我有简单的拓扑。我希望 OVH 上的 VPS 连接到 Wireguard VPN 服务器。服务器配置没问题,因为其他客户端(Windows)可以很好地使用它。
VPN 客户端 Wireguard 在 Debian 10 上运行:4.19.0-18-cloud-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linuxwireguard-tools v1.0.20210223
VPN客户端配置:
/etc/wireguard# cat wg1.conf
[Interface]
Address = 10.10.10.11/24
DNS = 1.1.1.2
PrivateKey = XXXXXXXX
[Peer]
PublicKey = YYYYYYYY
AllowedIPs = 10.10.10.1/24
Endpoint = 169.1.1.2:51820 # real ip is masked
PersistentKeepalive = 25
客户端工作组输出:
Client # wg
interface: wg1
public key: YYYYYYYY
private key: (hidden)
listening port: 52855
peer: TTTTTTTTTTTTTTTTT
endpoint: 169.1.1.2:51820
allowed ips: 10.10.10.0/24
latest handshake: 4 seconds ago
transfer: 92 B received, 180 B sent
persistent keepalive: every 25 seconds
Client # ip route
default via 169.1.1.1 dev eth0
10.10.10.0/24 dev wg1 proto kernel scope link src 10.10.10.11
169.1.1.1 dev eth0 scope link
Client # traceroute 10.10.10.1
traceroute to 10.10.10.1 (10.10.10.1), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
服务器配置:
cat wg0.conf
[Interface]
Address = 10.10.10.1/24
SaveConfig = true
ListenPort = 51820
PrivateKey = BBBBBBBBBBBBBBBBBBBBB
[Peer]
PublicKey = YYYYYYYY
AllowedIPs = 10.10.10.11/32
Server: # wg
interface: wg0
public key: TTTTTTTTTTTTTTTTT
private key: (hidden)
listening port: 51820
peer: YYYYYYYY
endpoint: 169.1.1.1:52855
allowed ips: 10.10.10.11/32
latest handshake: 36 seconds ago
transfer: 6.94 KiB received, 7.41 KiB sent
我做错了什么?问题仅适用于 Debian 10 VPS 作为wireguard 客户端。即使路由和 iptables 允许,我也无法 ping 服务器 wg 接口。看起来 Wireguard 可以工作,但不转发流量?我应该检查什么来解决它?
答案1
我设法解决它。 iptables 规则中有拼写错误,而不是 wg0,而是 wg1 接受......抱歉打扰,希望这些能为其他人留下。