我遇到了一些 wireguard 网络问题,希望你们能帮助我。我的目标是构建一个端到端 vpn。为此,我有主机 A(公共)和主机 B(私有)。以下是我创建隧道的配置。到目前为止,我可以像这样从每一端 ping 到另一端:从 10.2.0.2 到 10.2.0.1 以及从 10.2.0.2 到 10.2.0.1。但是当我尝试从 10.2.0.1 ping 到 10.0.0.1 时,我得到了ping: sendto: No error information响应。防火墙不应该docker-compose.yml是一个问题,并且路由也应该在服务器上的文件中正确配置。
任何帮助深表感谢!
主机A(服务器):(IP:${WG_PUBLIC_HOST})
services:
wireguard:
image: weejewel/wg-easy
container_name: wireguard
restart: unless-stopped
user: 0:1000
ports:
- ${WG_PUBLIC_PORT}:51820/udp
environment:
WG_HOST: ${WG_PUBLIC_HOST}
WG_PORT: ${WG_PUBLIC_PORT}
WG_DEFAULT_ADDRESS: 10.2.0.x
WG_DEFAULT_DNS: 1.1.1.1
WG_ALLOWED_IPS: 0.0.0.0/24
WG_POST_UP: ip route add 10.0.0.0/24 via 10.2.0.2;
WG_POST_DOWN: ip route del 10.0.0.0/24;
PASSWORD: ${WG_PASSWORD}
volumes:
- ./wireguard:/etc/wireguard
sysctls:
net.ipv4.conf.all.src_valid_mark: 1
net.ipv4.ip_forward: 1
cap_add:
- NET_ADMIN
- SYS_MODULE
# ./wireguard/wg0.conf
[Interface]
PrivateKey = <secret>
Address = 10.2.0.1/24
ListenPort = 51820
PostUp = ip route add 10.0.0.0/24 via 10.2.0.2;
PostDown = ip route del 10.0.0.0/24;
# Client: host B (b2448b52-2f3b-4141-a20d-b91a8fa0d6c6)
[Peer]
PublicKey = <secret>
PresharedKey = <secret>
主机B(客户端):(IP: 10.0.0.3)
# docker-compose.yml
services:
wireguard:
image: linuxserver/wireguard
container_name: wireguard
restart: unless-stopped
volumes:
- ./wireguard:/config
- /lib/modules:/lib/modules:ro
environment:
PUID: 1000
PGID: 1000
networks:
- wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
net.ipv4.conf.all.src_valid_mark: 1
networks:
wireguard:
ipam:
config:
- subnet: 10.3.0.0/24
# ./wireguard/wg0.conf
[Interface]
PrivateKey = <secret>
Address = 10.2.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = <secret>
PresharedKey = <secret>
AllowedIPs = 10.2.0.0/24
PersistentKeepalive = 25
Endpoint = ${WG_PUBLIC_HOST}:${WG_PUBLIC_PORT}