如何使用Wireguard设置双VPN?
我正在尝试通过NordVPN来路由一个家庭虚拟专用网,但是我不能使它工作。
基本上,我想要我的互联网请求去:电话->家-> NordVPN。原因是我想要一个拆分式VPN,它可以访问我的家庭设备,同时还可以访问互联网,而不需要提供我的IP。
硬件
覆盆子Pi 4
Debian 10
$ uname -srvmpio
Linux 5.10.0-0.bpo.4-arm64 #1 SMP Debian 5.10.19-1~bpo10+1 (2021-03-13) aarch64 unknown unknown GNU/Linux软件
docker-compose.yml
version: "3.8"
services:
vpn:
image: bubuntux/nordvpn
cap_add:
- NET_ADMIN # Required
- SYS_MODULE # Required for NordLynx
sysctls:
- net.ipv4.conf.all.rp_filter=2 # Required for Nordlynx
devices:
- /dev/net/tun # Required
environment:
- USER=${NORDVPN_USERNAME}
- PASS=${NORDVPN_PASSWORD}
- CONNECT=${NORDVPN_CONNECT}
- TECHNOLOGY=NordLynx
- TZ=${TZ}
- PORTS=64444;51820
- CYBER_SEC=Enable
ports:
- 64444:51820
wireguard:
image: ghcr.io/linuxserver/wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
TZ: ${TZ}
SERVERURL: ${URL}
PEERS: peer1,peer2
# INTERNAL_SUBNET: 10.13.13.0 #optional
depends_on:
- vpn
volumes:
- ${DOCKERCONFIG}/wireguard:/config
- /lib/modules:/lib/modules:ro
network_mode: service:vpn它在没有vpn的情况下工作,这要归功于端口转发。
有没有人知道该怎么做?
非常感谢:)
回答 1
Stack Overflow用户
发布于 2021-06-28 04:06:14
https://unix.stackexchange.com/a/365296 -对我来说就是答案。通过添加路由允许Wireguard在回复连接时通过NordVPN容器的桥接网络,而不是尝试通过NordVPN的服务器路由,我能够连接一个客户端,该客户端随后通过Wireguard路由流量,然后路由到NordVPN。
首先,我给出了定义的私有IP子网172.18.0.0/24:
networks:
private:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.18.0.0/24然后将其附加到NordVPN容器:
networks:
private:
ipv4_address: 172.18.0.2这允许我在Wireguard容器上定义路由:
ip rule add from 172.18.0.2 table 128 # interface IP for container eth0 on the NordVPN network stack we specified in networks -> private -> ipv4_address
ip route add table 128 to 172.18.0.0/24 dev eth0 # the subnet range for NordVPN container eth0 interface
ip route add table 128 default via 172.18.0.1 # the default gateway要使此配置持久化,您可以在Wireguard接口设置文件config/wg0.conf中的interface标签下添加另一个PostUp & PostDown参数,并使用docker-compose重新启动第一次应用。注意: Wireguard接受多个PostUp & PostDown参数,保留Wireguard生成的已经存在的PostUp & PostDown。
PostUp = ip rule add from 172.18.0.2 table 128; ip route add table 128 to 172.18.0.0/24 dev eth0; ip route add table 128 default via 172.18.0.1
PostDown = ip rule del from 172.18.0.2 table 128; ip route del table 128 to 172.18.0.0/24 dev eth0; ip route del table 128 default via 172.18.0.1为子孙后代共享撰写文件:
---
version: "3.3"
services:
vpn:
image: ghcr.io/bubuntux/nordvpn
container_name: nordvpn
cap_add:
- NET_ADMIN # Required
- SYS_MODULE
ports:
- $EXTERNAL_WG_PORT:51820/udp
environment: # Review https://github.com/bubuntux/nordvpn#environment-variables
- USER=$NORDUSR # Required
- PASS=$NORDPW # Required
- CONNECT=$COUNTRY
- TECHNOLOGY=NordLynx
- NETWORK=172.18.0.0/24 # So it can be accessed within the local network
- PORTS=$EXTERNAL_WG_PORT;51820
- FIREWALL=Enable
- KILLSWITCH=Enable
- CYBER_SEC=Enable
- DNS=$NV_DNS
sysctls:
- net.ipv4.conf.eth0.rp_filter=2
devices:
- /dev/net/tun
restart: unless-stopped
networks:
private:
ipv4_address: 172.18.0.2
wireguard:
image: ghcr.io/linuxserver/wireguard
container_name: wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
environment:
- PUID=$PUID
- PGID=$PGID
- TZ=$TZ
- SERVERURL=$FQDN #optional
- SERVERPORT=$EXTERNAL_WG_PORT #optional
- PEERS=3 #optional
- PEERDNS=$WG_DNS #optional
- INTERNAL_SUBNET=172.21.88.0/24 #optional
- ALLOWEDIPS=$ALLOWEDIPS
volumes:
- ./config:/config
- ./modules:/lib/modules
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
network_mode: service:nordvpn
restart: unless-stopped
depends_on:
- nordvpn
networks:
private:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.18.0.0/24https://stackoverflow.com/questions/67134713
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号