相关信息:

相关信息:

我在基于云的虚拟机上的容器中运行了 wireguard。我可以在虚拟机和容器中的以太网接口上看到 udp 流量。

但是当启用 wireguard 接口时,尝试连接到该接口的客户端没有流量。

相关信息:

客户端(家庭网络上的虚拟机):

结果wg

interface: wg0
  public key: gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=
  private key: (hidden)
  listening port: 45821
  fwmark: 0xca6c

peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
  endpoint: redactedIPv4:51820
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 21.97 KiB sent

wg0.conf在客户端上

[Interface]
PrivateKey = redacted
Address = 10.13.13.100
DNS = 10.13.0.1

[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 0.0.0.0/0
Endpoint = redactedIPv4:51820

运行容器的基于云的虚拟机

结果docker ps -a

CONTAINER ID   IMAGE                                  COMMAND      CREATED             STATUS                       PORTS           NAMES
885feaa34c1d   cr.cclloyd.com/cclloyd/wgtest:latest   "/s6-init"   About an hour ago   Up About an hour (healthy)   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:51820->51820/udp, :::51820->51820/udp   wgtest

容器

命令结果wg

interface: IdQUQ527
  public key: 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=
  private key: (hidden)
  listening port: 51820

peer: OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
  allowed ips: 10.13.13.100/32

容器内配置:

[Interface]
Address = 10.13.0.1/16
ListenPort = 51820
PrivateKey = redacted


[Peer]
PublicKey = OEPlqXd3gOzbQhnAA0lZkLZ+/cf365JRlVUAaxoX6Ug=
AllowedIPs = 10.13.13.100/32

结果tcpdump -n udp

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:09:33.014069 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:38.292409 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148
22:09:43.412137 IP redacted.10717 > 172.21.0.2.51820: UDP, length 148

答案1

您的密钥不匹配。[Peer]客户端配置部分需要使用服务器的公钥进行配置:

[Peer]
PublicKey = 1uhRlqmJCqVrxJkx2BUon3gu5w4lUZmE9z7vP4vafzk=

并且[Peer]服务器配置部分需要配置客户端的公钥:

[Peer]
PublicKey = gDOtdK3Fim9fSBZWss7tfCsCsIgr5wrAwpszkyNjuQE=

相关内容