wireguard 对等端(客户端)在连接后不久丢失了 VPN IP 地址,但仍保持与 VPN 服务器的连接并可以 ping 服务器 IP。发生了什么?

tag-icon tag-icon server 22.04 webserver mail-server wireguard
wireguard 对等端(客户端)在连接后不久丢失了 VPN IP 地址,但仍保持与 VPN 服务器的连接并可以 ping 服务器 IP。发生了什么?

我正在通过 Wireguard VPN(作为 VPN 客户端)将 Ubuntu 22.04 Web 服务器隧道传输到另一台 Ubuntu 22.04 服务器作为 Wireguard VPN 主机(服务器)。我已完全按照以下设置了客户端/服务器这些说明来自 Linuxbabe在 WG 服务器上启用端口转发和伪装。我还在 WG 客户端上运行非绑定 DNS。我的 WG 客户端和 WG 服务器都运行 Ubuntu 22.04。

当我使用和连接我的 VPN 客户端时,我的客户端成功连接到 wireguard 服务器。sudo systemctl start [email protected]sudo systemctl enable [email protected]

连接到隧道时10.10.10.1是 VPN 服务器的私有 IP 地址,10.10.10.2是 VPN 客户端的私有 IP 地址。我可以10.10.10.1从客户端成功 ping 通,表明 VPN 连接成功。

然后我curl https://icanhazip.com在 wireguard 客户端上运行,它成功显示我正在使用 Wireguard 服务器的 IP 地址。太棒了!对吧?嗯,不完全是。

大约一分钟后,Wireguard 客户端就会丢失服务器的 IP 地址。成功连接到隧道一分钟后,我再次尝试该命令curl https://icanhazip.com,它现在返回的是我家的公共 IP 地址,而不是 wireguard 服务器的 IP 地址。

但是,尽管我使用的是家庭 IP 地址,但似乎仍然以某种方式连接到 WG 服务器,因为当我运行命令时,它返回以下内容:systemctl status [email protected]

[email protected] - WireGuard via wg-quick(8) for wg/client0
     Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: enabled)
     Active: active (exited) since Thu 2024-03-14 22:12:48 CDT; 17min ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 11681 ExecStart=/usr/bin/wg-quick up wg-client0 (code=exited, status=0/SUCCESS)
   Main PID: 11681 (code=exited, status=0/SUCCESS)
        CPU: 364ms

此外,ping 10.10.10.1在我注意到我的 IP 地址使用的是我的家庭 IP 后, a 仍然成功。因此,不知何故,我的 WG 客户端正在连接到 WG 服务器,但没有使用 WG 服务器的 IP 地址。

以下是 WG 客户端上的 Wireguard 调试日志:

sudo dmesg -wH | grep wireguard
[  +4.964216] wireguard: wg-client0: Keypair 56 destroyed for peer 6
[  +0.000031] wireguard: wg-client0: Keypair 57 destroyed for peer 6
[  +0.145173] wireguard: wg-client0: Peer 6 (123.45.678.9:51820) destroyed
[  +0.048057] wireguard: wg-client0: Interface destroyed
[  +2.575997] wireguard: wg-client0: Interface created
[  +0.022138] wireguard: wg-client0: Peer 7 created
[  +0.040251] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000055] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.054499] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000047] wireguard: wg-client0: Keypair 58 created for peer 7
[  +2.921467] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.036876] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000068] wireguard: wg-client0: Keypair 59 created for peer 7
[  +0.000038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.844707] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +5.255566] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.426967] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.017808] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000070] wireguard: wg-client0: Keypair 58 destroyed for peer 7
[  +0.000021] wireguard: wg-client0: Keypair 60 created for peer 7
[  +0.000033] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.643183] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +1.076531] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.694589] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000355] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.040759] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000061] wireguard: wg-client0: Keypair 59 destroyed for peer 7
[  +0.000021] wireguard: wg-client0: Keypair 61 created for peer 7
[  +0.000031] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.597413] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.753398] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000386] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.019951] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000053] wireguard: wg-client0: Keypair 60 destroyed for peer 7
[  +0.000020] wireguard: wg-client0: Keypair 62 created for peer 7
[  +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +5.165602] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.296682] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000218] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.026552] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000048] wireguard: wg-client0: Keypair 61 destroyed for peer 7
[  +0.000015] wireguard: wg-client0: Keypair 63 created for peer 7
[  +0.000023] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.707453] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +2.242105] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.736789] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.018656] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000055] wireguard: wg-client0: Keypair 62 destroyed for peer 7
[  +0.000017] wireguard: wg-client0: Keypair 64 created for peer 7
[  +0.000028] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +3.992663] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.736520] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.006477] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000041] wireguard: wg-client0: Keypair 63 destroyed for peer 7
[  +0.000013] wireguard: wg-client0: Keypair 65 created for peer 7
[  +0.000020] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.557038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.711950] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.737920] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.007975] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000059] wireguard: wg-client0: Keypair 64 destroyed for peer 7
[  +0.000021] wireguard: wg-client0: Keypair 66 created for peer 7
[  +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.865521] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.251146] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +1.737488] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.008468] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000055] wireguard: wg-client0: Keypair 65 destroyed for peer 7
[  +0.000019] wireguard: wg-client0: Keypair 67 created for peer 7
[  +0.000025] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.406383] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.561784] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +1.734768] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.008146] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000075] wireguard: wg-client0: Keypair 66 destroyed for peer 7
[  +0.000025] wireguard: wg-client0: Keypair 68 created for peer 7
[  +0.000036] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.717223] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)

sudo journalctl -kf | grep wireguard

Mar 14 22:34:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 67 destroyed for peer 7
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 69 created for peer 7
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:35:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:36:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 68 destroyed for peer 7
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 70 created for peer 7
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)

这是我的 /etc/netplan/50-cloud-init.yaml 文件:

network:
  ethernets:
    eth0:
      dhcp4: true
      dhcp4-overrides:
        route-metric: 100
      optional: true
  renderer: networkd
  version: 2
  wifis:
    renderer: networkd
    wlan0:
      access-points:
        DansWifi:
          password: ******************************
      dhcp4: true
      dhcp4-overrides:
        route-metric: 200
      optional: true

最后,以下是输出的 pastebinsudo tail -f /var/log/syslog当 WG 客户端启动时,以及在丢失其隧道 IP 地址之后。

有人能帮我弄清楚为什么我的 WG 客户端不断丢失其 VPN IP 地址,但仍然以某种方式连接到 WG 服务器吗?你能帮我解决这个问题,以便 WG 客户端的 IP 地址始终是 WG 服务器的 IP 地址吗?

我在这里很无知,在日志中看不到太多信息。

答案1

我解决了这个问题!

系统日志中的最后几行表明 wlan0 (WiFi) 连接到路由器时出现问题,从而导致以太网连接中断。查看系统日志中的以下几行:

Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-DISCONNECTED bssid=60:38:e0:ce:d7:e3 reason=4
Mar 15 14:35:13 mail systemd-networkd[1075]: wlan0: Lost carrier
Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: Trying to associate with SSID 'danswifi'
Mar 15 14:35:13 mail systemd-networkd[1075]: wlan0: DHCP lease lost
Mar 15 14:35:13 mail dbus-daemon[1120]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.1' (uid=100 pid=1075 comm="/lib/systemd/systemd-networkd " label="unconfined")
Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Mar 15 14:35:13 mail systemd[1]: Starting Hostname Service...
Mar 15 14:35:13 mail dbus-daemon[1120]: [system] Successfully activated service 'org.freedesktop.hostname1'
Mar 15 14:35:13 mail systemd[1]: Started Hostname Service.
Mar 15 14:35:17 mail systemd-networkd[1075]: wlan0: Connected WiFi access point: 'danswifi' (60:38:e0:ce:d7:e2)
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: Associated with 60:38:e0:ce:d7:e2
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-CONNECTED - Connection to 60:38:e0:ce:d7:e2 completed [id=0 id_str=]

这表明您的 Wifi 与以太网电缆同时连接到互联网,导致 WiFi 干扰您通过以太网连接创建的 VPN 隧道。

解决这个问题的简单方法是使用 rfkill 关闭你的 wifi:

sudo apt install rfkill

sudo rfkill block wifi

一旦你的 wifi 关闭,这个问题就不会再发生,你的隧道应该保持连接状态。

相关内容