2018年8月

目标安装系统:VMware ESXi 6.7
注意事项:DELL服务器是一定要组RAID才能识别到硬盘,不过不用担心,一块硬盘也能组RAID0。
按F10进入lifecycle controller(非常有用的setup程序),F2 BIOS,F11 引导菜单

设置RAID进入lifecycle配置即可。

如果需要设置多个RAID(因为需要组RAID才能识别硬盘),在开机段按Ctrl + R进入RAID配置,按F2添加新RAID即可。

在IDRAC查看物理磁盘状态,磁盘为"联机"即配置成功,可以被操作系统或者安装程序识别到。

由于中国大陆的网络环境,选择海外主机进行部署搭建测试。

所使用虚拟机:新加坡、日本、悉尼
操作系统:Ubuntu 18.04 64bit (由于CentOS内核版本太低,故选择Ubuntu 原因)
部署网络结构:
Spoke Hub

无标题.jpg

建立隧道前,先生成私钥和公钥:

wg genkey > private
wg pubkey < private

新加坡:
私钥:ENlsrOGZcE9ph8UWxqdY2gprIfGreR1YKqZ77dHFeV0=
公钥:OrpjX4Vf7GUCoM2CC7uAEE8pJ3kWPn6Q8jh/1Z26Yy0=
隧道IP:10.0.0.1

日本:
私钥:0M62vb8nFrC+TOYSjYvzqD/zI3tl/uxBUlK3NWNGmW0=
公钥:VSHTzaD+HHeFn27IgCSu8qoZ+It3w4OL+L6Btnx6+G8=
隧道IP:10.0.0.2

悉尼:
私钥:yCrAhzfFv8l7ffzb4OWPch4DODWT7EHRLPK2QcJQc14=
公钥:iLECrQQB/9Se4vrCEglMuplaDH2iB0hxQS0Ur/n2HD8=
隧道IP:10.0.0.3


1.建立 新加坡<->日本 隧道:

新加坡:
添加并设置网卡

ip link add dev wg-jp type wireguard
ip address add dev wg-jp 10.0.0.1 peer 10.0.0.2

设置配置文件(也可以使用命令行)

# To Japan 

[Interface] 
PrivateKey = ENlsrOGZcE9ph8UWxqdY2gprIfGreR1YKqZ77dHFeV0=
ListenPort = 51820

[Peer] 
PublicKey = VSHTzaD+HHeFn27IgCSu8qoZ+It3w4OL+L6Btnx6+G8=
Endpoint =  149.28.27.64:51820 
AllowedIPs = 10.0.0.0/24

最后启动网卡

wg setconf wg-jp wg-jp.conf
ip link set up dev wg-jp

日本:

ip link add dev wg-sgp type wireguard
ip address add dev wg-sgp 10.0.0.2 peer 10.0.0.1

# To SGP 

[Interface] 
PrivateKey = 0M62vb8nFrC+TOYSjYvzqD/zI3tl/uxBUlK3NWNGmW0=
ListenPort = 51820

[Peer] 
PublicKey = OrpjX4Vf7GUCoM2CC7uAEE8pJ3kWPn6Q8jh/1Z26Yy0=
Endpoint =  45.76.182.80:51820 
AllowedIPs = 10.0.0.0/24

wg setconf wg-sgp wg-sgp.conf
 ip link set up dev wg-sgp

2.建立 新加坡<->悉尼 隧道:

新加坡:
添加并设置网卡

ip link add dev wg-sydney type wireguard
ip address add dev wg-sydney 10.0.0.1 peer 10.0.0.3

设置配置文件(也可以使用命令行)

# To SYDNEY

[Interface] 
PrivateKey = ENlsrOGZcE9ph8UWxqdY2gprIfGreR1YKqZ77dHFeV0=
ListenPort = 51820

[Peer] 
PublicKey = iLECrQQB/9Se4vrCEglMuplaDH2iB0hxQS0Ur/n2HD8=
Endpoint =  108.61.213.134:51820 
AllowedIPs = 10.0.0.0/24

最后启动网卡

wg setconf wg-sydney wg-sydney.conf
ip link set up dev wg-sydney

悉尼

ip link add dev wg-sgp type wireguard
ip address add dev wg-sgp 10.0.0.3 peer 10.0.0.1

# To SGP 

[Interface] 
PrivateKey = yCrAhzfFv8l7ffzb4OWPch4DODWT7EHRLPK2QcJQc14=
ListenPort = 51820

[Peer] 
PublicKey = OrpjX4Vf7GUCoM2CC7uAEE8pJ3kWPn6Q8jh/1Z26Yy0=
Endpoint =  45.76.182.80:51820 
AllowedIPs = 10.0.0.0/24

 wg setconf wg-sgp wg-sgp.conf
 ip link set up dev wg-sgp

3.悉尼<->[新加坡]<->日本

至此,以部署完成 新加坡 分别到 日本、悉尼的隧道。接下来需要完成 【日本与悉尼经过新加坡Hub】 的互通。
需要在新加坡虚拟机开启forwarding和关闭rp_filter。
日本:

ip route add 10.0.0.3 dev wg-sgp

悉尼:

ip route add 10.0.0.2 dev wg-sgp


最后ping通即部署成功。

root@WIREGUARD-Tokyo:~# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=68.6 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=68.5 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=68.8 ms
^C
--- 10.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 68.586/68.682/68.807/0.092 ms
root@WIREGUARD-Tokyo:~# ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=63 time=239 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=63 time=237 ms
64 bytes from 10.0.0.3: icmp_seq=3 ttl=63 time=237 ms
^C
--- 10.0.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 237.553/238.262/239.329/0.767 ms

root@WIREGUARD-SGP:/etc/wireguard# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=68.5 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=68.6 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=68.5 ms

--- 10.0.0.2 ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3004ms
rtt min/avg/max/mdev = 68.559/68.590/68.626/0.027 ms
root@WIREGUARD-SGP:/etc/wireguard# ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=169 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=168 ms
64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=168 ms
64 bytes from 10.0.0.3: icmp_seq=4 ttl=64 time=168 ms
^C
--- 10.0.0.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 168.700/168.901/169.401/0.289 ms

root@WIREGUARD-Sydney:/etc/wireguard# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=168 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=169 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=168 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=168 ms
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 168.766/168.867/169.009/0.089 ms
root@WIREGUARD-Sydney:/etc/wireguard#
root@WIREGUARD-Sydney:/etc/wireguard# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=63 time=242 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=63 time=238 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=63 time=237 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=63 time=237 ms
^C
--- 10.0.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 237.550/239.144/242.865/2.220 ms