我在AWS EC2实例上有一个wireguard服务器。它允许多台wireguard 客户端计算机通过ssh 成功地相互连接。
我的问题:我无法从我的笔记本电脑(家里)通过 ssh 连接到wireguard 网络(办公室)中的任何计算机。
不过,我可以
- 从wireguard网络中的任何机器通过ssh连接到我的笔记本电脑(在家)。
- 从我的笔记本电脑(在家中)对wireguard网络中的任何机器执行ping操作
非常奇怪:当我与其他机器位于同一网络中(在办公室的同一路由器后面)时,一切都按预期工作。
查看路由器设置(在办公室),我找不到与wireguard相关的任何特定端口转发,仅启用了ssh。
知道可能是什么问题吗?
难道是我的路由器阻止了wireguard 流量?
更多信息:
L 的 nmap 看起来像这样:
Nmap scan report for 11.11.2.101
Host is up (0.065s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3389/tcp open ms-wbt-server
网络中另外两台机器的 nmap:
Machine 1)
Nmap scan report for 11.11.1.1
Host is up (0.065s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
2049/tcp open nfs
Machine 2)
Nmap scan report for 11.11.1.2
Host is up (0.081s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
3389/tcp open ms-wbt-server
5900/tcp open vnc
事实上,有两个子网也可能是问题的一部分。但话又说回来:当我在同一路由器后面的 wifi 中时,它起作用了。
我是否必须在 Wifi 路由器上打开一个端口才能使 Wireguard 双向工作?如果是,这会存在安全风险吗?
更多信息:
这是 ssh -v 的输出:
ssh [email protected] -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.7, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /home/myUser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 11.11.1.1 [11.11.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/myUser/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/myUser/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.5
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 11.11.1.1:22 as 'myUser'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY