{"id":5850,"date":"2022-01-09T15:17:36","date_gmt":"2022-01-09T23:17:36","guid":{"rendered":"https:\/\/www.xh86.me\/?p=5850"},"modified":"2022-01-09T15:17:36","modified_gmt":"2022-01-09T23:17:36","slug":"routeros-%e9%85%8d%e7%bd%aewireguard","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=5850","title":{"rendered":"Routeros \u914d\u7f6eWireGuard"},"content":{"rendered":"<p>Routeros\u57282019\u5e74\u4e0b\u534a\u5e74\u53d1\u5e03\u4e86V7\u7684beta\u7248\uff0c\u6211\u5728\u4e4b\u524d\u6587\u7ae0\u4e00\u76f4\u5728\u66f4\u65b0beta\u7248\u65b0\u7279\u6027\u30022020\u5e746\u6708routeros v7beta7\u7cfb\u7edf\u5185\u6838\u5347\u7ea7\u52305.6\uff0c8\u6708\u53d1\u5e03\u4e86Routeros v7.1 beta2\u589e\u52a0\u4e86\u5bf9WireGuard\u7684\u652f\u6301\u3002<br \/>\nWireGuard\u88ab\u89c6\u4e3a\u4e0b\u4e00\u4ee3VPN\u96a7\u9053\u534f\u8bae\uff0c\u662f\u7c7b\u4f3c\u4e8egre\u3001ipip\u96a7\u9053\u7684\u65e0\u72b6\u6001VPN\u96a7\u9053\uff0c\u57fa\u4e8eUDP\u534f\u8bae\uff0c\u914d\u7f6e\u7b80\u5355\u3002<\/p>\n<p>\u7531\u4e8eRouteros V7\u8fd8\u5728beta\u9636\u6bb5\uff0cwebfig\u548cwinbox\u7b49UI\u63a7\u5236\u53f0\u8fd8\u5b58\u5728\u5f88\u591a\u4e0d\u5b8c\u5584\u7684\u5730\u65b9\uff0c\u4e0b\u9762\u901a\u8fc7\u547d\u4ee4\u884c\u914d\u7f6e\u3002<br \/>\n\u4ee5\u4e0b\u914d\u7f6e\u57fa\u4e8eRouteros V7.1beta2 CHR\u7248\u3002<\/p>\n<p>\u7b80\u5355\u4ecb\u7ecd\u4e00\u4e0b\u62d3\u6251\uff0crouteros\u4f5c\u4e3a\u552f\u4e00\u8def\u7531\u5668\uff0c\u65b0\u5efa\u4e24\u4e2awireguard\u63a5\u53e3\uff1awg-access\u548cwg-hk\uff0cwg-access\u7528\u4e8e\u624b\u673a\u3001PC\u7b49\u5728\u975e\u672c\u5730\u7f51\u7edc\u4e0b\u7684\u8fdc\u7a0b\u63a5\u5165\uff0cwg-hk\u7528\u4e8e\u8fde\u63a5\u9999\u6e2fVPS\u7528\u4e8e\u52a0\u901f\u8bbf\u95ee\u5883\u5916\u5730\u5740\u3002<\/p>\n<p>\u672c\u5730lan\u7684\u5730\u5740\u662f192.168.1.1\/24,wg-access\u5730\u5740\u662f10.0.0.1\/24\uff0cwg-hk\u7684\u5730\u5740\u662f10.0.1.1\/30\uff0c\u624b\u673awireguard\u7684\u5730\u5740\u662f10.0.0.2\/32\uff0c\u7b14\u8bb0\u672c\u7535\u8111\u7684\u5730\u5740\u662f10.0.0.3\/32<br \/>\n\u9999\u6e2fwg0\u5730\u5740\u662f10.0.1.2\/30<\/p>\n<p>\u901a\u8fc7ssh\u8fde\u63a5routeros\u6216\u8005webfig\u3001winbox\u7684terminal\u8f93\u5165\u547d\u4ee4\u3002<br \/>\n1\uff0cwg-access<br \/>\n\u65b0\u5efa\u672c\u5730routeros\u7684wg-access\u63a5\u53e3\uff0c\u6ce8\u610fmtu\u8981\u6539\u62101500\uff0c\u9ed8\u8ba4\u662f1420\uff0c\u8f93\u5165\u4e0b\u9762\u65b0\u5efa\u63a5\u53e3\u547d\u4ee4\u540e\u4f1a\u81ea\u52a8\u521b\u5efa\u63a5\u53e3\u7684private-key\u548c\u5bf9\u5e94\u7684public-key<\/p>\n<pre><code>\/interface\/wireguard\/add name=\"wg-access\" mtu=1500 listen-port=50000\r\n<\/code><\/pre>\n<p>\u7ed9\u672c\u5730routeros\u7684wg-access\u63a5\u53e3\u914d\u7f6eIP\u5730\u5740<\/p>\n<pre><code>\/ip\/address\/add address=10.0.0.1\/24 interface=wg-access\r\n<\/code><\/pre>\n<p>\u6dfb\u52a0wg-access\u63a5\u53e3\u4e0b\u7684\u5ba2\u6237\u7aefpeers\uff0c\u6ce8\u610f\u4e0b\u9762\u7684public-key\u548cpreshared-key\u66ff\u6362\u6210\u5b9e\u9645\u7684key\uff0c\u5ba2\u6237\u7aef\u7684key\u5728\u65b0\u5efa\u7a7a\u96a7\u9053\u65f6\u4f1a\u81ea\u52a8\u751f\u6210<\/p>\n<pre><code>\/interface\/wireguard\/peers\/add interface=wg-access public-key=\"lYVc...AlE=\" allowed-address=10.0.0.2\/32 preshared-key=\"93E...PSA=\"\r\n\/interface\/wireguard\/peers\/add interface=wg-access public-key=\"lYVc...AlE=\" allowed-address=10.0.0.3\/32 preshared-key=\"93E...PSA=\"\r\n<\/code><\/pre>\n<p>2\uff0cwg-hk<br \/>\n\u65b0\u5efa\u672c\u5730routeros\u7684wg-hk\u63a5\u53e3<\/p>\n<pre><code>\/interface\/wireguard\/add name=\"wg-hk\" mtu=1500 listen-port=10000\r\n<\/code><\/pre>\n<p>\u65b0\u5efa\u9999\u6e2fVPS\u4e0arouteros\u7684wg0\u63a5\u53e3<\/p>\n<pre><code>\/interface\/wireguard\/add name=\"wg0\" mtu=1500 listen-port=10000\r\n<\/code><\/pre>\n<p>\u5728\u9999\u6e2frouteros\u7684wg0\u63a5\u53e3\u4e0b\u6dfb\u52a0peer<\/p>\n<pre><code>\/interface\/wireguard\/peers\/add interface=wg0 public-key=\"lYVc...AlE=\" allowed-address=10.0.1.1\/30 preshared-key=\"93E...PSA=\"\r\n<\/code><\/pre>\n<p>\u7ed9\u9999\u6e2frouteros\u7684wg0\u63a5\u53e3\u914d\u7f6eIP\u5730\u5740<\/p>\n<pre><code>\/ip\/address\/add address=10.0.1.2\/30 interface=wg0\r\n<\/code><\/pre>\n<p>\u5728\u9999\u6e2frouteros\u4e0a\u6dfb\u52a0\u672c\u5730lan\u7684\u8def\u7531<\/p>\n<pre><code>\/ip\/route\/add dst-address=192.168.1.1\/24 gateway=10.0.1.1\r\n<\/code><\/pre>\n<p>\u5728\u672c\u5730routeros\u7684wg-hk\u63a5\u53e3\u4e0b\u6dfb\u52a0peer<\/p>\n<pre><code>\/interface\/wireguard\/peers\/add interface=wg-hk public-key=\"lYVc...AlE=\" endpoint=\u9999\u6e2fVPS\u7684\u516c\u7f51IP:10000 allowed-address=0.0.0.0\/0 preshared-key=\"93E...PSA=\"\r\n<\/code><\/pre>\n<p>\u7ed9\u672c\u5730routeros\u7684wg-hk\u63a5\u53e3\u914d\u7f6eIP\u5730\u5740<\/p>\n<pre><code>\/ip\/address\/add address=10.0.1.1\/30 interface=wg-hk\r\n<\/code><\/pre>\n<p>\u914d\u7f6e\u672c\u5730routeros\u7684\u7b56\u7565\u8def\u7531<br \/>\n\u53c2\u8003Routeros V7\u914d\u7f6e\u7b56\u7565\u8def\u7531\u548crouteros\u914d\u7f6evpn\u5206\u6d41\u5927\u9646ip<\/p>\n<p>\u5173\u4e8erouteros\u7684wireguard\u7684\u8bf4\u660e<br \/>\n1\uff0cmtu\u8981\u4fee\u6539\u62101500\uff0c\u4f7f\u7528\u9ed8\u8ba4\u76841420\u65f6\u4f1a\u6709\u90e8\u5206cdn\u4e0d\u80fd\u52a0\u8f7d\uff0c\u73b0\u8c61\u662f\u6d4f\u89c8\u5668\u62a5\u8d85\u65f6\u9519\u8bef\u3002mtu\u95ee\u9898\u7c7b\u4f3c\u60c5\u51b5\u53c2\u8003ikev2 \u5ba2\u6237\u7aefmtu\u5f15\u8d77\u7684\u7f51\u7edc\u6545\u969c<br \/>\n2\uff0cwireguard\u6bcf\u4e2a\u63a5\u53e3\u6709\u4e2a\u81ea\u5df1\u7684\u516c\u94a5\u5bf9\u5e94\u7684\u8def\u7531\u8868\uff0c\u914d\u7f6epeer\u5c31\u662f\u5199\u8def\u7531\u8868\uff0crouteros v7.1beta2\u76ee\u524d\u6709bug\uff0c\u914d\u7f6e\u591a\u4e2a\u76f8\u540c\u8def\u7531\u7684peer\uff0c\u5220\u9664\u540e\u914d\u7f6e\u7684\u4e0d\u4f1a\u6062\u590d\u4e4b\u524d\u7684\u8def\u7531\u3002<br \/>\n3\uff0crouteros v7.1beta2\u7684\u5168\u5c40\u8def\u7531\u8868\u548cwireguard\u7684\u8def\u7531\u8868\u53ef\u80fd\u5b58\u5728\u67d0\u4e9bbug\uff0c\u5982\u679c\u914d\u7f6e\u540e\u4e0d\u751f\u6548\uff0c\u53ef\u4ee5\u5220\u9664peer\u540e\u91cd\u65b0\u6dfb\u52a0\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Routeros\u57282019\u5e74\u4e0b\u534a\u5e74\u53d1\u5e03\u4e86V7\u7684beta\u7248\uff0c\u6211\u5728\u4e4b\u524d\u6587\u7ae0\u4e00\u76f4\u5728\u66f4\u65b0beta\u7248\u65b0\u7279\u6027\u30022020\u5e746 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-5850","post","type-post","status-publish","format-standard","hentry","category-mikrotik"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/5850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5850"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/5850\/revisions"}],"predecessor-version":[{"id":5851,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/5850\/revisions\/5851"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}