使用 wireguard 对等体作为另一个对等体的默认网关

tag-icon tag-icon linux routing iptables wireguard
使用 wireguard 对等体作为另一个对等体的默认网关

这是我的配置(docker 中的服务器 wg、peer1、peer2)

S = 10.14.88.1
P1 = 10.14.88.2
P2 = 10.14.88.3


[Interface]
Address = 10.14.88.1
ListenPort = 51820
PrivateKey = XXX
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; ip rule add from 10.14.88.2 lookup 200; ip route add default dev wg0 table 200; iptables -t nat -I POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; ip rule del from 10.14.88.2 lookup 200; ip route del default dev wg0 table 200

[Peer]
# peer1
PublicKey = YYY
PresharedKey = YYY
AllowedIPs = 10.14.88.2/32
PersistentKeepalive = 25

[Peer]
# peer2
PublicKey = ZZZ
PresharedKey = ZZZ
#AllowedIPs = 10.14.88.3/32
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 10.14.88.3/32, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/1
PersistentKeepalive = 25

但我没有看到 P2 客户端(mikrotik 路由器)上有任何流量

wg-server 上的路线

root@324b5432acdd:/# ip route

0.0.0.0/5 dev wg0 scope link 
default via 172.18.0.1 dev eth0 
8.0.0.0/7 dev wg0 scope link 
10.14.88.2 dev wg0 scope link 
10.14.88.3 dev wg0 scope link 
11.0.0.0/8 dev wg0 scope link 
12.0.0.0/6 dev wg0 scope link 
16.0.0.0/4 dev wg0 scope link 
32.0.0.0/3 dev wg0 scope link 
64.0.0.0/2 dev wg0 scope link 
128.0.0.0/1 dev wg0 scope link

相关内容