如何在FreeBSD Jail中安装Wireguard VPN客户端
时间:2020-01-09 10:39:16 来源:igfitidea点击:
我在Debian 10 Linux机器上安装/设置了Wireguard VPN服务器。
如何在FreeBSD Jail中安装,配置和设置Wireguard客户端?
WireGuard是一种开源软件应用程序和通信协议,可实现VPN来以路由或桥接模式创建安全的点对点连接。
它最初是为Linux开发的,但现在已移植到FreeBSD和其他操作系统。
本教程说明如何在FreeBSD系统(包括 Jail)上安装和设置WireGuard客户端。
关于FreeBSD Jail的说明
确保为 Jail取消隐藏tun*和bpf*设备。
例如,这是我使用cat命令显示的配置文件:
# cat /etc/devfs.rules
[devfsrules_jail_theitroad-jail=5] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path 'tun*' unhide add path 'bpf*' unhide add path zfs unhide
步骤1更新FreeBSD
运行以下pkg命令:
# pkg update # pkg upgrade
搜索WireGuard软件包,运行:
# pkg search wireguard
wireguard-1.0.20200513 Fast, modern and secure VPN Tunnel wireguard-go-0.0.20200320 WireGuard implementation in Go
步骤2在FreeBSD Jail中安装Wireguard VPN客户端
执行以下命令以在FreeBSD Jail或FreeBSD主机中安装Wireguard VPN客户端:
# pkg install wireguard
步骤3为WireGuard VPN客户端生成私钥和公钥
我们需要使用wg命令命令。
它是用于获取和设置WireGuard隧道接口配置的配置实用程序:
# cd /usr/local/etc/wireguard/ # umask 077; wg genkey | tee privatekey-remote-ln-sg-vpn | wg pubkey > publickey-remote-ln-sg-vpn # ls -l # cat privatekey-remote-ln-sg-vpn publickey-remote-ln-sg-vpn
步骤4创建wg0.conf文件
使用诸如vim之类的文本编辑器来编辑/更新wg0.conf文件:
# vim /usr/local/etc/wireguard/wg0.conf
配置文件示例:
# WireGuard config client for Linode VPN server running on Debian 10 #
[Interface]
## FreeBSD client's private key here ##
PrivateKey = {FreeBSD_Jail_PRIVATE_KEY_HERE}
## Client ip address as per your set up ##
Address = 172.16.0.3/24
## Set DNS as per your VPN set up ##
DNS = 10.8.0.1
[Peer]
## Debian 10 WireGuard server's public key goes here ##
PublicKey = {SERVER_PUBLIC_KEY_HERE}
## set ACL ##
AllowedIPs = 0.0.0.0/0
## Your Debian 10 WireGuard server's public IPv4/IPv6 address and port goes here ##
Endpoint = {WG_PUBLIC_IP}:{WG_PORT}
## Keep connection alive ##
PersistentKeepalive = 15
步骤4开启WireGuard VPN客户端服务
执行以下sysrc命令:
# sysrc wireguard_interfaces="wg0" # sysrc wireguard_enable="YES"
步骤5第一次在FreeBSD Jail上运行WireGuard VPN客户端
service命令的语法如下:
启动Wireguard VPN客户端
# service wireguard start
[#] wireguard-go wg0 INFO: (wg0) 2020/08/08 12:24:37 Starting wireguard-go version 0.0.20200320 [#] wg setconf wg0 /tmp/tmp.DjieZIFu/sh-np.EtDMVd [#] ifconfig wg0 inet 172.16.0.3/24 172.16.0.3 alias [#] ifconfig wg0 mtu 1420 [#] ifconfig wg0 up [#] resolvconf -a wg0 -x [#] route -q -n add -inet 0.0.0.0/1 -interface wg0 [#] route -q -n add -inet 128.0.0.0/1 -interface wg0 [#] route -q -n add -inet 13.xxx.yyy.zzz -gateway 192.168.1.254 [+] Backgrounding route monitor
停止Wireguard VPN客户端
# service wireguard stop
重新启动Wireguard VPN客户端
# service wireguard restart
获取Wireguard VPN客户端的状态
# wg # ps aux | grep wireguard
步骤5测试WireGuard VPN连接
让我们验证VPN连接性。
运行ping命令以将ICMP ECHO_REQUEST数据包发送到网络到VPN服务器IP地址172.16.0.1:
# ping -c 4 ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1): 56 data bytes 64 bytes from 172.16.0.1: icmp_seq=0 ttl=64 time=41.848 ms 64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=41.683 ms 64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=41.793 ms 64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=42.089 ms --- 172.16.0.1 ping statistics -- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 41.683/41.853/42.089/0.149 ms
使用ifconfig命令和netstat命令查看路由信息:
# ifconfig # ifconfig wg0
wg0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1420 options=80000<LINKSTATE> inet 172.16.0.3 --> 172.16.0.3 netmask 0xffffff00 nd6 options=101<PERFORMNUD,NO_DAD> groups: tun Opened by PID 96281
在FreeBSD上查看路由信息:
# netstat -f inet -r -n # netstat -f inet6 -r -n
确保使用host命令/dig命令/drill命令获取VPN端点的公共IPv4/IPv6地址:
# drill TXT +short o-o.myaddr.l.google.com @ns1.google.com # dig TXT +short o-o.myaddr.l.google.com @ns1.google.com
;; ->>HEADER
