chchang
/
hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '09df3d2342'
${ noResults }
hugo_backup/public/post/do-no-use-10-0-0-0-private-.../index.html

495 lines
16 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!doctype html>
<html class="no-js" lang="tw">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Eric Chang">
<meta name="description" content="Whats the Worst That Could Happen?">
<meta name="keywords" content="linux,blog,responsive,search,font awesome,pages,posts,multilingual,highlight.js,syntax highlighting,premium,shortcuts">
<meta content="" name="keywords">
<meta name="generator" content="Hugo 0.50" />
<title> [筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP | MCの飄狂山莊㊣</title>
<meta name="description" content="[筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP - Whats the Worst That Could Happen?">
<meta itemprop="name" content="[筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP">
<meta itemprop="description" content="[筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP - Whats the Worst That Could Happen?">
<meta property="og:title" content="[筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP">
<meta property="og:description" content="[筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP - Whats the Worst That Could Happen?">
<meta property="og:image" content="https://h.cowbay.org/images/post-default-8.jpg">
<meta property="og:url" content="https://h.cowbay.org/post/do-no-use-10-0-0-0-private-ipaddr-in-gcp/">
<meta property="og:site_name" content="MCの飄狂山莊㊣">
<meta property="og:type" content="article">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="https://h.cowbay.org/favicon-16x16.png" sizes="16x16">
<link rel="stylesheet" href="https://h.cowbay.org/sass/combined.min.a89dfa577f701bffe9659f476ef61241cb2a3452b913e793463b0074a10c0a59.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
</head>
<body class="bilberry-hugo-theme">
<nav class="permanentTopNav">
<div class="container">
<ul class="topnav">
</ul>
<div id="search-box" class="search">
<i class="fa fa-search"></i>
<input id="search" type="text" placeholder="">
</div>
</div>
</nav>
<header>
<div class="container">
<div class="logo">
<a href="/" class="logo">
<img src="https://www.gravatar.com/avatar/e4eb1f8e016ffb73e9889f87d16e15f0?d=mm&size=200" alt="">
<span class="overlay"><i class="fa fa-home"></i></span>
</a>
</div>
<div class="titles">
<h3 class="title"><a href="/">MCの飄狂山莊㊣</a></h3>
<span class="subtitle">Whats the Worst That Could Happen?</span>
</div>
<div class="toggler permanentTopNav">
<i class="fa fa-bars" aria-hidden="true"></i>
</div>
</div>
</header>
<div class="main container">
<div class="article-wrapper u-cf single">
<a class="bubble" href="/post/do-no-use-10-0-0-0-private-ipaddr-in-gcp/">
<i class="fa fa-fw fa-pencil"></i>
</a>
<article class="default article">
<div class="featured-image">
<a href="/post/do-no-use-10-0-0-0-private-ipaddr-in-gcp/">
<img src="/images/post-default-8.jpg" alt="">
</a>
</div>
<div class="content">
<h3><a href="/post/do-no-use-10-0-0-0-private-ipaddr-in-gcp/">[筆記] 在gcp 中用wireguard建立VPN時不要用 10.0.0.0/16 網段/Do No Use 10 0 0 0 Private Ipaddr in GCP</a></h3>
<div class="meta">
<span class="date moment">2019-08-16</span>
<span class="categories">
<a href="/categories/%E7%AD%86%E8%A8%98">筆記</a>
</span>
<span class="author"><a href="/author/eric-chang">Eric Chang</a></span>
</div>
<p>最近一直在玩 wireguard 先前把各個分公司和總部的VPN 改用 wireguard 建立</p>
<p>想說再打個VPN tunnel 來當跳板連 ptt 好了</p>
<p>因為wireguard 建立很簡單,而且又可以指定想要繞出去的路由,不會影響原本的網路環境</p>
<p>本來是在vultr 的VPS上面建立這個tunnel</p>
<p>但是那台VPS連去ptt 很頓,卡卡的</p>
<p>所以改用google cloud platform 的free tier 來做</p>
<p>反正只是拿來當跳板,不會有什麼流量、運算產生,可以一直保持免費的狀態</p>
<p></p>
<p>GCP的申請、設定就不多說了</p>
<p>這次碰到的怪異現象是當wireguard 都已經設定好client 也都連上了之後</p>
<p>會發生client 開不了 www.google.com.tw / youtube / google map 等等google 服務的狀況</p>
<p>VPN確定是通的我可以在client 這邊連上其他網站但就是google的服務開不了</p>
<p>後來不知道是怎麼樣突然靈機一動因為一開始設定server/peer 都是用 10.0.0.x/24 的IP</p>
<p>想說會不會是因為這個也是google cloud platform 預設的LAN IP 網段,所以沒辦法繞出去</p>
<p>看一下設定,確認一下這個想法對不對,果然是這樣沒錯</p>
<p><img src="https://i.imgur.com/XkrH4Pa.png" alt="" /></p>
<p>解決方法很簡單要不修改VPS的內部IP要不修改wireguard的設定</p>
<p>當然我是選擇改wireguard ,因為簡單嘛!</p>
<p>修改後的configuration 長這樣</p>
<pre><code>[Interface]
Address = 192.168.10.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens4 -j MASQUERADE
ListenPort = 12000
PrivateKey = E..........................E
#OFFICE DESKTOP
[Peer]
PublicKey = W...........................W
AllowedIPs = 192.168.10.2/32
#ANDROID
[Peer]
PublicKey = w............................w
AllowedIPs = 192.168.10.3/32
#HOME
[Peer]
PublicKey = 2.........................................2
AllowedIPs = 192.168.10.4/32
</code></pre>
<p>重起wireguard (或者說重起 wg0 這個interface)之後client 開google 網頁就正常了</p>
<p>client 這邊也是簡單設定一下把要透過跳板出去的IP 改走wireguard 出去</p>
<p>底下這個,就是把往台大(140.112.0.0) 和 term.ptt.cc(104.31.0.0)的封包改走wireguard</p>
<pre><code>[Interface]
PrivateKey = e............................e
Address = 192.168.10.2/24
DNS = 8.8.8.8
MTU = 1420
[Peer]
PublicKey = q...........................q
Endpoint = public_ip_of_gcp:12000
AllowedIPs = 140.112.0.0/16,104.31.0.0/16,192.168.10.1/32
PersistentKeepalive = 25
</code></pre>
<p>然後看一下路由對不對</p>
<pre><code>2019-08-16 10:34:21 [cch@hq34 ~]$ traceroute term.ptt.cc
traceroute to term.ptt.cc (104.31.231.9), 30 hops max, 60 byte packets
1 192.168.10.1 (192.168.10.1) 191.826 ms 192.556 ms 192.678 ms
2 * * *
3 * * *
4 * * *
5 104.31.231.9 (104.31.231.9) 203.918 ms 203.982 ms 203.979 ms
2019-08-16 10:34:33 [cch@hq34 ~]$
</code></pre>
<p>果然是走wireguard (192.168.10.1) 出去 ,跳板成功!</p>
</div>
<div class="footer">
<div class="tags">
<i class="fa fa-tags"></i>
<div class="links">
<a href="/tags/vpn">vpn</a>
<a href="/tags/wireguard">wireguard</a>
</div>
</div>
</div>
</article>
</div>
<div id="disqus_thread"></div>
<script type="application/javascript">
var disqus_config = function () {
};
(function() {
if (["localhost", "127.0.0.1"].indexOf(window.location.hostname) != -1) {
document.getElementById('disqus_thread').innerHTML = 'Disqus comments not available by default when the website is previewed locally.';
return;
}
var d = document, s = d.createElement('script'); s.async = true;
s.src = '//' + "h-cowbay-org-1" + '.disqus.com/embed.js';
s.setAttribute('data-timestamp', +new Date());
(d.head || d.body).appendChild(s);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="https://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="https://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
</div>
<footer>
<div class="container">
<div class="recent-posts">
<strong></strong>
<ul>
<li>
<a href="/post/recommended-ulauncher-in-ubuntu-1804/">[推薦] ulauncher ubuntu 18.04 底下,好用的 app launcher / Recommended Ulauncher in Ubuntu 1804</a>
</li>
<li>
<a href="/post/pg_auto_failover_in_ubuntu_1804_psql_11/">[筆記] 在ubuntu 18.04安裝psql 11 以及 pg_auto_failover / install psql 11 and pg_auto_failover in ubuntu 18.04</a>
</li>
<li>
<a href="/post/bencmark-with-external-internal-nvme-ssd-and-external-sata-ssd/">[筆記] 測試 USB 3.1 Gen2 NVME SSD 外接盒 &amp; 內建pci-e ssd &amp; 外接SATA SSD / Bencmark With External Internal Nvme Ssd and External Sata Ssd</a>
</li>
<li>
<a href="/post/postgresql-backup-restore-using-zfs-snapshot/">[筆記] 用zfs的snapshot 快照功能來做 postgresql 的備份還原 / Postgresql Backup Restore Using Zfs Snapshot</a>
</li>
<li>
<a href="/post/backup-restore-postgresql-with-pgbackrest/">[筆記] 用pbackrest 備份還原 postgresql / Backup Restore Postgresql With Pgbackrest</a>
</li>
<li>
<a href="/post/pgbarman-in-ubuntu-1804-postgresql-10-via-ssh/">[筆記] 在Ubuntu 18.04 下 透過 pgbarman rsync/ssh backup 備份 postgresql 10 / backup postgresql 10 with pgbarman via ssh/rsync in ubuntu 18.04</a>
</li>
<li>
<a href="/post/pgbarman-in-ubuntu-1804-postgresql-10/">[筆記] 在Ubuntu 18.04 下 透過 pgbarman streaming backup 備份 postgresql 10/ backup postgresql 10 with pgbarman straming backup in ubuntu 18.04</a>
</li>
</ul>
</div>
<div class="categories">
<a href="/categories/"><strong></strong></a>
<ul>
<li>
<a href="/categories/%E7%AD%86%E8%A8%98">筆記 (31)</a>
</li>
<li>
<a href="/categories/ansible">Ansible (3)</a>
</li>
<li>
<a href="/categories/"> (1)</a>
</li>
<li>
<a href="/categories/linux">Linux (1)</a>
</li>
<li>
<a href="/categories/proxmox">Proxmox (1)</a>
</li>
<li>
<a href="/categories/ps">Ps (1)</a>
</li>
<li>
<a href="/categories/%E7%A2%8E%E5%BF%B5">碎念 (1)</a>
</li>
</ul>
</div>
<div class="right">
<div class="external-profiles">
<strong></strong>
<a href="https://www.facebook.com/mariahchang" target="_blank"><i class="fa fa-facebook-adblock-proof"></i></a>
<a href="https://twitter.com/changchichung" target="_blank"><i class="fa fa-twitter-adblock-proof"></i></a>
<a href="https://github.com/changchichung" target="_blank"><i class="fa fa-github"></i></a>
<a href="https://www.yapee.tw/mvc/onlinePay/webLink?key=lMC74kucH21JChCR77-wJ80ZZ-Poh11amP24BwiDdHw" target="_blank"><img border="0" src="https://www.yapee.tw/mvc/file/publicFile?pathType=data/linkLogo/B0S0F0002585.jpg"></img></a>
</div>
</div>
</div>
</footer>
<div class="credits">
<div class="container">
<div class="copyright">
<a href="https://github.com/Lednerb" target="_blank">
&copy;
2017
by Lednerb
</a>
</div>
<div class="author">
<a href="https://www.yapee.tw/mvc/onlinePay/webLink?key=lMC74kucH21JChCR77-wJ80ZZ-Poh11amP24BwiDdHw" target="_blank">Bilberry Hugo Theme</a>
</div>
</div>
</div>
<script type="application/javascript">
var doNotTrack = false;
if (!doNotTrack) {
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-138954876-1', 'auto');
ga('send', 'pageview');
}
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<script type="text/javascript" src="https://h.cowbay.org/js/externalDependencies.39c47e10e241eae2947b3fe21809c572.js" integrity="md5-OcR&#43;EOJB6uKUez/iGAnFcg=="></script>
<script type="text/javascript" src="https://h.cowbay.org/js/theme.ff50ae6dc1bfc220b23bf69dbb41b54e.js" integrity="md5-/1CubcG/wiCyO/adu0G1Tg=="></script>
<script>
$(".moment").each(function() {
$(this).text(
moment( $(this).text() )
.locale( "tw" )
.format('LL')
);
});
$(".footnote-return sup").html("");
</script>
<script>
var client = algoliasearch("2XL0P8XDCY", "4ef65b37b627bb886b46c34a10e63aa6");
var index = client.initIndex("h_cowbay_org");
$('#search').autocomplete({ hint: false, autoselect: true, debug: false },
[
{
source: $.fn.autocomplete.sources.hits(index, { hitsPerPage: 10 }),
displayKey: function(suggestion) {
return suggestion.title || suggestion.author
},
templates: {
suggestion: function(suggestion) {
return "<span class='entry " + suggestion.type + "'>"
+ "<span class='title'>" + suggestion.title + "</span>"
+ "<span class='fa fa-fw " + suggestion.iconClass + "'></span>"
+ "</span>"
;
},
empty: function() {
return "<span class='empty'></span>"
},
footer: function() {
return '<div class="branding">Powered by <img src="https:\/\/h.cowbay.org\/dist\/algolia-logo-light.svg" /></div>'
}
},
}
])
.on('autocomplete:selected', function(event, suggestion, dataset) {
window.location = (suggestion.url);
})
.keypress(function (event, suggestion) {
if (event.which == 13) {
window.location = (suggestion.url);
}
});
</script>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink