openwrt作为wireguard客户端

Openwrt 作为wireguard客户端

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# /etc/config/network

config interface 'wg1111'
        option proto 'wireguard'
        # 客户端私钥
        option private_key 'xxxxxxxxxxxxxxxxxxx'
        list addresses '10.1.1.2/32'
        list dns '223.5.5.5'

config wireguard_wg1111
        option description '导入对端配置'
        # 服务器公钥
        option public_key 'xxxxxxxxxxxxxxxxxxxx'
        option endpoint_host '171.213.155.81'
        option endpoint_port '2023'
        option persistent_keepalive '25'
        list allowed_ips '10.1.1.1/24'
        option route_allowed_ips '1'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# /etc/config/firewall

config zone
        option name 'wireguard'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'wg1111'
        option masq '1'
        list device 'wg1111'

config forwarding
        option src 'lan'
        option dest 'wireguard'

配置接口

image-20260227175305145

image-20260227175530178

image-20260227175832305

1
2
# 私钥导出公钥
echo 'xxxxxxx' |wg pubkey

image-20260227180854565

配置防火墙

image-20260227180931644

image-20260227175944557