvpn wireguard
通过 openvpn 的 Wireguard

我是网络新手,但需要连接 2 个 VPN。

  • OPENVPN-客户端:已连接到网络幽灵
  • 线卫:我用它来连接到我的远程服务器

我希望通过 openvpn-client 路由wireguard,这样当我将手机连接到wireguard时,所有流量都会通过cyberghost。

我有这个docker-compose.yml

version: "3.8"

services:

  # hs-openvpn service
  hs-openvpn:
    container_name: hs-openvpn
    image: dperson/openvpn-client:latest  
    restart: always
    ports:
      - "51820:51820/udp"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wireguard.entrypoints=web,websecure"
      - "traefik.http.routers.wireguard.rule=Host(`vpn.mydomain.com`)"
      - "traefik.http.routers.wireguard.tls.certresolver=letsencrypt"
      - "traefik.http.routers.wireguard.tls=true"
      - "traefik.http.services.wireguard.loadbalancer.server.port=51821"
    cap_add:
      - NET_ADMIN
    volumes:
      - openvpn_data:/vpn
      - /dev/net/tun:/dev/net/tun
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - default
    dns:
      - 208.67.222.222
      - 208.67.220.220

  # hs-wireguard service
  hs-wireguard:
    image: weejewel/wg-easy:latest
    container_name: hs-wireguard  
    depends_on:
      - hs-openvpn
    environment:
      - PASSWORD=SOME_PASSWORD
      - WG_HOST=HOST_IP
      - WG_DEFAULT_DNS=1.1.1.1
      - WG_MTU=1420
      - WG_PORT=51820     
    volumes:
      - wireguard_data:/etc/wireguard
    restart: always
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    logging:
      driver: json-file
      options:
        max-size: 50m
    network_mode: "service:hs-openvpn"

networks:
  default:
    name: internal-network
    external: true

volumes:

  # openvpn volumes
  openvpn_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /mnt/docker-data/openvpn/data

  # wireguard volumes
  wireguard_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /mnt/docker-data/wireguard/data

它似乎可以工作,因为我可以通过连接到wireguard GUI vpn.mydomain.com。棘手的部分是当我将手机连接到wireguard时,我看到GUI有一些流量,但我的手机上没有收到任何响应

如需更多帮助,这里是输出ip route

docker run -it --net container:hs-wireguard nicolaka/netshoot ip route
0.0.0.0/1 via 10.2.4.1 dev tun0 
default via 172.18.0.1 dev eth0 
10.2.4.0/24 dev tun0 proto kernel scope link src 10.2.4.132 
10.8.0.0/24 dev wg0 proto kernel scope link src 10.8.0.1 
45.133.193.4 via 172.18.0.1 dev eth0 
128.0.0.0/1 via 10.2.4.1 dev tun0 
172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.0.23

预先感谢您的帮助

相关内容