This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming Technical chat WireGuard-based access to peer LAN access
View: 6033|Reply: 18

WireGuard-based access to peer LAN access

[Copy link]
Posted on 10/15/2023 2:14:16 PM | | | |
Requirements: WireGuard is used to build a remote network, and each peer node can access each other, but if you want to access each other's LAN through the node, how should you configure it?

Use Docker to build WireGuard geonetworking
https://www.itsvse.com/thread-10681-1-1.html

Compare Tailscale, ZeroTier, WireGuard, OmniEdge, and Ngrok for geo-networking solutions
https://www.itsvse.com/thread-10646-1-1.html

Shanghai Mobile Computer wants to access other machines in the LAN where Shandong Unicom Computer is located, as shown in the figure below:



This article is not based on Docker, but directly builds WireGuard on the host machine. The environment is as follows:

  • Server: Ubuntu 20.04
  • Shanghai Mobile (Peer): Windows 11
  • Shandong Unicom (Peer): Rocky 8


Server configuration

Based on Ubuntu 20.04 system, with a public IP address, first set up to enable IP forwarding, the command is as follows:

Install WireGuard with the following commands:

The generation of the PublicKey public key and the PrivateKey private key actually has no connection between the server and the client, in fact, it is to help you generate the required configuration through the tool, the command is as follows:

The PresharedKey is optional, and the generated command is as follows:

Create a new wg0.conf configuration file in the /etc/wireguard/ directory, which is complete/etc/wireguard/wg0.confThe documents are as follows:

thereintoeth0Please start the WireGuard command according to your actual situation:



In fact, you can also use systemd to start wg0 and set boot start, etc., with the following command:



Peer Shanghai Mobile Configuration

To access other machines on the LAN where Shandong Unicom Peer is located, the configuration is as follows:


Peer Shandong Unicom configuration

Based on Rocky 8 system, you need to upgrade the system kernel first, otherwise you will get the error "Error: Unknown device type, Unable to access interface: Protocol not supported", the command is as follows:

Install WireGuard with the following commands:

You also need to set up IP forwarding to enable the following command:

Turn off the firewall, otherwise it may cause devices within the LAN to be inaccessible with the following command:

Similarly, create a new wg0.conf file, and configure the full /etc/wireguard/wg0.conf configuration as follows:

thereintoens192You need to set up the WG0 interface according to your actual situation, as follows:



Test

The machine in the Shandong Unicom LAN is accessed from Shanghai Mobile test, as shown in the following figure:



Reference:

The hyperlink login is visible.
The hyperlink login is visible.

(End)





Previous:The difference between Linux package management yum and dnf
Next:The front-end JS converts base64 into a blob and displays the image

Related Posts
 Landlord| Posted on 3/31/2024 2:08:39 PM |
Rocky Linux 9 installs wireguard

The latest version of Rocky Linux 9 comes with the default Linux kernel 5.14, which is embedded by default with the "wireguard" kernel module embedded on top of it. In this step, you will enable the Wirguard kernel module and install "wireguard-tools" on your Rocky Linux server.

To permanently load wireguard modules, you can run the following command to add a new configuration file to the "/etc/modules-load.d/" directory. This will permanently load the wireguard kernel module when the system boots. The command is as follows:

Once the "wireguard" kernel module is enabled, the "wireguard-tools" package must be installed to manage the Wireguard server. This includes generating keys, launching Wireguard servers, and more. The command is as follows:



 Landlord| Posted on 9/6/2025 10:54:01 PM |
Ubuntu 22.04 as a wireguard client

Installation

Create a new wg0.conf configuration

initiate

 Landlord| Posted on 11/28/2024 8:36:29 AM |
skystartx Posted on 2024-11-27 23:27
Can I ask the Lord? After going to the internal LAN, you can ping and SSH can also connect, but the http browser cannot access all the services...

If http is accessed through a domain name or an IP, if it is a domain name access, ping the domain name and testing whether the DNS is normal.

If it is a direct IP+ port access, can it be pinged, use telnet to test whether the TCP port is open, and if not, is the firewall turned on?
 Landlord| Posted on 10/15/2023 5:52:01 PM |
Measured by Shandong Unicom Peer can also be set directly with ikuai router:The hyperlink login is visible.



 Landlord| Posted on 8/4/2024 9:31:53 PM |
Xiaozha Posted on 2023-10-15 17:52
Actual measurement, Shandong Unicom Peer can also be set directly with the ikuai router: https://www.ikuai8.com/zhic/ymgn/lyym/wlsz/vpn/wi ...

If neededDevices under routers in different regions can communicate with each other, the topology diagram is set as follows:



 Landlord| Posted on 8/4/2024 9:33:36 PM |
WIREGUARD ALLOWEDIPS Calculator:https://www.procustodibus.com/bl ... owedips-calculator/
 Landlord| Posted on 8/5/2024 8:42:46 AM |
Throughput testing

Use iPerf3 to test device network communication speeds
https://www.itsvse.com/thread-10138-1-1.html




 Landlord| Posted on 8/5/2024 10:22:48 AM |
Android Client Download:The hyperlink login is visible.
IOS Client Download:The hyperlink login is visible.

Posted on 11/27/2024 3:11:24 AM |
Is the big guy here?
Posted on 11/27/2024 11:27:46 PM |
Can I ask the Lord? After going to the internal LAN, you can ping and SSH can also connect, but the http browser cannot access all services and cannot be accessed, which is probably the problem
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com