{"id":24,"date":"2024-11-20T23:02:09","date_gmt":"2024-11-20T15:02:09","guid":{"rendered":"https:\/\/0x0.pub\/?p=24"},"modified":"2025-08-05T19:32:20","modified_gmt":"2025-08-05T11:32:20","slug":"%e6%b5%8b%e8%af%95","status":"publish","type":"post","link":"https:\/\/0x0.pub\/?p=24","title":{"rendered":"Wireguard+OSPF\u591a\u5730\u5185\u7f51\u4e92\u8054"},"content":{"rendered":"\n

\u62d3\u6251<\/strong><\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u5b9e\u73b0\u591a\u5730\u5185\u7f51IPv4\/6\u4e92\u8054\uff0c\u901a\u8fc7OSPF\u7ef4\u62a4\u52a8\u6001\u8def\u7531\u8868\u53ef\u5f62\u6210\u5907\u7528\u8def\u5f84\uff0c\u5e76\u5728VPS-B\u548cOpenwrt-A\u5f00\u542f2\u4e2a\u670d\u52a1\u7aef\u53e3\u7528\u4e8e\u5916\u90e8\u7ec8\u7aef\u7684\u63a5\u5165\u3002<\/strong><\/pre>\n\n\n\n
\n
\n
\u51c6\u5907\u5de5\u4f5c<\/strong><\/h2>\n<\/div>\n<\/div>\n\n\n\n
Linux \u5f00\u542fipv4\/6\u8f6c\u53d1<\/strong><\/h3>\n\n\n\n
\n
#vi \/etc\/sysctl.conf\nnet.ipv4.ip_forward = 1      #\u542f\u7528ipv4\u8f6c\u53d1\nnet.ipv6.conf.all.forwarding = 1 #\u542f\u7528ipv6\u8f6c\u53d1\n#sysctl -p  #\u7acb\u5373\u751f\u6548<\/code><\/pre>\n<\/div>\n\n\n\n
\u5b89\u88c5wireguard #\u642d\u5efaVPN\u96a7\u9053<\/strong><\/h3>\n\n\n\n
Linux\u5b89\u88c5Wireguard  https:\/\/www.wireguard.com\/install\/<\/a>
Openwrt\u5b89\u88c5wireguard https:\/\/openwrt.org\/docs\/guide-user\/services\/vpn\/wireguard\/<\/a><\/pre>\n\n\n\n
\u5b89\u88c5bird2 #\u8fd0\u884cOSPF \u52a8\u6001\u8def\u7531\u534f\u8bae<\/strong><\/h3>\n\n\n\n
Centos<\/p>\n\n\n\n
#yum install bird2<\/code><\/code><\/pre>\n\n\n\n
Openwrt<\/p>\n\n\n\n
#opkg update<\/code>\n#opkg install bird2 bird2c bird2cl<\/code><\/code><\/pre>\n\n\n\n
\u914d\u7f6e\u9632\u706b\u5899\u4e0e\u63a5\u53e3\u548c\u670d\u52a1\u81ea\u542f<\/strong><\/h3>\n\n\n\n
1.openwrt \u5efa\u7acbwg\u533a\u57df\uff0cwg\u63a5\u53e3\u52a0\u5165wg\u533a\u57df\uff0c\u5141\u8bb8wg\u5230lan\u533a\u57df\u53cc\u5411\u7684in\/out\/forward\u3002\n2.Linux wg\u63a5\u53e3\u4e0a\u914d\u7f6ePostUP\/DOWN\u5b9e\u73b0iptables \u6d41\u91cf\u8f6c\u53d1\uff0c\u65e0\u9700\u5355\u72ec\u4fee\u6539\u9632\u706b\u5899\n3.wg\u63a5\u53e3\u81ea\u542f\uff0copenwrt\u9ed8\u8ba4\u81ea\u542f\uff0cLinux #systemctl enable wg-quick@wg0<\/code>\n4.bird\u670d\u52a1\u81ea\u542f\uff0copenwrt\u9ed8\u8ba4\u81ea\u542f\uff0cLinux #systemctl enable bird<\/code><\/pre>\n\n\n\n
\u6ce8\u610f\u9879<\/strong><\/h3>\n\n\n\n
1.\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8c03\u6574OSPF\u63a5\u53e3cost\u503c\u3002\n2.\u96a7\u9053\u5185\u5141\u8bb8\u6240\u6709\u8bbe\u5907\u4e92\u8054\u7f51\u6bb5\u548c\u5185\u7f51\u6bb5\u3002\n3.\u96a7\u9053\u5141\u5185\u8bb8ipv4\/6 ospf\u7ec4\u64ad\u5730\u5740 224.0.0.5\/6 ff02::5\/6\n4.\u96a7\u9053\u5185\u5141\u8bb8fe80::\u672c\u5730\u94fe\u8def\u5730\u5740\n5.OSPF\u914d\u7f6ewg\u63a5\u53e3\u7c7b\u578b\u4e3aptp\n<\/pre>\n\n\n\n
\n
\n
\u7ef4\u62a4\u7ba1\u7406<\/strong><\/h2>\n<\/div>\n<\/div>\n\n\n\n
Bird\u547d\u4ee4<\/strong><\/h3>\n\n\n\n
1.bird -c \/etc\/bird.conf #\u6307\u5b9a\u8fd0\u884c\u914d\u7f6e\u6587\u4ef6\n2.\u8fdb\u5165bird\u547d\u4ee4\u884c  #birdc\n3.\u67e5\u770bospf\u8fdb\u7a0b\u72b6\u6001 >show ospf\n4.\u67e5\u770bospf\u63a5\u53e3\u72b6\u6001 >show ospf int\n5.\u67e5\u770bospf\u90bb\u5c45\u72b6\u6001 >show ospf nei\n6.\u66f4\u65b0bird\u914d\u7f6e\u6587\u4ef6 >config\n<\/pre>\n\n\n\n
Wigreguard \u547d\u4ee4<\/strong><\/h3>\n\n\n\n
1.\u914d\u7f6e\u6587\u4ef6 \/etc\/wireguard\/wg*.conf
2.wg\u751f\u6210\u5bc6\u94a5\u5bf9 #wg genkey | tee \/etc\/wireguard\/A_privatekey | wg pubkey > \/etc\/wireguard\/A_publickey
3.wg\u751f\u6210\u9884\u5171\u4eab\u5bc6\u94a5 #wg genpsk > \/etc\/wireguard\/preshared_key
4.wg\u63a5\u53e3\u72b6\u6001\u67e5\u770b #wg
5.wg\u63a5\u53e3\u542f\u52a8\u548c\u5173\u95ed #wg-quick up\/down wg*
6.\u65b0\u589ewg\u63a5\u53e3\u548c\u6307\u5b9a\u914d\u7f6e\u6587\u4ef6
# ip link add dev wg1 type wireguard
#wg setconf wg1 \/etc\/wireguard\/wg1.conf

<\/pre>\n\n\n\n
\u914d\u7f6e\u6587\u4ef6<\/strong><\/h2>\n\n\n\n
Openwrt-A<\/strong><\/h3>\n\n\n\n
\/etc\/config\/network    #wireguard \u914d\u7f6e<\/mark><\/strong>\n<\/em>\t\nconfig interface 'wg0'               #\u63a5\u53e3\u540d\u79f0\n\toption proto 'wireguard'     #\u63a5\u53e3\u534f\u8bae\n\toption private_key 'xxx'     #\u672c\u63a5\u53e3\u79c1\u94a5\n\toption listen_port 'xx'      #\u670d\u52a1\u7aef\u53e3\n\toption nohostroute '1'       #\u65e0\u4e3b\u673a\u8def\u7531\n\tlist addresses '10.10.100.1\/30' #\u63a5\u53e3IPv4\n\tlist addresses 'fd00::1\/126'    #\u63a5\u53e3IPv6\n\tlist addresses 'fe80::1\/126'    #\u63a5\u53e3LLA\n\t\nconfig wireguard_wg0\n\toption description 'Openwrt-B' #\u5bf9\u7aef\u7684\u63cf\u8ff0\n\toption public_key 'xxx'      #\u5bf9\u7aef\u7684\u516c\u94a5\n\toption preshared_key 'xxx'   #\u4e0e\u5bf9\u7aef\u7684\u9884\u5171\u4eab\u5bc6\u94a5\n\toption persistent_keepalive '25'  #\u4fdd\u6d3b\u65f6\u95f4\u79d2\n\toption private_key 'xxx'          #\u5bf9\u7aef\u79c1\u94a5\/\u53ef\u9009\n        \n        #\u5141\u8bb8\u4eceOpenwrt-B\u5bf9\u7aef\u8fc7\u6765\u7684IP\u6d41\u91cf\n\tlist allowed_ips '10.10.100.0\/24' #IPv4\u4e92\u8054\u5730\u5740\n\tlist allowed_ips '10.10.0.0\/23'   #\u5141\u8bb8A\u7684\u5185\u7f51\u6bb5\n\tlist allowed_ips '10.10.10.0\/24'  #\u5141\u8bb8B\u7684\u5185\u7f51\u6bb5\n\tlist allowed_ips '224.0.0.4\/30'   #OSPF2\u7ec4\u64ad\u5730\u5740\n\tlist allowed_ips 'ff02::4\/126'    #OSPF3\u7ec4\u64ad\u5730\u5740\n\tlist allowed_ips 'fd00::\/120'     #IPv6\u4e92\u8054\u5730\u5740\n\tlist allowed_ips 'fe80::\/126'     #IPv6 LLA\u5730\u5740\n\t\nconfig interface 'wg1'\n\toption proto 'wireguard'\n\toption private_key 'xxx'\n\tlist addresses '10.10.100.14\/30'\n\tlist addresses 'fd00::e\/126'\n\tlist addresses 'fe80::e\/126'\n\t\nconfig wireguard_wg1\n\toption description 'VPS-A'\n\toption public_key 'xxx'\n\toption preshared_key 'xxx'\n\toption endpoint_host 'x.x.x.x'    #\u5bf9\u7aef\u516c\u7f51IP\n\toption endpoint_port 'xxxx'       #\u5bf9\u7aef\u670d\u52a1\u7aef\u53e3\n\toption persistent_keepalive '25'\n\tlist allowed_ips '10.10.100.0\/24'\n\tlist allowed_ips '10.10.0.0\/23'\n\tlist allowed_ips '10.10.10.0\/24'\n\tlist allowed_ips '224.0.0.4\/30'\n\tlist allowed_ips 'ff02::4\/126'\n\tlist allowed_ips 'fe80::c\/126'\n\tlist allowed_ips 'fd00::\/120'\n\t\nconfig interface 'wg2'                #\u5916\u90e8\u7ec8\u7aef\u63a5\u5165\u53e3\n\toption proto 'wireguard'\n\toption private_key 'xxx'\n\toption listen_port 'xxxx'\n\tlist addresses '10.10.100.193\/27' #\u63a5\u53e3IP\n\t\n#\u5916\u90e8\u7ec8\u7aef\u63a5\u5165\u914d\u7f6e\uff0c\u5199\u591a\u4e2aPeer\u4e0d\u540c\u516c\u94a5\u548c\u5141\u8bb8\u5bf9\u5e94IP\u5730\u5740\/32\u3002\nconfig wireguard_wg2 \n        option description 'PC'  \n\toption public_key 'xxx'\n\toption preshared_key 'xxx'   \n\tlist allowed_ips '10.10.100.194\/32'\n\n\n\/etc\/config\/firewall    #\u9632\u706b\u5899\u914d\u7f6e<\/mark><\/strong>\n<\/mark>\t\nconfig defaults  #\u9ed8\u8ba4\u7b56\u7565\n\t        option input 'ACCEPT'\n\t        option output 'ACCEPT'\n\t        option forward 'REJECT'\n\t   \nconfig zone      #lan\u533a\u57dfin\/out\/forward\u5168\u90e8\u5141\u8bb8\n\t        option name 'lan'\n\t        option input 'ACCEPT'\n\t        option output 'ACCEPT'\n\t        option forward 'ACCEPT'\n\t        list network 'lan'\n\t  \nconfig zone      #wg\u533a\u57dfin\/out\/forward\u5168\u90e8\u5141\u8bb8\n\t        option name 'wg'\n\t        option input 'ACCEPT'\n\t        option output 'ACCEPT'\n\t        option forward 'ACCEPT'\n\t        list network 'wg0'   #wg\u63a5\u53e3\u52a0\u5165wg\u533a\u57df\n\t        list network 'wg1'\n\t        list network 'wg2'\n\t\nconfig forwarding   #\u8f6c\u53d1\u914d\u7f6e wg to lan\n\t        option src 'wg'\n\t        option dest 'lan'\n\t\nconfig forwarding   #\u8f6c\u53d1\u914d\u7f6e lan to wg\n\t        option src 'lan'\n\t        option dest 'wg'\n\t         \n\n\/etc\/bird.conf    #bird OSPF\u914d\u7f6e<\/mark><\/strong>\n<\/mark>\nlog syslog all;\t\nrouter id 10.10.1.200;   #router ID\nprotocol device {\n\t         scan time 10;\n\t                        }\n\nprotocol direct {\n\t        disabled;\n\t        ipv4;\n\t        ipv6;\n\nprotocol kernel kernel4 {\n\t        ipv4 {\n\t                export all;\n\t        };\n\t}\n\nprotocol kernel kernel6 {\n\t        ipv6 {\n\t                export all;\n\t        };\n\t}\n\nprotocol static {\n\t        ipv4;\n#route 10.8.0.0\/24 via 10.10.0.1; #\u53d1\u5e03\u4e00\u6761\u9759\u6001\u8def\u7531\n\t}\n\n#OSPF V2\u914d\u7f6e\nprotocol ospf v2 ospf4 {\n\t        ipv4 {\n\t           import all;\n\t           export where source = RTS_STATIC;\n\t        };\n\t\n\tarea 0 {\n\t        interface \"wg0\" {\n\t              type ptp;    #\u63a5\u53e3\u7c7b\u578b\u4e3aptp\n                       cost 20;    #\u63a5\u53e3\u5f00\u950020\n                       hello 5;    #hello\u65f6\u95f45s\n\t                };\n\n\t        interface \"wg1\" {\t                                                                                                         \n\t              type ptp;    #\u63a5\u53e3\u7c7b\u578b\u4e3aptp\n                       cost 20;    #\u63a5\u53e3\u5f00\u950020\n                       hello 5;    #hello\u65f6\u95f45s\n\t                };\n\t\n\t      interface \"br-lan\" {  #lan\u53e3\u5f00\u542fospf\n                                   \n\t                             };\n\t\n\t      interface \"wg2\" {  #\u63a5\u5165\u7ec8\u7aef\u7684\u63a5\u53e3\n\t             type ptp;\n\t                          };\n\t        };\n\t}\n\t\n#OSPF V3\u914d\u7f6e\nprotocol ospf v3 {\n\t          ipv6 {\n\t            import all;\n\t            export where source = RTS_STATIC;\n\t        };\n\t        area 0 {\n\t                interface \"wg0\" {\n\t                        type ptp;\n\t                        cost 20;\n\t                        hello 5;\n\t                };\n\t               \n\t                interface \"wg1\" {\n\t                       type ptp;\n\t                      cost 100;\n\t                       hello 5;\n\t                };\n\t        };\n\t}<\/code><\/pre>\n\n\n\n
Openwrt-B<\/strong><\/h3>\n\n\n\n
\/etc\/config\/network  #wireguard\u914d\u7f6e<\/mark><\/strong>\n\t\nconfig interface 'wg0'\n\toption proto 'wireguard'\n\toption private_key 'xxx'\n\toption nohostroute '1'\n\tlist addresses '10.10.100.2\/30'\n\tlist addresses 'fd00::2\/126'\n\tlist addresses 'fe80::2\/126'\n\t\nconfig wireguard_wg0\n\toption preshared_key 'xxx'\n\toption persistent_keepalive '25'\n\toption endpoint_port xxxx'\n\toption public_key xxx'\n\toption private_key 'xxx'\n\toption endpoint_host 'x.x.x.x'\n\toption description 'Openwrt-A'\n\tlist allowed_ips '10.10.100.0\/24'\n\tlist allowed_ips '10.10.10.0\/24'\n\tlist allowed_ips '10.10.0.0\/23'\n\tlist allowed_ips '224.0.0.4\/30'\n\tlist allowed_ips 'ff02::4\/126'\n\tlist allowed_ips 'fe80::\/126'\n\tlist allowed_ips 'fd00::\/120'\n\t\nconfig interface 'wg1'\n\toption proto 'wireguard'\n\toption private_key 'xxx'\n\toption nohostroute '1'\n\tlist addresses '10.10.100.5\/30'\n\tlist addresses 'fd00::5\/126'\n\tlist addresses 'fe80::5\/126'\n\t\nconfig wireguard_wg1\n\toption description 'VPS-B'\n\toption public_key 'xxx'\n\toption preshared_key 'xxx'\n\toption endpoint_host 'x.x.x.x'\n\toption persistent_keepalive '25'\n\tlist allowed_ips '10.10.100.0\/24'\n\tlist allowed_ips '10.10.0.0\/23'\n\tlist allowed_ips '10.10.10.0\/24'\n\tlist allowed_ips '224.0.0.4\/30'\n\tlist allowed_ips 'ff02::4\/126'\n\tlist allowed_ips 'fe80::4\/126'\n\tlist allowed_ips 'fd00::\/120'\n\toption endpoint_port 'xxxx'\n\t\n\t\n\/etc\/config\/firewall    #\u914d\u7f6e\u9632\u706b\u5899<\/mark><\/strong>\n\t\nconfig defaults\n\toption input 'ACCEPT'\n\toption output 'ACCEPT'\n\toption forward 'REJECT'\n\t\nconfig zone\n\toption name 'lan'\n\toption input 'ACCEPT'\n\toption output 'ACCEPT'\n\toption forward 'ACCEPT'\n\tlist network 'lan'\n\t\nconfig zone\n\toption name 'wg'\n\toption input 'ACCEPT'\n\toption output 'ACCEPT'\n\toption forward 'ACCEPT'\n\tlist network 'wg0'\n\tlist network 'wg1'\n\t\nconfig forwarding\n\toption src 'lan'\n\toption dest 'wg'\n\t\nconfig forwarding\n\toption src 'wg'\n\toption dest 'lan'\n\t\n\t\n\/etc\/bird.conf    #bird OSPF\u914d\u7f6e<\/mark><\/strong>\n\t\nlog syslog all;\nrouter id 10.10.10.1;\nprotocol device {\n\t        scan time 10;\n\t                        }\n\t\nprotocol direct {\n\t        disabled; \n\t        ipv4; \n\t        ipv6; \n\t}\n\t\nprotocol kernel kernel4 {\n\t        ipv4 {\n\t              export all;\n\t        };\n\t}\n\t\nprotocol kernel kernel6 {\n\t        ipv6 {\n\t              export all;\n\t        };\n\t}\n\t\nprotocol ospf v2 ospf4 {\n\t        ipv4 {\n\t                import all;\n\t                export where source = RTS_STATIC;\n\t        };\n\t\n\t        area 0 {\n\t\n\t         interface \"wg0\" {\n\t              type ptp;\n                       cost 20;\n                       hello 5;\n\t                };\n\n\t        interface \"wg1\" {\t                                                                                                         \n\t              type ptp;\n                       cost 20;\n                       hello 5;\n\t                };\n\n\t        interface \"br-lan\" {\n\t                };\n\t        };\n\t}\n\t\t\nprotocol ospf v3 {\n\t        ipv6 {\n\t                import all;\n\t                export where source = RTS_STATIC;\n\t        };\n\t        area 0 {\n\t                interface \"wg0\" {\n\t                        type ptp; \n\t                        cost 20; \n\t                        hello 5; \n\t                };\n\t\n\t                interface \"wg1\" {\n\t                        type ptp; \n\t                        cost 20; \n\t                        hello 5; \n\t                };\n\t        };\n\t}<\/code><\/pre>\n\n\n\n
VPS-B<\/strong><\/h3>\n\n\n\n
\/etc\/wireguard\/wg0.conf    #wg0\u914d\u7f6e\u6587\u4ef6<\/mark><\/strong>\n\t\n[Interface]\nAddress = 10.10.100.9\/30,fd00::9\/126,fe80::9\/126  #\u63a5\u53e3ip\nDNS = 8.8.8.8\nPostUP = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT    #\u66f4\u65b0\u6dfb\u52a0\u9632\u706b\u5899\u7b56\u7565\nPostDOWN = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT    #\u66f4\u65b0\u5220\u9664\u9632\u706b\u5899\u7b56\u7565\nPrivateKey = xxx    #\u672c\u7aef\u79c1\u94a5\nMTU = 1420          #\u94fe\u8defMTU\nTable = off         #\u5173\u95ed\u81ea\u52a8\u6dfb\u52a0\u8def\u7531\u8868,OSPF\u7ef4\u62a4\u8def\u7531\u8868\n\n#Name = VPS-A\t    #\u63cf\u8ff0\u5bf9\u7aef\u540d\u79f0\n[Peer]              #\u4e00\u4e2a\u5bf9\u7aef\u6a21\u5757\nPublickey = xxx     #\u6b64\u5bf9\u7aef\u7684\u516c\u94a5\nPresharedkey = xxx  #\u4e0e\u6b64\u5bf9\u7aef\u7684\u9884\u5171\u4eab\u5bc6\u94a5\nAllowedIPs = 10.10.100.0\/24,10.10.0.0\/23,10.10.10.0\/24,224.0.0.4\/30,fd00::\/120,fe80::8\/126,ff02::4\/126    #\u6b64\u96a7\u9053\u5141\u8bb8\u7684IP\u6d41\u91cf\nEndpoint = x.x.x.x:xxxx    #\u5bf9\u7aef\u7684\u670d\u52a1IP\u548c\u7aef\u53e3\nPersistentKeepAlive = 25   #\u4fdd\u6d3b\u65f6\u95f4\n\t\n\t\n\/etc\/wireguard\/wg1.conf    #wg1\u914d\u7f6e\u6587\u4ef6<\/mark><\/strong>\n\t\n[Interface]\nAddress = 10.10.100.6\/30,fd00::6\/126,fe80::6\/126\nDNS = 8.8.8.8\nPostUP = iptables -A FORWARD -i wg1 -j ACCEPT; iptables -A FORWARD -o wg1 -j ACCEPT;ip6tables -A FORWARD -i wg1 -j ACCEPT; ip6tables -A FORWARD -o wg1 -j ACCEPT\nPostDOWN = iptables -D FORWARD -i wg1 -j ACCEPT; iptables -D FORWARD -o wg1 -j ACCEPT;ip6tables -D FORWARD -i wg1 -j ACCEPT; ip6tables -D FORWARD -o wg1 -j ACCEPT\nPrivateKey = xxx\nListenPort = xxxx    #\u670d\u52a1\u76d1\u542c\u7aef\u53e3\nMTU = 1420\nTable = off\n\n#Name = Openwrt-B\t\n[Peer]\nPublickey = xxx\nPresharedkey = xxx\nAllowedIPs = 10.10.100.0\/24,10.10.0.0\/23,10.10.10.0\/24,224.0.0.4\/30,fd00::\/120,fe80::4\/126,ff02::4\/126\nPersistentKeepalive = 25\n\t\n\t\n\/etc\/wireguard\/wg2.conf    #wg2\u914d\u7f6e\u6587\u4ef6<\/mark><\/strong>\n\t\n[Interface]\nAddress = 10.10.100.225\/27\nDNS = 8.8.8.8\nPostUP = iptables -A FORWARD -i wg2 -j ACCEPT; iptables -A FORWARD -o wg2 -j ACCEPT;ip6tables -A FORWARD -i wg2 -j ACCEPT; ip6tables -A FORWARD -o wg2 -j ACCEPT\nPostDOWN = iptables -D FORWARD -i wg2 -j ACCEPT; iptables -D FORWARD -o wg2 -j ACCEPT;ip6tables -D FORWARD -i wg2 -j ACCEPT; ip6tables -D FORWARD -o wg2 -j ACCEPT\nPrivateKey = xxx\nMTU = 1420\nListenPort = xxxx\nTable = off\n\t\n[Peer]\n#Name = Laptop\nPublickey = xxx\nPresharedkey = xxx\nAllowedIPs = 10.10.100.226\/27\nPersistentKeepAlive = 25\n\n\t\n\/etc\/bird.conf    #bird OSPF\u914d\u7f6e<\/mark><\/strong>\n\t\nlog syslog all;\nrouter id 10.10.100.9;\nprotocol device {\n\t         scan time 10;\n\t}\n\t\nprotocol direct {\n\t        disabled; \n\t        ipv4; \n\t        ipv6;\n\t}\n\t\nprotocol kernel {\n\t        ipv4 { \n\t              export all;\n\t        };\n\t}\n\t\nprotocol kernel {\n\t        ipv6 { export all; };\n\t}\n\t\nprotocol static {\n\t        ipv4;\n\t}\n\t\nprotocol static {\n\t        ipv6;\n\t}\n\t\n# OSPF, both OSPFv2 and OSPFv3 are supported\nprotocol ospf v2 {\n\t        ipv4 {\n\t                import all;\n\t                export where source = RTS_STATIC;\n\t        };\n\t        area 0 {\n\t                interface \"wg0\" {\n\t                        type ptp; \n\t                        cost 10;\n\t                        hello 5;\n\t                };\n\t\n\t                interface \"wg1\" {\n\t                        type ptp;\n\t                        cost 100;\n\t                        hello 5; \n\t              };\n\t\n\t                interface \"wg2\" {\n\t\n\t                        type ptp; #\u7ec8\u7aef\u63a5\u5165\u7684\u63a5\u53e3\n\t                };\n\t        };\n\t}\n\t\nprotocol ospf v3{\n\t        ipv6 {\n\t                import all;\n\t                export where source = RTS_STATIC;\n\t        };\n\t        area 0 {\n\t                interface \"wg0\" {\n\t                        type ptp; \n\t                        cost 10; \n\t                        hello 5; \n\t                };\n\t\n\t                interface \"wg1\" {\n\t\n\t                        type ptp; \n\t                        cost 100;\n\t                        hello 5; \n\t                };\n\t        };\n\t}<\/code><\/pre>\n\n\n\n
VPS-A<\/strong><\/h3>\n\n\n\n
\/etc\/wireguard\/wg0.conf    #wg0\u914d\u7f6e\u6587\u4ef6<\/mark><\/strong>\n\t\n[Interface]\nAddress = 10.10.100.10\/30,fd00::a\/126,fe80::a\/126\nDNS = 8.8.8.8\nPostUP = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -A FORWARD -o wg0 -j ACCEPT\nPostDOWN = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT;ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT\nPrivateKey = xxx\nListenPort = xxxx\nMTU = 1420\nTable = off\n\t\n[Peer]\n#Name = VPS-B\nPublickey = xxx\nPresharedkey = xxx\nAllowedIPs = 10.10.100.0\/24,10.10.0.0\/23,10.10.10.0\/24,224.0.0.4\/30,fd00::\/120,fe80::8\/126,ff02::4\/126\nPersistentKeepAlive = 25\n\t\n\t\n\/etc\/wireguard\/wg1.conf    #wg1\u914d\u7f6e\u6587\u4ef6<\/mark><\/strong>\n\t\n[Interface]\nAddress = 10.10.100.13\/30,fd00::d\/126,fe80::d\/126\nDNS = 8.8.8.8\nPostUP = iptables -A FORWARD -i wg1 -j ACCEPT; iptables -A FORWARD -o wg1 -j ACCEPT;ip6tables -A FORWARD -i wg1 -j ACCEPT; ip6tables -A FORWARD -o wg1 -j ACCEPT\nPostDOWN = iptables -D FORWARD -i wg1 -j ACCEPT; iptables -D FORWARD -o wg1 -j ACCEPT;ip6tables -D FORWARD -i wg1 -j ACCEPT; ip6tables -D FORWARD -o wg1 -j ACCEPT\nPrivateKey = xxx\nListenPort = xxxx\nMTU = 1420\nTable = off\n\t\n[Peer]\n#Name = Openwrt-A\nPublickey = xxx\nPresharedkey = xxx\nAllowedIPs = 10.10.100.0\/24,10.10.0.0\/23,10.10.10.0\/24,224.0.0.4\/30,fd00::\/120,fe80::c\/126,ff02::4\/126\nPersistentKeepalive = 25\n\t\n\t\n\/etc\/bird.conf    #bird OSPF\u914d\u7f6e<\/mark><\/strong>\n\t\nlog syslog all;\nrouter id 10.10.100.13;\nprotocol device {\n\t          scan time 10;\n\t}\n\t\nprotocol direct {\n\t        disabled; \n\t        ipv4;\n\t        ipv6;\n\t}\n\t\nprotocol kernel {\n\t        ipv4 { \n\t              export all;\n\t        };\n\t}\n\t\nprotocol kernel {\n\t        ipv6 { export all; };\n\t}\n\t\nprotocol static {\n\t        ipv4; \n\t}\n\t\n# OSPF, both OSPFv2 and OSPFv3 are supported\nprotocol ospf v2 {\n\t        ipv4 {\n\t                import all;\n\t                export where source = RTS_STATIC;\n\t        };\n\t        area 0 {\n\t                interface \"wg0\" {\n\t                        type ptp;\n\t                        cost 10;\n\t                        hello 5;\n\t                };\n\t\n\t                interface \"wg1\" {\n\t                        type ptp; \n\t                        cost 100; \n\t                        hello 5; \n\t                };\n\t\n\t\n\t        };\n\t}\n\t\nprotocol ospf v3 {\n\t        ipv6 {\n\t                import all;\n\t                export where source = RTS_STATIC;\n\t        };\n\t        area 0 {\n\t                interface \"wg0\" {\n\t                        type ptp;\n\t                        cost 10;\n\t                        hello 5;\n\t                };\n\t\n\t                interface \"wg1\" {\n\t                        type ptp;\n\t                        cost 100;\n\t                        hello 5;\n\t                };\n\t        };\n\t}<\/code><\/pre>\n\n\n\n
\u7ed3\u679c\u9a8c\u8bc1<\/strong><\/h2>\n\n\n\n
VPS-A<\/strong><\/h3>\n\n\n\n
\"\"<\/figure>\n\n\n\n
VPS-B<\/strong><\/h3>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Openwrt-A<\/strong><\/h3>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Openwrt-B<\/strong><\/h3>\n\n\n\n
\"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
Wireguard+OSPF\u591a\u5730\u5185\u7f51\u4e92\u8054\u4e0e\u5916\u90e8\u7ec8\u7aef\u63a5\u5165<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[11,10,9],"class_list":["post-24","post","type-post","status-publish","format-standard","hentry","category-study","tag-bird","tag-ospf","tag-wireguard"],"_links":{"self":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts\/24","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24"}],"version-history":[{"count":38,"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts\/24\/revisions"}],"predecessor-version":[{"id":315,"href":"https:\/\/0x0.pub\/index.php?rest_route=\/wp\/v2\/posts\/24\/revisions\/315"}],"wp:attachment":[{"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x0.pub\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}