我已经为 wireguard 生成了配置,其中我为我的接口手动添加了路由[Interface] PostUp。PostDown
这是我正在运行的审查配置,wg-quick up file.conf
我也通过我的显示路线ip ro,并且还wg-status show显示路线存在并且一些流量正在传出。
[Interface]
PrivateKey = privatekey=
Address = my-vpn-ip,my-vpn-ip6
PostUp = ip route add ip-address/32 dev ens160;ip route add ip-address/32 dev ens160;ip route add ip-address/32 dev ens160;ip route addip-address/32 dev ens160;
PostDown = ip route del ip-address/32 dev ens160;ip route del ip-address/32 dev ens160;ip route del ip-address/32 dev ens160;ip route del ip-address/32 dev ens160;
[Peer]
PublicKey = pubkey1=
Endpoint = end-point-ip1:7200
AllowedIPs = ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32
[Peer]
PublicKey = pubkey2=
Endpoint = end-point-ip2:7200
AllowedIPs = ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32
[Peer]
PublicKey = pubkey3=
Endpoint = end-point-ip3:7200
AllowedIPs = ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32
[Peer]
PublicKey = pubkey4=
Endpoint = end-point-ip4:7200
AllowedIPs = ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32,ip-address/32
我可以访问互联网,但无法访问内部服务器,WireGuard 在我的 Windows 机器上运行良好,但在 Ubuntu 上运行不正常。Openresolve包已安装。
我在/etc/sysctl.conf net.ipv4.ip_forward = 1和中配置net.ipv6.ip_forward = 1
答案1
我在 WG 中遇到了错误,无法正确路由数据包。
我的 L3 部门的同事编写了 hot fix,该问题被报告为 bug。
PostUp = MYDEFROUTE=`ip ro sh | grep default | awk '{print $3}'| head -n1`; for peer in ip.addresses.here; do ip ro add $peer/32 via $MYDEFROUTE; done
PostDown = for peer in ip.addresses; do ip ro del $peer/32; done