Tech for Fun

通过双栈VPS让外网只有ipv4的设备访问ipv6

使用的是wireguard。

在VPS上,

sudo cat /etc/wireguard/wg0.conf
[Interface]
PrivateKey = 0Ees3qr3ib+w5a=
Address = fd10::1/64
ListenPort = 51820

[Peer]
PublicKey = GSmuF+xt6AssG92=
AllowedIPs = fd10::2/128

在macbook上,

[Interface]
PrivateKey = cItNgJRTL3sm1=
Address = fd10::2/64
DNS = fd10::1
[Peer]
PublicKey = GMgLLDLo03SVpW=
AllowedIPs = fd10::/64, 2000::/3
Endpoint = VPS_IP:51820
PersistentKeepalive = 25

开启IPV6转发

开启IPV6转发

sudo sysctl -w net.ipv6.conf.all.forwarding=1

永久生效:

echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf

VPS 上允许 WireGuard 转发到公网 IPv6 

# 临时
sudo ip6tables -A FORWARD -i wg0 -o eth0 -j ACCEPT
sudo ip6tables -A FORWARD -i eth0 -o wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# 永久可用 ip6tables-save
sudo ip6tables-save > /etc/ip6tables.rules

VPS 做 SNAT / MASQUERADE(公网 IPv6 出口) IPv6 不一定需要 NAT,但某些 VPS 提供商要求“指定源地址”,否则出去的包不会回:

sudo ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

其它实用命令

sudo wg show

至此应该是可以使用客户端来访问ipv6的网络了。

George

Geek for fun.

https://jimy.fun

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top