我正在通过 Wireguard VPN(作为 VPN 客户端)将 Ubuntu 22.04 Web 服务器隧道传输到另一台 Ubuntu 22.04 服务器作为 Wireguard VPN 主机(服务器)。我已完全按照以下设置了客户端/服务器这些说明来自 Linuxbabe在 WG 服务器上启用端口转发和伪装。我还在 WG 客户端上运行非绑定 DNS。我的 WG 客户端和 WG 服务器都运行 Ubuntu 22.04。
当我使用和连接我的 VPN 客户端时,我的客户端成功连接到 wireguard 服务器。sudo systemctl start [email protected]sudo systemctl enable [email protected]
连接到隧道时10.10.10.1是 VPN 服务器的私有 IP 地址,10.10.10.2是 VPN 客户端的私有 IP 地址。我可以10.10.10.1从客户端成功 ping 通,表明 VPN 连接成功。
然后我curl https://icanhazip.com在 wireguard 客户端上运行,它成功显示我正在使用 Wireguard 服务器的 IP 地址。太棒了!对吧?嗯,不完全是。
大约一分钟后,Wireguard 客户端就会丢失服务器的 IP 地址。成功连接到隧道一分钟后,我再次尝试该命令curl https://icanhazip.com,它现在返回的是我家的公共 IP 地址,而不是 wireguard 服务器的 IP 地址。
但是,尽管我使用的是家庭 IP 地址,但似乎仍然以某种方式连接到 WG 服务器,因为当我运行命令时,它返回以下内容:systemctl status [email protected]
● [email protected] - WireGuard via wg-quick(8) for wg/client0
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: enabled)
Active: active (exited) since Thu 2024-03-14 22:12:48 CDT; 17min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 11681 ExecStart=/usr/bin/wg-quick up wg-client0 (code=exited, status=0/SUCCESS)
Main PID: 11681 (code=exited, status=0/SUCCESS)
CPU: 364ms
此外,ping 10.10.10.1在我注意到我的 IP 地址使用的是我的家庭 IP 后, a 仍然成功。因此,不知何故,我的 WG 客户端正在连接到 WG 服务器,但没有使用 WG 服务器的 IP 地址。
以下是 WG 客户端上的 Wireguard 调试日志:
sudo dmesg -wH | grep wireguard
[ +4.964216] wireguard: wg-client0: Keypair 56 destroyed for peer 6
[ +0.000031] wireguard: wg-client0: Keypair 57 destroyed for peer 6
[ +0.145173] wireguard: wg-client0: Peer 6 (123.45.678.9:51820) destroyed
[ +0.048057] wireguard: wg-client0: Interface destroyed
[ +2.575997] wireguard: wg-client0: Interface created
[ +0.022138] wireguard: wg-client0: Peer 7 created
[ +0.040251] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.000055] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.054499] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000047] wireguard: wg-client0: Keypair 58 created for peer 7
[ +2.921467] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.036876] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000068] wireguard: wg-client0: Keypair 59 created for peer 7
[ +0.000038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.844707] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +5.255566] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.426967] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.017808] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000070] wireguard: wg-client0: Keypair 58 destroyed for peer 7
[ +0.000021] wireguard: wg-client0: Keypair 60 created for peer 7
[ +0.000033] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.643183] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +1.076531] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.694589] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.000355] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.040759] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000061] wireguard: wg-client0: Keypair 59 destroyed for peer 7
[ +0.000021] wireguard: wg-client0: Keypair 61 created for peer 7
[ +0.000031] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.597413] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.753398] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.000386] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.019951] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000053] wireguard: wg-client0: Keypair 60 destroyed for peer 7
[ +0.000020] wireguard: wg-client0: Keypair 62 created for peer 7
[ +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +5.165602] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.296682] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.000218] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.026552] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000048] wireguard: wg-client0: Keypair 61 destroyed for peer 7
[ +0.000015] wireguard: wg-client0: Keypair 63 created for peer 7
[ +0.000023] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.707453] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +2.242105] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.736789] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.018656] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000055] wireguard: wg-client0: Keypair 62 destroyed for peer 7
[ +0.000017] wireguard: wg-client0: Keypair 64 created for peer 7
[ +0.000028] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +3.992663] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.736520] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.006477] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000041] wireguard: wg-client0: Keypair 63 destroyed for peer 7
[ +0.000013] wireguard: wg-client0: Keypair 65 created for peer 7
[ +0.000020] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.557038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.711950] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +0.737920] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.007975] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000059] wireguard: wg-client0: Keypair 64 destroyed for peer 7
[ +0.000021] wireguard: wg-client0: Keypair 66 created for peer 7
[ +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.865521] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.251146] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +1.737488] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.008468] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000055] wireguard: wg-client0: Keypair 65 destroyed for peer 7
[ +0.000019] wireguard: wg-client0: Keypair 67 created for peer 7
[ +0.000025] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.406383] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.561784] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +1.734768] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[ +0.008146] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[ +0.000075] wireguard: wg-client0: Keypair 66 destroyed for peer 7
[ +0.000025] wireguard: wg-client0: Keypair 68 created for peer 7
[ +0.000036] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[ +4.717223] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
sudo journalctl -kf | grep wireguard
Mar 14 22:34:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 67 destroyed for peer 7
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 69 created for peer 7
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:35:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:36:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 68 destroyed for peer 7
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 70 created for peer 7
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
这是我的 /etc/netplan/50-cloud-init.yaml 文件:
network:
ethernets:
eth0:
dhcp4: true
dhcp4-overrides:
route-metric: 100
optional: true
renderer: networkd
version: 2
wifis:
renderer: networkd
wlan0:
access-points:
DansWifi:
password: ******************************
dhcp4: true
dhcp4-overrides:
route-metric: 200
optional: true
最后,以下是输出的 pastebinsudo tail -f /var/log/syslog当 WG 客户端启动时,以及在丢失其隧道 IP 地址之后。
有人能帮我弄清楚为什么我的 WG 客户端不断丢失其 VPN IP 地址,但仍然以某种方式连接到 WG 服务器吗?你能帮我解决这个问题,以便 WG 客户端的 IP 地址始终是 WG 服务器的 IP 地址吗?
我在这里很无知,在日志中看不到太多信息。
答案1
我解决了这个问题!
系统日志中的最后几行表明 wlan0 (WiFi) 连接到路由器时出现问题,从而导致以太网连接中断。查看系统日志中的以下几行:
Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-DISCONNECTED bssid=60:38:e0:ce:d7:e3 reason=4
Mar 15 14:35:13 mail systemd-networkd[1075]: wlan0: Lost carrier
Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: Trying to associate with SSID 'danswifi'
Mar 15 14:35:13 mail systemd-networkd[1075]: wlan0: DHCP lease lost
Mar 15 14:35:13 mail dbus-daemon[1120]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.1' (uid=100 pid=1075 comm="/lib/systemd/systemd-networkd " label="unconfined")
Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Mar 15 14:35:13 mail systemd[1]: Starting Hostname Service...
Mar 15 14:35:13 mail dbus-daemon[1120]: [system] Successfully activated service 'org.freedesktop.hostname1'
Mar 15 14:35:13 mail systemd[1]: Started Hostname Service.
Mar 15 14:35:17 mail systemd-networkd[1075]: wlan0: Connected WiFi access point: 'danswifi' (60:38:e0:ce:d7:e2)
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: Associated with 60:38:e0:ce:d7:e2
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-CONNECTED - Connection to 60:38:e0:ce:d7:e2 completed [id=0 id_str=]
这表明您的 Wifi 与以太网电缆同时连接到互联网,导致 WiFi 干扰您通过以太网连接创建的 VPN 隧道。
解决这个问题的简单方法是使用 rfkill 关闭你的 wifi:
sudo apt install rfkill
sudo rfkill block wifi
一旦你的 wifi 关闭,这个问题就不会再发生,你的隧道应该保持连接状态。