├── CNAME ├── _config.yml ├── index.md ├── .DS_Store ├── .github ├── dependabot.yml └── workflows │ ├── ci.yml │ └── pages.yml ├── Gemfile ├── .gitignore ├── LICENSE ├── docs ├── Gitpage Setup AIO.md ├── Untitled-1 └── VPN-WireGuard-AIO.md └── Gemfile.lock /CNAME: -------------------------------------------------------------------------------- 1 | gitpage.0214.icu -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | title: HomeLessXu 2 | description: ???? 3 | theme: just-the-docs 4 | -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Home 3 | layout: home 4 | --- 5 | 6 | Todo: 7 | homepage.. -------------------------------------------------------------------------------- /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Homeless-Xu/Homeless-Xu.github.io/main/.DS_Store -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: bundler 4 | directory: / 5 | schedule: 6 | interval: daily 7 | allow: 8 | - dependency-type: direct 9 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem "jekyll", "~> 4.3.3" # installed by `gem jekyll` 4 | # gem "webrick" # required when using Ruby >= 3 and Jekyll <= 4.2.2 5 | 6 | gem "just-the-docs", "0.9.0" # pinned to the current release 7 | # gem "just-the-docs" # always download the latest release 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Not sure what a .gitignore is? 2 | # See: https://git-scm.com/docs/gitignore 3 | 4 | # These are directly copied from Jekyll's first-party docs on `.gitignore` files: 5 | # https://jekyllrb.com/tutorials/using-jekyll-with-bundler/#commit-to-source-control 6 | 7 | # Ignore the default location of the built site, and caches and metadata generated by Jekyll 8 | _site/ 9 | .sass-cache/ 10 | .jekyll-cache/ 11 | .jekyll-metadata 12 | 13 | # Ignore folders generated by Bundler 14 | .bundle/ 15 | vendor/ 16 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | push: 5 | branches: ["main"] 6 | pull_request: 7 | 8 | jobs: 9 | # Build job 10 | build: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v4 15 | - name: Setup Ruby 16 | uses: ruby/setup-ruby@v1 17 | with: 18 | ruby-version: '3.3' # Not needed with a .ruby-version file 19 | bundler-cache: true # runs 'bundle install' and caches installed gems automatically 20 | cache-version: 0 # Increment this number if you need to re-download cached gems 21 | - name: Build with Jekyll 22 | run: bundle exec jekyll build 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 just-the-docs 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /docs/Gitpage Setup AIO.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Gitpage Setup AIO ✔️ 3 | layout: home 4 | --- 5 | 6 | 🔵 介绍 7 | 8 | 官方手册: https://pages.github.com/ 9 | 10 | 11 | 🔵 jeklly 主题: just the docs 12 | 13 | gitpage 是用jekyll 的构建的. 14 | 我主要是写文档. 目录是必要功能. 15 | 用jekyll 现成的主题就可以实现 https://just-the-docs.com/ 16 | 但是这个主题 最简单是在创建gitpage 前设置. 17 | 直接用这个主题模板 来创建gitpage 项目. 18 | 19 | 20 | 🔵 用just-the-docs模板新建项目 21 | 22 | https://just-the-docs.github.io/just-the-docs/#getting-started 23 | 点击 use the template 24 | 登录你的github. 创建项目 25 | 26 | 项目名格式必须是: username.github.io 27 | homeless-xu.github.io 28 | ( 不能是github.io 前面必须再加用户名) 29 | 30 | 确保可以 https://homeless-xu.github.io/ 31 | 32 | 33 | 🔶 配置github page 34 | 静态网站是要编译的. github 现在支持自动帮你编译. 开启下面功能就行. 35 | go to Settings > Pages > Build and deployment > Source, and select GitHub Actions 36 | 37 | 现在网站是正常显示了. 但是本地下载下来的... 还是得配置本地服务器. 不然不方便看效果. 38 | 39 | 40 | 🔵 自定义域名(可选) 41 | 42 | 如果有域名 可以用你自己的. 43 | 比如用 0214.icu 自动跳转到 https://homeless-xu.github.io/ 44 | 45 | 1. 域名验证: 46 | 登录域名网站 加个txt类型的域名记录. 成功后即可删除 47 | 48 | 2: 域名解析: cname 49 | 50 | 任意cname 解析到 https://xxxxx.github.io/ 51 | https://homeless-xu.github.io/ 52 | xxxxx 改成你自己的github用户名 53 | 54 | 55 | 🔵 jekyll 本地安装 56 | ( 只要是配置本地环境. 本地要可以预览网站. 方便写看网页效果. github自动的毕竟有延迟 10分钟内) 57 | git 先克隆git项目到本地. 58 | 59 | 安装依赖(看报错决定) 60 | gem install rexml -v 3.3.5 61 | bundle install 62 | 63 | 运行本地服务器 64 | bundle exec jekyll serve 65 | 66 | 127.0.0.1:4000 就可以本地访问了. 67 | 68 | 69 | 70 | -------------------------------------------------------------------------------- /.github/workflows/pages.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # Sample workflow for building and deploying a Jekyll site to GitHub Pages 7 | name: Deploy Jekyll site to Pages 8 | 9 | on: 10 | push: 11 | branches: ["main"] 12 | 13 | # Allows you to run this workflow manually from the Actions tab 14 | workflow_dispatch: 15 | 16 | # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages 17 | permissions: 18 | contents: read 19 | pages: write 20 | id-token: write 21 | 22 | # Allow one concurrent deployment 23 | concurrency: 24 | group: "pages" 25 | cancel-in-progress: true 26 | 27 | jobs: 28 | # Build job 29 | build: 30 | runs-on: ubuntu-latest 31 | steps: 32 | - name: Checkout 33 | uses: actions/checkout@v4 34 | - name: Setup Ruby 35 | uses: ruby/setup-ruby@v1 36 | with: 37 | ruby-version: '3.3' # Not needed with a .ruby-version file 38 | bundler-cache: true # runs 'bundle install' and caches installed gems automatically 39 | cache-version: 0 # Increment this number if you need to re-download cached gems 40 | - name: Setup Pages 41 | id: pages 42 | uses: actions/configure-pages@v5 43 | - name: Build with Jekyll 44 | # Outputs to the './_site' directory by default 45 | run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" 46 | env: 47 | JEKYLL_ENV: production 48 | - name: Upload artifact 49 | # Automatically uploads an artifact from the './_site' directory by default 50 | uses: actions/upload-pages-artifact@v3 51 | 52 | # Deployment job 53 | deploy: 54 | environment: 55 | name: github-pages 56 | url: ${{ steps.deployment.outputs.page_url }} 57 | runs-on: ubuntu-latest 58 | needs: build 59 | steps: 60 | - name: Deploy to GitHub Pages 61 | id: deployment 62 | uses: actions/deploy-pages@v4 63 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | addressable (2.8.7) 5 | public_suffix (>= 2.0.2, < 7.0) 6 | bigdecimal (3.1.8) 7 | colorator (1.1.0) 8 | concurrent-ruby (1.3.4) 9 | em-websocket (0.5.3) 10 | eventmachine (>= 0.12.9) 11 | http_parser.rb (~> 0) 12 | eventmachine (1.2.7) 13 | ffi (1.17.0-arm64-darwin) 14 | ffi (1.17.0-x86_64-darwin) 15 | ffi (1.17.0-x86_64-linux-gnu) 16 | forwardable-extended (2.6.0) 17 | google-protobuf (4.27.3-arm64-darwin) 18 | bigdecimal 19 | rake (>= 13) 20 | google-protobuf (4.27.3-x86_64-darwin) 21 | bigdecimal 22 | rake (>= 13) 23 | google-protobuf (4.27.3-x86_64-linux) 24 | bigdecimal 25 | rake (>= 13) 26 | http_parser.rb (0.8.0) 27 | i18n (1.14.5) 28 | concurrent-ruby (~> 1.0) 29 | jekyll (4.3.3) 30 | addressable (~> 2.4) 31 | colorator (~> 1.0) 32 | em-websocket (~> 0.5) 33 | i18n (~> 1.0) 34 | jekyll-sass-converter (>= 2.0, < 4.0) 35 | jekyll-watch (~> 2.0) 36 | kramdown (~> 2.3, >= 2.3.1) 37 | kramdown-parser-gfm (~> 1.0) 38 | liquid (~> 4.0) 39 | mercenary (>= 0.3.6, < 0.5) 40 | pathutil (~> 0.9) 41 | rouge (>= 3.0, < 5.0) 42 | safe_yaml (~> 1.0) 43 | terminal-table (>= 1.8, < 4.0) 44 | webrick (~> 1.7) 45 | jekyll-include-cache (0.2.1) 46 | jekyll (>= 3.7, < 5.0) 47 | jekyll-sass-converter (3.0.0) 48 | sass-embedded (~> 1.54) 49 | jekyll-seo-tag (2.8.0) 50 | jekyll (>= 3.8, < 5.0) 51 | jekyll-watch (2.2.1) 52 | listen (~> 3.0) 53 | just-the-docs (0.9.0) 54 | jekyll (>= 3.8.5) 55 | jekyll-include-cache 56 | jekyll-seo-tag (>= 2.0) 57 | rake (>= 12.3.1) 58 | kramdown (2.4.0) 59 | rexml 60 | kramdown-parser-gfm (1.1.0) 61 | kramdown (~> 2.0) 62 | liquid (4.0.4) 63 | listen (3.9.0) 64 | rb-fsevent (~> 0.10, >= 0.10.3) 65 | rb-inotify (~> 0.9, >= 0.9.10) 66 | mercenary (0.4.0) 67 | pathutil (0.16.2) 68 | forwardable-extended (~> 2.6) 69 | public_suffix (6.0.1) 70 | rake (13.2.1) 71 | rb-fsevent (0.11.2) 72 | rb-inotify (0.11.1) 73 | ffi (~> 1.0) 74 | rexml (3.3.5) 75 | strscan 76 | rouge (4.3.0) 77 | safe_yaml (1.0.5) 78 | sass-embedded (1.77.8-arm64-darwin) 79 | google-protobuf (~> 4.26) 80 | sass-embedded (1.77.8-x86_64-darwin) 81 | google-protobuf (~> 4.26) 82 | sass-embedded (1.77.8-x86_64-linux-gnu) 83 | google-protobuf (~> 4.26) 84 | strscan (3.1.0) 85 | terminal-table (3.0.2) 86 | unicode-display_width (>= 1.1.1, < 3) 87 | unicode-display_width (2.5.0) 88 | webrick (1.8.1) 89 | 90 | PLATFORMS 91 | arm64-darwin 92 | x86_64-darwin-24 93 | x86_64-linux-gnu 94 | 95 | DEPENDENCIES 96 | jekyll (~> 4.3.3) 97 | just-the-docs (= 0.9.0) 98 | 99 | BUNDLED WITH 100 | 2.5.9 101 | -------------------------------------------------------------------------------- /docs/Untitled-1: -------------------------------------------------------------------------------- 1 | --- 2 | title: VPN WierGuard Demo: VPS + Ros ✔️ 3 | layout: home 4 | --- 5 | 6 | 7 | 8 | 🔵 Goal ✅ 9 | 10 | VPS: have Public IP. 11 | Ros: No Public IP. 12 | 13 | 有公网IP的 全球都能访问. 14 | 没公网IP的 只有本地可以访问. 15 | 16 | 要全球可以访问没公网IP的设备. 必须用一个公网IP 作为跳板. 17 | 通过VPN 把VPS 和Ros 连起来后. 就可以全球都可以访问Ros. 就是内网穿透. 18 | 19 | 一般是本地路由器 和 VPS 组VPN. 20 | 因为本地路由器本身可以访问本地所有网段. 21 | 配置好后 服务器VPS 也可以访问本地所有网段. 22 | 23 | 硬件路由器/防火墙不支持WG的话. 可以用虚拟机路由器. 比如Ros的CHR版本. 24 | 25 | 26 | 🔵 网络架构 ✅ 27 | 28 | Local_Client ➜ Local_Router: ROS ➜ Public_Server: VPS 29 | VPN_Client VPN_Server 30 | 10.0.0.92/32 10.0.0.1/32 31 | 10.111.111.0/24 10.111.111.92/24 32 | 10.222.222.0/24 33 | 192.168.9.0/24 34 | 35 | 36 | 37 | 38 | 🔵 配置总结 39 | 40 | 41 | 🔶 密钥介绍 42 | 一般带公网IP的VPN服务器只有一个. 43 | 一般没公网IP的VPN客户端可以有很多个. 44 | 45 | 所有要建立vpn连接的设备 都需要生成一对密钥. 46 | 47 | 服务器只要生成一对密钥. 48 | 每个客户端都需要生成一对密钥. 49 | 50 | 每个客户端的公钥 要配置到服务器的 配置文件. 51 | 服务器的公钥 要配置到客户端的 配置文件. 52 | 53 | 54 | 🔶 allowed address 介绍 55 | 56 | 这个是决定VPN路由的关键参数! 必须理解. 57 | 58 | 决定哪些ip 是要用vpn 来发给对方的! 相当于过滤器. 59 | 60 | 首先 VPN网卡本身 是必须允许的. 不然vpn都建立不起来. 61 | 62 | 然后如果是翻墙. 过滤是在 VPN 客户端配置的. 63 | 如果是内网穿透. 过滤是在 VPN 服务器配置的. 64 | 65 | 0.0.0.0/0 ➜ 允许全部允许. 就是所有流量都走vpn端口. 66 | 192.168.9.0/24 ➜ 允许192.xxx 只允许这个网段走VPN. 67 | 68 | 69 | 🔶 allow ip Demo (内网穿透) 70 | 71 | VPN 服务器 allowedIPS: 允许VPN客户端网卡 + 要穿透的网段. 72 | VPN 客户端 allowedIPS: 允许VPN服务器网卡 73 | 74 | 内网穿透 数据先到服务器. 所有过滤是在服务器端设置. 75 | 至于vpn网卡. 那时搭建vpn必须开启的. 76 | 77 | 78 | 🔶 keepalive 79 | 25秒 80 | 这个也是必须的. 81 | 客户端是没有公网ip的. 服务器才有公网IP. 82 | 客户端可以随时连上服务器. 服务器是连不进客户端的. 83 | 只能客户端持续发起请求.比如每25秒一次请求. 这样双方才能一直保持连接. 服务器才能随时穿透到内网. 84 | 不然客户端一段时间不活动 是会自动断开连接的. 断开后服务器是连不进来的 85 | 86 | 87 | 88 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 Key Generate: Server + client 89 | 90 | 🔵 Server: Debian 91 | 92 | wg genkey ➜ use this generte private key 93 | echo "PrivateKey" | wg pubkey ➜ use private key generate public key 94 | 95 | 96 | VPS.D12 ~ wg genkey 97 | EJo1+8gS1GWe+Aa6Wk2vDQgTixkkltpNCBKwOBOGtlI= 98 | VPS.D12 ~ ls 99 | VPS.D12 ~ echo "EJo1+8gS1GWe+Aa6Wk2vDQgTixkkltpNCBKwOBOGtlI=" | wg pubkey 100 | 1bPZcpX5MRyeMRaEDCroTlEKWazsI7pPqCQaiwEmfhM= 101 | 102 | 103 | 🔵 Client: Ros CHR 104 | 105 | wireguard >> wireguard >> create new ➜ auto create a pair for you 106 | 107 | 108 | 109 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 Server Config 110 | 111 | 🔵 vps 创建配置文件 112 | 113 | [Interface] 114 | # set wg server ip and mask. 115 | # set ip not ip range so use /32 116 | Address = 10.0.0.1/32 117 | PrivateKey = EJo1+8gS1GWe+Aa6Wk2vDQgTixkkltpNCBKwOBOGtlI= 118 | ListenPort = 4455 119 | 120 | 121 | # Ros_CHR-M920_VM 122 | [Peer] 123 | PublicKey = 8Cm4FruYWEYESsFb1Mw1JhK7OTNnKEOn7n7QSRKGsl4= 124 | # 下面写上去的ip. 会自动加到服务器的路由表里. 所有下面加上的ip段会通过vpn网卡转发 125 | AllowedIPs = 10.0.0.92/32, 10.111.111.0/24, 10.222.222.0/24, 192.168.9.0/24 126 | 127 | 128 | 🔵 服务器 129 | 130 | 启动 wg: sudo wg-quick up /root/WireGuardNoDEL.conf 131 | 停止 wg: sudo wg-quick down /root/WireGuardNoDEL.conf 132 | 查看状态: wg 133 | 134 | 135 | 136 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 Client Config: Ros_CHR 137 | 138 | 🔵 ros 基础设置 139 | 140 | - ros reset all 141 | - ros bridge 所有网卡并启用dhcp. 142 | 143 | 🔵 wg 配置 144 | 145 | 🔶 创建vpn网卡 146 | 147 | web >> wireguard >> wireguard >> add new >> 148 | name: wgClientRos 149 | 150 | 创建网卡 会自动生成密钥. 151 | 152 | 153 | 🔶 给VPN 网卡设置IP 154 | 155 | web >> ip >> address >> add 156 | address : 10.0.0.92/24 157 | interface: wgClientRos 158 | 159 | 160 | 🔶 配置peer 连服务器 161 | web >> wireguard >> peers >> add new 162 | interface: wgClientRos 163 | public key: 服务器的公钥! (服务器上用 wg 命令可以看到公钥) 164 | private key: 可忽略! 165 | endpoint: 服务器ip 或者域名 166 | endpoint port: 服务器 vpn 的端口 4455 (服务器上用 wg 命令可以看端口) 167 | keepalive: 25 秒. 没公网ip的那端 必须设置. 168 | 169 | 170 | 🔵 客户端 NAT 功能 ( masquerade ) 171 | 我们这边的客户端是路由器. 真正要访问的设备是在路由器后面的. 172 | 所有要再加一个NAT. 173 | 如果你的vpn客户端是直接安装在手机/电脑上. 可以不用这个. 174 | 175 | 176 | 服务器 可以平10.111.111.92 也就是路由器的ip. 177 | 但是不能ping 10.111.111.1 内网的其他设备. 178 | 179 | ros 的ip转发默认开启的. 应该是ros 防火墙配置问题. 180 | 181 | 连接两个不同的网段 是需要nat 功能的. 182 | 比如路由器最常见的是连接内网和互联网. 明显两个不同的网断. 183 | 这边vpn的网段是10.0.0.0/24 和你要访问的内网 10.111.111.0/24 也是不一样的. 184 | 185 | /ip firewall nat add chain=srcnat src-address=10.0.0.0/24 action=masquerade 186 | 187 | ❗️ 只需要 src-address=10.0.0.0/24 改成你自己vpn网断就行 ❗️ 188 | 189 | 190 | -------------------------------------------------------------------------------- /docs/VPN-WireGuard-AIO.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: VPN WireGuard+FRP AIO ✔️ 3 | layout: home 4 | --- 5 | 6 | 7 | 8 | 🔵 Summary ✔️ 9 | 10 | Wireguard ➜ Powerful + difficult learn 11 | frp ➜ enough + easy learn 12 | 13 | So Wireguard for main use. Frp for backup. 14 | 15 | 16 | 17 | 🔵 map ✔️ 18 | 19 | VPS_Linux: WWW ➜ Wireguard Server + Frp Server 20 | 21 | CHR_Mikrotik: LAN ➜ Wireguard Client 22 | Windows: LAN ➜ Frp Client_01 23 | HAOS: LAN ➜ Frp Client_02 24 | 25 | 26 | 27 | 28 | 🔵 CHR + ESX 29 | 30 | Download (ESX Choose OVA) 31 | https://mikrotik.com/download#chr 32 | 33 | 34 | 35 | 36 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 37 | 🔵 WireGuard Config 38 | 39 | 40 | 41 | VPN. - Wireguard 💯💯💯💯💯💯 42 | 43 | 44 | 45 | 1. wireguard-main 2.frp-backup 46 | 47 | 48 | WWW: VPS: wireguard_Srv + FRP.Srv 49 | LAN: RB4: Wireguard_Cli + 50 | LAN: RP4: Frp.Cli 51 | 52 | 53 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 54 | 55 | 🟢 install wg ✅ 56 | 🔻 vps: sudo apt-get install wireguard 57 | 58 | 🔻 ros: build in 59 | 60 | 🔻 mac: donwload app 61 | 62 | 63 | 64 | 🟢 Gener Key Pair ✅ 65 | 66 | 🔶 vps 67 | 用命令生成私钥: wg genkey 68 | 用私钥生成公钥: echo "<私钥>" | wg pubkey 69 | 70 | 71 | root@racknerd-3725a7:~# wg genkey 72 | OMr1eMK9KBTEBV/yNQC3XKeoFUMJX/3tB1yyFEZIuF8= 73 | root@racknerd-3725a7:~# echo "OMr1eMK9KBTEBV/yNQC3XKeoFUMJX/3tB1yyFEZIuF8=" | wg pubkey 74 | naYclosZQgeZmCVNblebhradLz1GTWwqz3ld7STtCXo= 75 | 76 | 77 | 🔶 ros (add new wireguard .not peer) 78 | 79 | 🔻 create key 80 | 81 | web >> wireguard >> wireguard (not peers) 82 | create new: auto gener public key. 83 | 84 | WjSheBEikMFO4oP04/9oY4mQy1Gwssz4rMjIKvcDXXQ= 85 | 86 | 87 | 🔻 check key 88 | 89 | [admin@MikroTik] > /interface/wireguard/print  90 | Flags: X - disabled; R - running 91 | 0 R name="wireguard1" mtu=1420 listen-port=4455 private-key="sFWQyTEcsAN7zAFIrxOCeChcUsyFWAdLNH1B0pEJPUI=" public-key="YG4jDuVVJXIJaCUeIorz7yho6ldasbuBBl96Lc4OHEI=" 92 | 93 | 94 | 🔻 Mac 95 | install wireguard. 96 | create new: auto gen key pair 97 | 98 | 99 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 Server config - vps 100 | 101 | 🟢 config wg server (vps) 102 | 103 | 🔶 Create wg config file 104 | vi /etc/wireguard/wg0.conf 105 | 106 | 107 | # 🔻 Server config 💯 108 | [Interface] 109 | # set wg server ip and mask 110 | Address = 10.0.0.1/24 111 | PrivateKey = OMr1eMK9KBTEBV/yNQC3XKeoFUMJX/3tB1yyFEZIuF8= 112 | ListenPort = 4455 113 | 114 | 115 | 116 | # 🔻 Client Config-iMac 💯 117 | [Peer] 118 | # imac public key 119 | PublicKey = MEZwFsDUjpgcYMGZfw/VToVrgWDsN62M5lRr34CwuVM= 120 | # imac ip 121 | AllowedIPs = 10.0.0.99/24 122 | 123 | 124 | # # 🔻 Client Config-Router 125 | [Peer] 126 | PublicKey = YG4jDuVVJXIJaCUeIorz7yho6ldasbuBBl96Lc4OHEI= 127 | AllowedIPs = 10.0.0.2/24 128 | 129 | 130 | 131 | 132 | 133 | 134 | 🔶 run wg 135 | sudo wg-quick up wg0 136 | 137 | 138 | 139 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 client - imac 💯 140 | 141 | [Interface] 142 | PrivateKey = +CHYiqlOl9QWtui+FQ+TPYyn5hYjeq5Q7hEkv3aVD2M= 143 | Address = 10.0.0.99/24 144 | 145 | [Peer] 146 | PublicKey = naYclosZQgeZmCVNblebhradLz1GTWwqz3ld7STtCXo= 147 | AllowedIPs = 10.0.0.1/24 148 | Endpoint = 148.135.67.4:4455 149 | 150 | 151 | 152 | 153 | 154 | 155 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 client - ros 💯 156 | 157 | ❗️ ros 必须要给vpn网卡设置ip的! ip 不再wg里面设置. 是ros其他地方设置的❗️ 158 | ❗️ ros 必须要给vpn网卡设置ip的! ip 不再wg里面设置. 是ros其他地方设置的❗️ 159 | ❗️ ros 必须要给vpn网卡设置ip的! ip 不再wg里面设置. 是ros其他地方设置的❗️ 160 | 161 | 162 | ros 有两个wg 设置: 一个是 wireguard 一个是peer. 163 | 总共三步. 164 | 165 | 1. ros>wireguard 生成一对密钥 以及一个wg的网卡 166 | 2. 去ros > interface > 给新建的wg网卡设置ip 167 | 3. ros>peer 配置wg 服务端的信息. 168 | 169 | wireguard: 用来生成密钥对而已的!!! 以及一个vpn网卡(但是没有IP 必须另外设置)!!! 170 | 171 | 172 | 173 | 🔶 ros peer 174 | 175 | public key: use vps server public key 176 | endpoint: use vps server public ip. 148.135.67.4 177 | endpoint port: 4455 178 | allowed address: 0.0.0.0/0 所有流浪走vpn. 179 | allowed address: 10.0.0.1/24 这样只允许 10.0.0.1/24 网段的设备用vpn(也就是内网穿透). 本地出去不走vpn 的. 180 | 181 | 182 | 183 | 184 | 185 | 186 | 🟢 防火墙设置. 187 | 188 | 🔶 vps - allow 189 | allow 4455 端口 190 | 191 | sudo ufw allow 4455/udp 192 | sudo ufw reload 193 | 194 | 🔶 vps - check 195 | sudo ufw status verbose 196 | 197 | 4455/udp ALLOW IN Anywhere 198 | 199 | 200 | 🔶 本地? 201 | 只要设置有公网ip那边的 端口就行. 202 | 本地是不用设置的. 203 | 本地发起连接服务器. 只用到服务器的固定端口. 204 | 连接成功后. 本地端口是不固定的. 不用设置. 205 | 简单说 客户端和服务器. 只要设置服务器的防火墙就行. 206 | 207 | 208 | 🟢 vps 启动wg 209 | 210 | 211 | sudo wg-quick up wg0 212 | 213 | 🔶 vps wg 状态 214 | 215 | VPS wireguard sudo wg 216 | interface: wg0 217 | public key: oG5dpI7+/mWvXrWJ60SrGnOG+yIfv35w50O6Mww0GSE= 218 | private key: (hidden) 219 | listening port: 4455 220 | 221 | peer: WjSheBEikMFO4oP04/9oY4mQy1Gwssz4rMjIKvcDXXQ= 222 | allowed ips: 10.0.0.2/32 223 | 224 | 225 | 🔶 226 | 227 | 228 | 🔶 端口测试 ( 服务器必须先启动服务的. 不然肯定不通啊) 229 | 230 | nmap -sU -p 4455 148.135.67.4 231 | 232 | 233 | 🔵 Wireguard. Config . 234 | 235 | 236 | 237 | 🔶 vps. install wg 238 | 239 | 240 | 241 | 242 | 🔶 vps. create key pair 243 | 244 | 245 | 246 | 247 | 🔶 vps. config wg 248 | /etc/wireguard/wg0.conf 249 | 250 | 251 | [Interface] 252 | Address = 10.0.0.1/24 253 | PrivateKey = <服务器的私钥> 254 | ListenPort = 51820 255 | 256 | [Peer] 257 | PublicKey = <客户端的公钥> 258 | AllowedIPs = 10.0.0.2/32 259 | 260 | 261 | 262 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 debug 263 | 264 | 🟢 vps - debugt 265 | 266 | 🔻日志 267 | sudo journalctl | grep wireguard 268 | 269 | 270 | 🔻 卸载重装 271 | sudo apt-get purge wireguard 272 | 273 | 274 | 🔻 禁止重启. 用docker 275 | sudo systemctl disable wg-quick@wg-vps.service 276 | 277 | 278 | 279 | m8XF1tR2xBwCp35Nn0 280 | 281 | 282 | 🟢 ros 283 | 284 | 🔶 WG info 285 | 286 | [admin@MikroTik] > /interface/wireguard/print  287 | Flags: X - disabled; R - running 288 | 0 R name="wireguard1" mtu=1420 listen-port=4455 private-key="sFWQyTEcsAN7zAFIrxOCeChcUsyFWAdLNH1B0pEJPUI=" public-key="YG4jDuVVJXIJaCUeIorz7yho6ldasbuBBl96Lc4OHEI=" 289 | 290 | 291 | 292 | 🔶 peer info 293 | [admin@MikroTik] /interface/wireguard/peers> print  294 | Columns: INTERFACE, PUBLIC-KEY, ENDPOINT-ADDRESS, ENDPOINT-PORT, ALLOWED-ADDRESS 295 | # INTERFACE PUBLIC-KEY ENDPOINT-ADDRESS ENDPOINT-PORT ALLOWED-ADDRESS 296 | 0 VPS oG5dpI7+/mWvXrWJ60SrGnOG+yIfv35w50O6Mww0GSE= 148.135.67.4 4455 10.0.0.1/32 297 | 298 | 299 | 300 | 301 | 302 | 303 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 rb4.. 304 | 305 | 306 | # ros-rb4 307 | [Peer] 308 | PublicKey = lYRLcSQCPLGM7V9J2TW64PlU4aG4lv4XIsOvIsyYf2o= 309 | AllowedIPs = 10.0.0.3/24 310 | 311 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 debug.- 312 | 313 | 🔶 cat ping 314 | 315 | 316 | tcpdump 317 | 318 | 319 | 320 | sudo tcpdump -i icmp 321 | sudo tcpdump -i wg0 icmp 322 | 323 | 324 | 325 | 326 | ssh -p 21922 root@148.135.67.4 327 | 328 | 329 | 330 | 331 | 332 | 🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵🔵 防火墙. 端口转发 💯 333 | 334 | 335 | 
 336 | 337 | --------------------------------------------------------------------------------