本帖最後由 张无忌 於 2025-8-18 00:25 編輯
大陆安装WireGuard using LuCI于OpenWrt 24.10.0
我们利用Windows WireGuard client configuration安装OpenWrt WireGuard。
Table 1: Windowns WireGuard client configuration- [Interface]
- PrivateKey = +FQ4fluMNSIBcnHSU/cxefZacsLzweKCwbGLfQR4XFU=
- Address = 10.1.99.2/32
- DNS = 1.1.1.1, 8.8.8.8
- [Peer]
- PublicKey = iKcWldIXIGx17xvWFZNeGIxC2RvihykAmg8soF2mJXo=
- PresharedKey = mIxePF2TZ8GJWa0nY/ZWqsYHoC5vXqrG5OkDw9eRpUM=
- AllowedIPs = 0.0.0.0/0
- Endpoint = abc.wxy.com:28303
- PersistentKeepalive = 25
1、 先备份OpenWrt configuration,然后reset OpenWrt。
2、 新安装OpenWrt的密码:
- 打开192.168.1.1,打开"Authorization Required",press "Log in";
- on the top yellow bar, click "Go to password configuration";
- 在"Router Password",在"Password"输入密码 and "Confirmation"再输入密码,press "Save";
- 在上面click "Log out"。
3、 安装 luci-proto-wireguard和其他配件:
- 在"Password"输入对应密码,Click"Log in",进入OpenWrt panel;
- "System"->"Software",点击"Update Lists",等一会接出现很多packages,有时会出现"Unable to execute opkg update command: SyntaxError: Unexpected end of JSON input",要ignore,在"System"->"Software"再refresh一下就有;
- 在"Filter:"填wireguard,在"luci-proto-wireguard"位置,然后点击"Install",弹出"Details for package luci-proto-wireguard",click "Install";
- 连同"wireguard-tools","kmod-wireguard","luci-proto-wireguard"都自动一起installed。
4、 "System"->"Reboot",在"Reboot" panel click "Perform reboot"。
5、 加入Windows WireGuard client:
- 在"Authorization Required",在"Password"输入密码;
- 在"Network"->"Interface",出现"Interface" panel;
- click "Add new interface,出现"Add new interface",在"Name" 写"wg0",在"Protocol"选"WireGuard VPN",然后click "Create interface";
- 出现"Interface >> wg0" panel,在下面"Import configuration",点击"Load configuration";
- 在"Interface >> wg0 >> Import configuration",把Table 1 cut-and-paste Windows WireGuard client填上去;press "Import settings";
- 在"Interface >> wg0",再click "Firewall Settings",在"Create / Assign firewall-zone"选"wan (wan,wan6)";
- click "Peers",选"Edit",在"Route Allowed IPs"打勾,最后click "Save";
- 出现"Interface >> wg0",press "Save"。
6、 改动wan interface [1],在大陆需要改,如果在香港可以ignore:
- 出现"OpenWrt" panel,在"wan"右手面,click "Edit";
- 在"Interface >> wan", click "Advanced Settings",untick "Use DNS servers advertised by peer",弹出"Use custom DNS servers",填入"1.1.1.1" and "8.8.8.8",然后"Save"。
7、 出现"OpenWrt" panel, "Save & Apply"。
8、 如果查看Google网页不正常,就"System"->"Reboot",在"Reboot" panel click "Perform reboot"。
安装WireGuard后,从新打开Chrome browser时可以,再打开YouTube and WhatsApp都能正常观看。
本人第一次在OpenWrt写application,以前在2010年接触过OpenWrt就没用,改用MikroTik RouterOS,现在用OpenWrt时很多地方都不太会,希望大家包涵。
Reference:
[1] 在WAN interface加入DNS "1.1.1.1" and "8.8.8.8"。如果不加,在大陆连香港WireGuard后,打不开YouTube and WhatsApp。大家可以参https://www.reddit.com/r/openwrt ... dns_on_openwrt_and/,文章中作者"el_jbase"提及"It's not the right way to do it. You should go to Network -> Interfaces -> Wan -> Edit -> Advanced Settings. There untick the "Use DNS servers advertised by peer" and enter your DNS server IPs. After you Apply, your device will reboot, and then on the Main page you should see your new DNS settings."。
Notes:
1. https://dnsleaktest.com用Extended test找出DNS是否干净。
2. Wireguard Client Configuration | Openwrt | 2024
3. 现在用luci-proto-wireguard做,有点不惯,将来我来会用Linux console CLI做。
4. 在上面Item 6,一大早开积发现wg0不能工作,现把interface disabled,再reboot,待正常后,再enable interface wg0就可以正常,要花时间找出原因。("System"->"Startup"->"network"->"Restart"可以快速解决)
5. 三个packages "luci-proto-wireguard", "kmod-wireguard", "wireguard-tools",在"luci-proto-wireguard"安装会其余两个都一起安好。
目录帖子GL.iNet and OpenWrt Contents |
簡體版
訂閱頻道
訂閱電子報
發表於 2025-4-8 13:36
| 
