Wireguard VPN
시놀로지의 CPU Package Arch 확인
1. https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have 접속
2. 내 모델(DS920+) 찾기
3. Package Arch 확인
Geminilake
wireguard 설치
1. SSH 접속
– 나는 Windows를 사용하므로 Putty 프로그램을 이용하여 SSH에 접속 한다.
login as: [사용자 이름 입력]
test@192.168.0.3’s password: [암호 입력]
Synology strongly advises you not to run commands as the root user, who has the highest privileges on the system. Doing so may cause major damages to the system. Please note that if you choose to proceed, all consequences are at your own risk.
test@synology:~$
2. 관리자 권한 얻기
sudo -i
test@synology:~$ suto -i
Password: [암호 입력]
root@synology:~#
3. https://github.com/runfalk/synology-wireguard/issues/93#issuecomment-922057387 접속
4. 내 CPU Package Arch에 맞는 파일 URL 링크 복사
https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
5. SPK 파일 다운로드
wget https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
root@synology:~# cd /volume1/docker/WG-Easy
root@synology:/volume1/docker/WG-Easy# wget https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at ‘/root/.wget-hsts’. HSTS will be disabled.
–2023-02-02 18:16:08– https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
Resolving github.com… 20.200.245.247
Connecting to github.com|20.200.245.247|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/176117811/7188248?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230202%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230202T091617Z&X-Amz-Expires=300&X-Amz-Signature=cf2badb04452f002d6cd4131818674b696525cee8c0b6265b174e14e6fac871c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=176117811&response-content-disposition=attachment%3Bfilename%3DWireGuard-geminilake-1.0.20210606.spk.gz&response-content-type=application%2Fx-gzip [following] –2023-02-02 18:16:17– https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/176117811/7188248?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230202%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230202T091617Z&X-Amz-Expires=300&X-Amz-Signature=cf2badb04452f002d6cd4131818674b696525cee8c0b6265b174e14e6fac871c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=176117811&response-content-disposition=attachment%3Bfilename%3DWireGuard-geminilake-1.0.20210606.spk.gz&response-content-type=application%2Fx-gzip
Resolving objects.githubusercontent.com… 185.199.109.133, 185.199.108.133, 185.199.111.133, …
Connecting to objects.githubusercontent.com|185.199.109.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1709742 (1.6M) [application/x-gzip]
Saving to: ‘WireGuard-geminilake-1.0.20210606.spk.gz’
WireGuard-geminilak 100%[===================>] 1.63M 1.24MB/s in 1.3s
2023-02-02 18:16:20 (1.24 MB/s) – ‘WireGuard-geminilake-1.0.20210606.spk.gz’ saved [1709742/1709742]
root@synology:/volume1/docker/WG-Easy#
6. 압축 해제
gzip -d WireGuard-geminilake-1.0.20210606.spk.gz
root@synology:/volume1/docker/WG-Easy# gzip -d WireGuard-geminilake-1.0.20210606.spk.gz
root@synology:/volume1/docker/WG-Easy#
7. 패키지 설치
sudo synopkg install WireGuard-geminilake-1.0.20210606.spk
root@synology:/volume1/docker/WG-Easy# sudo synopkg install WireGuard-geminilake-1.0.20210606.spk
{“error”:{“code”:0},”results”:[{“action”:”install”,”beta”:false,”betaIncoming”:false,”error”:{“code”:267,”curVersion”:”1.0.20220627″,”description”:”cannot downgrade to older Version”,”insVersion”:”1.0.20210606″},”installReboot”:false,”installing”:true,”language”:”enu”,”last_stage”:”prepare_install”,”package”:”WireGuard”,”packageName”:”WireGuard”,”spk”:”WireGuard-geminilake-1.0.20210606.spk”,”stage”:”install_failed”,”success”:false,”username”:””,”version”:”1.0.20210606″}],”success”:false}
8. 패키지 실행
sudo /var/packages/WireGuard/scripts/start
root@synology:/volume1/docker/WG-Easy# sudo /var/packages/WireGuard/scripts/start
WireGuard has been successfully started
9. docker-compose 업데이트
mv /var/packages/Docker/target/usr/bin/docker-compose /var/packages/Docker/target/usr/bin/docker-compose_bak
sudo curl -L "https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-$(uname -s)-$(uname -m)" -o /var/packages/Docker/target/usr/bin/docker-compose
chmod 755 /var/packages/Docker/target/usr/bin/docker-compose
docker-compose --version
root@synology:/volume1/docker/WG-Easy# mv /var/packages/Docker/target/usr/bin/docker-compose /var/packages/Docker/target/usr/bin/docker-compose_bak
root@synology:/volume1/docker/WG-Easy# sudo curl -L “https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-$(uname -s)-$(uname -m)” -o /var/packages/Docker/target/usr/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0
100 24.5M 100 24.5M 0 0 1017k 0 0:00:24 0:00:24 –:–:– 3493k
root@synology:/volume1/docker/WG-Easy# chmod 755 /var/packages/Docker/target/usr/bin/docker-compose
root@synology:/volume1/docker/WG-Easy# docker-compose –version
Docker Compose version v2.10.2
10. docker-compose.yml 받기
wget https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml
root@synology:/volume1/docker/WG-Easy# wget https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at ‘/root/.wget-hsts’. HSTS will be disabled.
–2023-02-02 17:37:18– https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml
Resolving raw.githubusercontent.com… 185.199.109.133, 185.199.111.133, 185.199.108.133, …
Connecting to raw.githubusercontent.com|185.199.109.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 975 [text/plain]
Saving to: ‘docker-compose.yml’
docker-compose.yml 100%[===================>] 975 –.-KB/s in 0s
2023-02-02 17:37:18 (73.4 MB/s) – ‘docker-compose.yml’ saved [975/975]
root@synology:/volume1/docker/WG-Easy#
11. docker-compose.yml 수정
vi docker-compose.yml
기본적으로 wg_host와 비밀번호 부분만 바꿔주면 된다.
수정할 항목
WG_HOST
:
Synology의 DDNS 혹은 공인 IP 입력하기
PASSWORD
:
Wireguard에 사용할 비밀번호 입력하기
WG_ALLOWED_IPS
:
모든 패킷에 대해 VPN 적용하려면 0.0.0.0/0,::/0 로 바꾸기
host모드
:
기본값인 브릿지 모드로 만족스러운 속도가 안나오는경우, sysctls: 부터 아래까지 다 지우고 network_mode: “host” 넣어주기
수정 다 끝났으면 ESC 입력 후 :wq 입력 ENTER
root@synology:/volume1/docker/WG-Easy# vi docker-compose.yml
version: “3.8”
services:
wg-easy:
environment:
– WG_HOST=[DDNS 혹은 공인 IP]
# Optional:
– PASSWORD=[사용할 비밀번호]
– WG_PORT=51820
– WG_DEFAULT_ADDRESS=10.8.0.x
– WG_DEFAULT_DNS=1.1.1.1
– WG_MTU=1420
– WG_ALLOWED_IPS=0.0.0.0/0,::/0
# – WG_PRE_UP=echo “Pre Up” > /etc/wireguard/pre-up.txt
# – WG_POST_UP=echo “Post Up” > /etc/wireguard/post-up.txt
# – WG_PRE_DOWN=echo “Pre Down” > /etc/wireguard/pre-down.txt
# – WG_POST_DOWN=echo “Post Down” > /etc/wireguard/post-down.txt
image: weejewel/wg-easy
container_name: wg-easy
volumes:
– .:/etc/wireguard
ports:
– “51820:51820/udp”
– “51821:51821/tcp”
restart: unless-stopped
cap_add:
– NET_ADMIN
– SYS_MODULE
sysctls:
– net.ipv4.ip_forward=1
– net.ipv4.conf.all.src_valid_mark=1
~
~
~
~
~
~
~
“docker-compose.yml” 32L, 866B 1,1 All
:wq
12. 컨테이너를 생성하고 실행
docker-compose up --detach
root@synology:/volume1/docker/WG-Easy# docker-compose up –detach
[+] Running 1/0
⠿ Container wg-easy Running
13. 포트포워딩
공유기 설정에서 포트 포워딩하자.
포트 설명
51820
:
UDP. Wireguard 서비스가 실행될 포트
52821
:
TCP. Wireguard를 웹 GUI로 접속할 때 필요한 포트