Wireguard 网络问题

Wireguard 网络问题

我遇到了一些 wireguard 网络问题,希望你们能帮助我。我的目标是构建一个端到端 vpn。为此,我有主机 A(公共)和主机 B(私有)。以下是我创建隧道的配置。到目前为止,我可以像这样从每一端 ping 到另一端:从 10.2.0.2 到 10.2.0.1 以及从 10.2.0.2 到 10.2.0.1。但是当我尝试从 10.2.0.1 ping 到 10.0.0.1 时,我得到了ping: sendto: No error information响应。防火墙不应该docker-compose.yml是一个问题,并且路由也应该在服务器上的文件中正确配置。

任何帮助深表感谢!

主机A(服务器):(IP:${WG_PUBLIC_HOST})

services:
    wireguard:
        image: weejewel/wg-easy
        container_name: wireguard
        restart: unless-stopped
        user: 0:1000
        ports:
            - ${WG_PUBLIC_PORT}:51820/udp
        environment:
            WG_HOST: ${WG_PUBLIC_HOST}
            WG_PORT: ${WG_PUBLIC_PORT}
            WG_DEFAULT_ADDRESS: 10.2.0.x
            WG_DEFAULT_DNS: 1.1.1.1
            WG_ALLOWED_IPS: 0.0.0.0/24
            WG_POST_UP: ip route add 10.0.0.0/24 via 10.2.0.2;
            WG_POST_DOWN: ip route del 10.0.0.0/24;
            PASSWORD: ${WG_PASSWORD}
        volumes:
            - ./wireguard:/etc/wireguard
        sysctls:
            net.ipv4.conf.all.src_valid_mark: 1
            net.ipv4.ip_forward: 1
        cap_add:
            - NET_ADMIN
            - SYS_MODULE
# ./wireguard/wg0.conf
[Interface]
PrivateKey = <secret>
Address = 10.2.0.1/24
ListenPort = 51820
PostUp = ip route add 10.0.0.0/24 via 10.2.0.2;
PostDown = ip route del 10.0.0.0/24;

# Client: host B (b2448b52-2f3b-4141-a20d-b91a8fa0d6c6)
[Peer]
PublicKey = <secret>
PresharedKey = <secret>

主机B(客户端):(IP: 10.0.0.3)

# docker-compose.yml
services:
    wireguard:
        image: linuxserver/wireguard
        container_name: wireguard
        restart: unless-stopped
        volumes:
            - ./wireguard:/config
            - /lib/modules:/lib/modules:ro
        environment:
            PUID: 1000
            PGID: 1000
        networks:
            - wireguard
        cap_add:
            - NET_ADMIN
            - SYS_MODULE
        sysctls:
            net.ipv4.conf.all.src_valid_mark: 1
networks:
    wireguard:
        ipam:
            config:
                - subnet: 10.3.0.0/24
# ./wireguard/wg0.conf
[Interface]
PrivateKey = <secret>
Address = 10.2.0.2/24
DNS = 1.1.1.1

[Peer]
PublicKey = <secret>
PresharedKey = <secret>
AllowedIPs = 10.2.0.0/24
PersistentKeepalive = 25
Endpoint = ${WG_PUBLIC_HOST}:${WG_PUBLIC_PORT}

相关内容