说明

1. zerotier网络1，网段 192.168.88.0/24，添加路由192.168.99.0/24 > 192.168.88.254
2. zerotier网络2，网段 192.168.99.0/24，添加路由192.168.88.0/24 > 192.168.99.254

搭建wireguard

安装

sudo apt install wireguard

配置环境

echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

生成密钥

wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
cat publickey

服务端配置

zerotier网络ip微192.168.99.254，编辑/etc/wireguard/wg0.conf

Address = 10.0.20.10/24
MTU = 1420
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ztbuahbova -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ztbuahbova -j MASQUERADE
ListenPort = 28721
PrivateKey = <PrivateKey>

[Peer]
PublicKey = <192.168.88.254的PublicKey>
PresharedKey = <可选PresharedKey>
AllowedIPs = 192.168.88.0/24,10.0.20.11/32

客户端配置

zerotier网络ip微192.168.88.254，编辑/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.20.11/24
MTU = 1420
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ztfr4475ka -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ztfr4475ka -j MASQUERADE
PrivateKey = <PrivateKey>

[Peer]
PublicKey = <192.168.99.254的PublicKey>
PresharedKey = <可选PresharedKey>
AllowedIPs = 192.168.99.0/24,10.0.20.10/32
Endpoint = <服务端公网ip>:28721
PersistentKeepalive = 20

启动服务

systemctl enable wg-quick@wg0
systemctl restart wg-quick@wg0