我有一个服务器(10.42.0.1)和一个客户端(10.42.0.2),两者都有wg
。我已使用命令配置两者wg
,以便它们能够相互通信。
客户wg
:
interface: wg0
public key: abc123=
private key: (hidden)
listening port: 51820
peer: xyz987=
endpoint: 15.14.13.12:51820
allowed ips: 10.42.0.0/24
transfer: 0 B received, 7.37 KiB sent
服务器wg
:
interface: wg0
public key: xyz987=
private key: (hidden)
listening port: 51820
peer: abc123=
allowed ips: 10.42.0.0/24
但是(您可能已经看到了),我的服务器完全不知道我的客户端在做什么。从客户端 ping 并tcpdump -i wg0
在服务器上运行不会记录任何流量。
客户ping
:
PING 10.42.0.1 (10.42.0.1) 56(84) bytes of data.
^C
--- 10.42.0.1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4046ms
服务器tcpdump -i wg0
:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg0, link-type RAW (Raw IP), capture size 262144 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel
尝试从服务器 ping 客户端会导致出现这种情况ping: sendmsg: Destination address required
,但这是预料之中的,因为没有为客户端指定端点。
防火墙不应该妨碍,也就是说,我不是这方面的专家iptables
。
服务器iptables -L
:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我知道打开服务器上的所有端口很危险,但当我能让 WireGuard 正常工作时,我会修复它。我希望修复我的问题的方法是我正在研究的简单方法,但我已经尝试了谷歌机器提供的所有方法,但都没有用。