2025年1月

VPS

生成服务端公私钥
apt install wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
编写配置文件
cd /etc/wireguard
vim wg0.conf

[Interface]
PrivateKey = 服务生成的私钥
Address = 10.100.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; 
PostUp = iptables -A FORWARD -o %i -j ACCEPT; 
PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT;
PostDown = iptables -D FORWARD -o %i -j ACCEPT; 
PostDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
ListenPort = 51820

[Peer]
PublicKey = 客户端公钥
AllowedIPs = 10.100.0.2/32
PersistentKeepalive = 15

systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0.service
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

iptables转发端口

iptables -t nat -A PREROUTING -p tcp --dport 50022 -j DNAT --to-destination 10.100.0.2:22
iptables -t nat -A POSTROUTING -p tcp -d 10.100.0.2 --dport 22 -j SNAT --to-source 服务器自己公网IP
iptables-save > /etc/iptables/rules.v4

客户端

生成客户端公私钥
apt install wireguard
cd /etc/wireguard
wg genkey | tee privatekey | wg pubkey > publickey
编写配置文件
cd /etc/wireguard
vim wg0.conf
[Interface]
PrivateKey = 客户端生成的私钥
Address = 10.100.0.2/24

[Peer]
PublicKey = 服务端公钥
Endpoint = 服务器自己公网IP:51820
AllowedIPs = 10.100.0.0/24
PersistentKeepalive = 15
systemctl enable wg-quick@wg0.service
systemctl start wg-quick@wg0.service

系统中又存在NetworkManager又存在systemd-networkd两个网络管理系统,冲突,关闭一个

systemctl stop NetworkManager
systemctl disable NetworkManager
root@cyber-aib:~/android_docker# brctl show
bridge name    bridge id        STP enabled    interfaces
docker0        8000.5ebab53304ca    no

发现interfaces为空,所以手动

root@cyber-aib:~/android_docker# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2e:42:2f:7e:37:0b brd ff:ff:ff:ff:ff:ff
    altname enP4p65s0
    inet 192.168.2.118/24 metric 100 brd 192.168.2.255 scope global dynamic eth0
       valid_lft 77250sec preferred_lft 77250sec
    inet6 fe80::2c42:2fff:fe7e:370b/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether de:2d:49:53:8e:e4 brd ff:ff:ff:ff:ff:ff
    altname enP3p49s0
20: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 5e:ba:b5:33:04:ca brd ff:ff:ff:ff:ff:ff
    inet 172.17.10.1/24 brd 172.17.10.255 scope global docker0
       valid_lft forever preferred_lft forever
22: vethfa386c9@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 5e:ba:23:97:5c:97 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::5cba:23ff:fe97:5c97/64 scope link 
       valid_lft forever preferred_lft forever
       
//下面这行是关键
root@cyber-aib:~/android_docker# sudo ip link set vethfa386c9 master docker0
//或者brctl addif docker0 vethfa386c9

root@cyber-aib:~/android_docker# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2e:42:2f:7e:37:0b brd ff:ff:ff:ff:ff:ff
    altname enP4p65s0
    inet 192.168.2.118/24 metric 100 brd 192.168.2.255 scope global dynamic eth0
       valid_lft 77226sec preferred_lft 77226sec
    inet6 fe80::2c42:2fff:fe7e:370b/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether de:2d:49:53:8e:e4 brd ff:ff:ff:ff:ff:ff
    altname enP3p49s0
20: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5e:ba:b5:33:04:ca brd ff:ff:ff:ff:ff:ff
    inet 172.17.10.1/24 brd 172.17.10.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::5cba:b5ff:fe33:4ca/64 scope link 
       valid_lft forever preferred_lft forever
22: vethfa386c9@if21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 5e:ba:23:97:5c:97 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::5cba:23ff:fe97:5c97/64 scope link 
       valid_lft forever preferred_lft forever

执行完后发现docker0状态原来为DOWN的立马UP起来了

service docker stop  
ip link set dev docker0 down  
brctl delbr docker0  
iptables -t nat -F POSTROUTING  


brctl addbr docker0  
ip addr add 172.17.10.1/24 dev docker0  
ip link set dev docker0 up  

vim /etc/docker/daemon.json
{
  "insecure-registries":["x.x.x"],
  "bip": "172.17.10.1/24"
} 


systemctl  restart  docker

活了。