文章介绍:使用VyOS Stream Q2 版本部署wg-easy,通过DDNS技术动态更新ipv6,然后通过拨IPv6访问家里内网资源。
一、VyOS
1.1、VyOS镜像
1.2、VyOS安装
1.3、VyOS配置
二、wg-easy
三、VyOS配置
3.1、VyOS基本配置
set firewall global-options all-ping 'enable'
set firewall global-options broadcast-ping 'disable'
set firewall global-options directed-broadcast 'enable'
set firewall global-options ip-src-route 'disable'
set firewall global-options ipv6-receive-redirects 'disable'
set firewall global-options ipv6-src-route 'disable'
set firewall global-options log-martians 'enable'
set firewall global-options receive-redirects 'disable'
set firewall global-options send-redirects 'enable'
set firewall global-options source-validation 'disable'
set firewall global-options state-policy established action 'accept'
set firewall global-options syn-cookies 'enable'
set firewall global-options twa-hazards-protection 'disable'
set interfaces ethernet eth0 address '10.97.97.6/24'
set interfaces ethernet eth0 address 'dhcpv6'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0 address '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth0 sla-id '0'
set interfaces ethernet eth0 dhcpv6-options pd 0 length '64'
set interfaces ethernet eth0 ipv6 address autoconf
set nat source rule 100 outbound-interface name 'eth0'
set nat source rule 100 translation address 'masquerade'
set protocols static route 0.0.0.0/0 next-hop 10.97.97.1
set system name-server '10.97.97.1'
3.2、DDNS配置
set service dns dynamic name DDNS-CF-v6 address interface 'eth0'
set service dns dynamic name DDNS-CF-v6 host-name 'wg-ipv6.yydy.link'
set service dns dynamic name DDNS-CF-v6 ip-version 'ipv6'
set service dns dynamic name DDNS-CF-v6 password '你的全局DNS token'
set service dns dynamic name DDNS-CF-v6 protocol 'cloudflare'
set service dns dynamic name DDNS-CF-v6 zone 'yydy.link'
3.3、WG-EASY配置
3.3.1、拉取镜像
sudo podman pull ghcr.io/wg-easy/wg-easy:15.1
3.3.2、创建外置数据存储位置
sudo mkdir -p /config/podman/wg-easy
3.3.3、启动wg-easy
set container name wg-easy allow-host-networks
set container name wg-easy capability 'net-admin'
set container name wg-easy capability 'net-raw'
set container name wg-easy capability 'sys-admin'
set container name wg-easy environment DISABLE_IPV6 value 'true'
set container name wg-easy environment INSECURE value 'true'
set container name wg-easy host-name 'wg-easy'
set container name wg-easy image 'ghcr.io/wg-easy/wg-easy:15.1'
set container name wg-easy restart 'always'
set container name wg-easy volume modules destination '/lib/modules'
set container name wg-easy volume modules mode ro
set container name wg-easy volume modules source '/lib/modules'
set container name wg-easy volume wa-easy destination '/etc/wireguard'
set container name wg-easy volume wa-easy source '/config/podman/wg-easy'
3.3.4、查看端口监听状态
sudo ss -atunlp |grep 182
四、设置wg-easy
4.1、首次登录
- 登录地址:http://vyos-eth0-ipv4:51821
4.2、Web配置
4.3、创建客户端
4.4、手机扫码登录
4.5、用户显示在线
