여러분이 사용하고 계신 브라우저는 HTML5를 지원하지 않기 때문에 몇몇 요소가 제대로 보이도록 JScript를 사용하고 있습니다. 하지만 여러분의 브라우저 설정에서 스크립트 기능이 꺼져있으므로, 현재 페이지를 제대로 확인하시려면 스크립트 기능을 켜주셔야 합니다. Docker 이용하여 Wireguard VPN 설치하기
Docker 이용하여 Wireguard VPN 설치하기
10개월전 작성
10개월전 수정

Wireguard VPN

시놀로지의 CPU Package Arch 확인

1. https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have 접속

 

2. 내 모델(DS920+) 찾기

 

3. Package Arch 확인

Geminilake

wireguard 설치

1. SSH 접속
– 나는 Windows를 사용하므로 Putty 프로그램을 이용하여 SSH에 접속 한다.

login as: [사용자 이름 입력]
test@192.168.0.3’s password: [암호 입력]
Synology strongly advises you not to run commands as the root user, who has the highest privileges on the system. Doing so may cause major damages to the system. Please note that if you choose to proceed, all consequences are at your own risk.
test@synology:~$

 

2. 관리자 권한 얻기

sudo -i
test@synology:~$ suto -i
Password: [암호 입력]
root@synology:~#

 

3. https://github.com/runfalk/synology-wireguard/issues/93#issuecomment-922057387 접속

 

4. 내 CPU Package Arch에 맞는 파일 URL 링크 복사

https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz

 

5. SPK 파일 다운로드

wget https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
root@synology:~# cd /volume1/docker/WG-Easy
root@synology:/volume1/docker/WG-Easy# wget https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at ‘/root/.wget-hsts’. HSTS will be disabled.
–2023-02-02 18:16:08– https://github.com/runfalk/synology-wireguard/files/7188248/WireGuard-geminilake-1.0.20210606.spk.gz
Resolving github.com… 20.200.245.247
Connecting to github.com|20.200.245.247|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/176117811/7188248?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230202%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230202T091617Z&X-Amz-Expires=300&X-Amz-Signature=cf2badb04452f002d6cd4131818674b696525cee8c0b6265b174e14e6fac871c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=176117811&response-content-disposition=attachment%3Bfilename%3DWireGuard-geminilake-1.0.20210606.spk.gz&response-content-type=application%2Fx-gzip [following] –2023-02-02 18:16:17– https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/176117811/7188248?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230202%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230202T091617Z&X-Amz-Expires=300&X-Amz-Signature=cf2badb04452f002d6cd4131818674b696525cee8c0b6265b174e14e6fac871c&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=176117811&response-content-disposition=attachment%3Bfilename%3DWireGuard-geminilake-1.0.20210606.spk.gz&response-content-type=application%2Fx-gzip
Resolving objects.githubusercontent.com… 185.199.109.133, 185.199.108.133, 185.199.111.133, …
Connecting to objects.githubusercontent.com|185.199.109.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 1709742 (1.6M) [application/x-gzip]
Saving to: ‘WireGuard-geminilake-1.0.20210606.spk.gz’
 
WireGuard-geminilak 100%[===================>] 1.63M 1.24MB/s in 1.3s
 
2023-02-02 18:16:20 (1.24 MB/s) – ‘WireGuard-geminilake-1.0.20210606.spk.gz’ saved [1709742/1709742]
root@synology:/volume1/docker/WG-Easy#

 

6. 압축 해제

gzip -d WireGuard-geminilake-1.0.20210606.spk.gz
root@synology:/volume1/docker/WG-Easy# gzip -d WireGuard-geminilake-1.0.20210606.spk.gz
root@synology:/volume1/docker/WG-Easy#

 

7. 패키지 설치

sudo synopkg install WireGuard-geminilake-1.0.20210606.spk
root@synology:/volume1/docker/WG-Easy# sudo synopkg install WireGuard-geminilake-1.0.20210606.spk
{“error”:{“code”:0},”results”:[{“action”:”install”,”beta”:false,”betaIncoming”:false,”error”:{“code”:267,”curVersion”:”1.0.20220627″,”description”:”cannot downgrade to older Version”,”insVersion”:”1.0.20210606″},”installReboot”:false,”installing”:true,”language”:”enu”,”last_stage”:”prepare_install”,”package”:”WireGuard”,”packageName”:”WireGuard”,”spk”:”WireGuard-geminilake-1.0.20210606.spk”,”stage”:”install_failed”,”success”:false,”username”:””,”version”:”1.0.20210606″}],”success”:false}

 

8. 패키지 실행

sudo /var/packages/WireGuard/scripts/start
root@synology:/volume1/docker/WG-Easy# sudo /var/packages/WireGuard/scripts/start
WireGuard has been successfully started

 

9. docker-compose 업데이트

mv /var/packages/Docker/target/usr/bin/docker-compose /var/packages/Docker/target/usr/bin/docker-compose_bak
sudo curl -L "https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-$(uname -s)-$(uname -m)" -o /var/packages/Docker/target/usr/bin/docker-compose
chmod 755 /var/packages/Docker/target/usr/bin/docker-compose
docker-compose --version
root@synology:/volume1/docker/WG-Easy# mv /var/packages/Docker/target/usr/bin/docker-compose /var/packages/Docker/target/usr/bin/docker-compose_bak
root@synology:/volume1/docker/WG-Easy# sudo curl -L “https://github.com/docker/compose/releases/download/v2.10.2/docker-compose-$(uname -s)-$(uname -m)” -o /var/packages/Docker/target/usr/bin/docker-compose
% Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 –:–:– –:–:– –:–:– 0
100 24.5M 100 24.5M 0 0 1017k 0 0:00:24 0:00:24 –:–:– 3493k
root@synology:/volume1/docker/WG-Easy# chmod 755 /var/packages/Docker/target/usr/bin/docker-compose
root@synology:/volume1/docker/WG-Easy# docker-compose –version
Docker Compose version v2.10.2


10. docker-compose.yml 받기

wget https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml

​​

root@synology:/volume1/docker/WG-Easy# wget https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at ‘/root/.wget-hsts’. HSTS will be disabled.
–2023-02-02 17:37:18– https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/docker-compose.yml
Resolving raw.githubusercontent.com… 185.199.109.133, 185.199.111.133, 185.199.108.133, …
Connecting to raw.githubusercontent.com|185.199.109.133|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 975 [text/plain]
Saving to: ‘docker-compose.yml’
 
docker-compose.yml 100%[===================>] 975 –.-KB/s in 0s
 
2023-02-02 17:37:18 (73.4 MB/s) – ‘docker-compose.yml’ saved [975/975]
root@synology:/volume1/docker/WG-Easy#

 

11. docker-compose.yml 수정

vi docker-compose.yml

기본적으로 wg_host와 비밀번호 부분만 바꿔주면 된다.

수정할 항목
WG_HOST
:
Synology의 DDNS 혹은 공인 IP 입력하기
PASSWORD
:
Wireguard에 사용할 비밀번호 입력하기
WG_ALLOWED_IPS
:
모든 패킷에 대해 VPN 적용하려면 0.0.0.0/0,::/0 로 바꾸기
host모드
:
기본값인 브릿지 모드로 만족스러운 속도가 안나오는경우, sysctls: 부터 아래까지 다 지우고 network_mode: “host” 넣어주기

수정 다 끝났으면 ESC 입력 후 :wq 입력 ENTER

root@synology:/volume1/docker/WG-Easy# vi docker-compose.yml
version: “3.8”
services:
wg-easy:
environment:
– WG_HOST=[DDNS 혹은 공인 IP]
 
# Optional:
– PASSWORD=[사용할 비밀번호]
– WG_PORT=51820
– WG_DEFAULT_ADDRESS=10.8.0.x
– WG_DEFAULT_DNS=1.1.1.1
– WG_MTU=1420
– WG_ALLOWED_IPS=0.0.0.0/0,::/0
# – WG_PRE_UP=echo “Pre Up” > /etc/wireguard/pre-up.txt
# – WG_POST_UP=echo “Post Up” > /etc/wireguard/post-up.txt
# – WG_PRE_DOWN=echo “Pre Down” > /etc/wireguard/pre-down.txt
# – WG_POST_DOWN=echo “Post Down” > /etc/wireguard/post-down.txt
 
image: weejewel/wg-easy
container_name: wg-easy
volumes:
– .:/etc/wireguard
ports:
– “51820:51820/udp”
– “51821:51821/tcp”
restart: unless-stopped
cap_add:
– NET_ADMIN
– SYS_MODULE
sysctls:
– net.ipv4.ip_forward=1
– net.ipv4.conf.all.src_valid_mark=1
~
~
~
~
~
~
~
“docker-compose.yml” 32L, 866B 1,1 All
:wq

 

​12. 컨테이너를 생성하고 실행

docker-compose up --detach
root@synology:/volume1/docker/WG-Easy# docker-compose up –detach
[+] Running 1/0
⠿ Container wg-easy Running


13. 포트포워딩

공유기 설정에서 포트 포워딩하자.

포트 설명
51820
:
UDP. Wireguard 서비스가 실행될 포트
52821
:
TCP. Wireguard를 웹 GUI로 접속할 때 필요한 포트

14. Synology DDNS 주소 / 내부 IP:51821 접속

Mingg`s Diary
밍구
공부 목적 블로그