我在基于云的虚拟机上的容器中运行了 wireguard。我可以在虚拟机和容器中的以太网接口上看到 udp 流量。
但是当启用 wireguard 接口时,尝试连接到该接口的客户端没有流量。
相关信息:
客户端(家庭网络上的虚拟机):
结果wg:
interface: wg0
public key: gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=
private key: (hidden)
listening port: 45821
fwmark: 0xca6c
peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
endpoint: redactedIPv4:51820
allowed ips: 0.0.0.0/0
transfer: 0 B received, 21.97 KiB sent
wg0.conf在客户端上
[Interface]
PrivateKey = redacted
Address = 10.13.13.100
DNS = 10.13.0.1
[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 0.0.0.0/0
Endpoint = redactedIPv4:51820
运行容器的基于云的虚拟机
结果docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
885feaa34c1d cr.cclloyd.com/cclloyd/wgtest:latest "/s6-init" About an hour ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:51820->51820/udp, :::51820->51820/udp wgtest
容器
命令结果wg:
interface: IdQUQ527
public key: 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=
private key: (hidden)
listening port: 51820
peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
allowed ips: 10.13.13.100/32
容器内配置:
[Interface]
Address = 10.13.0.1/16
ListenPort = 51820
PrivateKey = redacted
[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 10.13.13.100/32
结果tcpdump -n udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:09:33.014069 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:38.292409 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:43.412137 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
答案1
您的密钥不匹配。[Peer]客户端配置部分需要使用服务器的公钥进行配置:
[Peer]
PublicKey = 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=
并且[Peer]服务器配置部分需要配置客户端的公钥:
[Peer]
PublicKey = gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=