分支:master 提交:4032a55c80f25b51419180eda93f44d579ab79e9 作者:4s3ti 日期:2023 年 3 月 29 日星期三 14:54:19 +0200 摘要:文档(问题):删除旧的 markdown 模板

tag-icon tag-icon port-forwarding proxmox lxc wireguard
分支:master 提交:4032a55c80f25b51419180eda93f44d579ab79e9 作者:4s3ti 日期:2023 年 3 月 29 日星期三 14:54:19 +0200 摘要:文档(问题):删除旧的 markdown 模板

描述问题

我无法连接任何东西。既无法连接互联网,也无法连接本地网络

预期行为

如果我的设备连接到 wireguard vpn,我希望能够浏览网页并访问连接到 wireguard vpn 的每个设备。

请描述复制该问题的步骤

在 Proxmox 主机上运行bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/wireguard.sh)"。使用 vmid 105 初始化它,并将静态内部 vmbr1 ip 初始化为 10.0.0.105/32。在iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 51280 -j DNAT --to 10.0.0.105:51820Proxmox 主机上进行端口转发添加

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

到 Proxmox 主机上的 EOF 处的 /etc/pve/lxc/105.conf chown 100000:100000 /dev/net/tun关闭 LXC 并开始添加客户端,pivpn add然后生成 qrpivpn -qr尝试连接,似乎有效,但无法到达任何东西。

附加信息:它是根服务器。每个端口都打开。vmbr0 有 eno1 从属,并且是使用公共 IP 连接到互联网,vmbr1 是内部局域网。

您是否已采取任何措施来解决您的问题?

试过了pivpn -d,没有错误

::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
Branch: master
Commit: 4032a55c80f25b51419180eda93f44d579ab79e9
Author: 4s3ti
Date: Wed Mar 29 14:54:19 2023 +0200
Summary: docs(issues): Remove old markdown template
=============================================
::::        Installation settings        ::::
PLAT=Debian
OSCN=bullseye
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
install_user=root
install_home=/root
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=1.1.1.1
pivpnDNS2=8.8.8.8
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnPERSISTENTKEEPALIVE=25
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=(git dnsutils grepcidr net-tools bsdmainutils iptables-persistent wireguard-tools qrencode linux-headers-amd64 wireguard-dkms unattended-upgrades)
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
MTU = 1420
ListenPort = 51820
### begin t ###
[Peer]
PublicKey = t_pub
PresharedKey = t_psk
AllowedIPs = 10.6.0.2/32
### end t ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = t_priv
Address = 10.6.0.2/24
DNS = 1.1.1.1, 8.8.8.8

[Peer]
PublicKey = server_pub
PresharedKey = t_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
t.conf

/etc/wireguard/keys:
server_priv
server_pub
t_priv
t_psk
t_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled 
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: WARNING: This script should have automatically masked sensitive       ::::
:::: information, however, still make sure that PrivateKey, PublicKey      ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this:                  ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe                          ::::
=============================================
::::            Debug complete           ::::
::: 
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::

已执行:WireGuard,使用 sudo systemctl restart wg-quick@wg0 重新启动服务器。运行 lsmod | grep wireguard 并确认至少获得此输出(数字无关紧要)。结果:

root@wireguard:~# systemctl restart wg-quick@wg0
root@wireguard:~# lsmod | grep wireguard
wireguard              94208  0
curve25519_x86_64      36864  1 wireguard
libchacha20poly1305    16384  1 wireguard
libcurve25519_generic    49152  2 curve25519_x86_64,wireguard
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             24576  1 wireguard

操作:检查接口 IPv4dev 的当前 IP 地址是否与 IPv4addr 相同。您可以使用 ip -f inet address show IPv4dev 查看当前 IP。结果:

root@wireguard:~# ip -f inet address show eth0
2: eth0@if63: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link-netnsid 0
    inet 10.0.0.105/32 brd 10.0.0.105 scope global eth0
       valid_lft forever preferred_lft forever

我也尝试在这里使用 10.0.0.105/24 cidr 设置 lxc,但没有成功。

已完成:检查您连接的当前公共 IP 是否与 pivpnHOST 相同。要检查当前公共 IP,请执行以下操作:curl -shttps://checkip.amazonaws.com.结果: true

执行:在 proxmox 主机捕获数据包结果:

root@PXHOST ~ # tcpdump -n -i eno1 udp port 51820
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:24:37.247653 IP PUBLIC_IP_FROM_DEVICE.23135 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:42.407118 IP PUBLIC_IP_FROM_DEVICE.24914 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:47.408793 IP PUBLIC_IP_FROM_DEVICE.3965 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:52.417794 IP PUBLIC_IP_FROM_DEVICE.15818 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:57.427425 IP PUBLIC_IP_FROM_DEVICE.25774 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:02.427643 IP PUBLIC_IP_FROM_DEVICE.10110 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:07.436955 IP PUBLIC_IP_FROM_DEVICE.14914 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:12.448197 IP PUBLIC_IP_FROM_DEVICE.29891 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:17.440071 IP PUBLIC_IP_FROM_DEVICE.7570 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:22.460508 IP PUBLIC_IP_FROM_DEVICE.21590 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148

尝试编辑 /etc/wireguard/wg0.conf 并添加 postup 和 postdown 规则,重启机器重新连接设备 PostUp : iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown:iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE 结果:没有连接到互联网也没有连接到本地网络

截图

没有反应

您在哪里运行 pivpn?

Proxmox LXC 容器

请提供您的输出uname -a

主持人:

Linux PXHOST 5.19.17-2-pve #1 SMP PREEMPT_DYNAMIC PVE 5.19.17-2 (Sat, 28 Jan 2023 16:40:25  x86_64 GNU/Linux

龙芯科技:

Linux wireguard 5.19.17-2-pve #1 SMP PREEMPT_DYNAMIC PVE 5.19.17-2 (Sat, 28 Jan 2023 16:40:25  x86_64 GNU/Linux

操作系统详情

主持人:

cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

龙芯科技:

root@wireguard:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

安装

✓ Started LXC Container
+ '[' debian == alpine ']'
++ wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/install/wireguard-install.sh
+ lxc-attach -n 105 -- bash -c '#!/usr/bin/env bash

# Copyright (c) 2021-2023 tteck
# Author: tteck (tteckster)
# License: MIT
# https://github.com/tteck/Proxmox/raw/main/LICENSE


Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ apt-get autoclean
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
+ msg_ok Cleaned
+ local msg=Cleaned
+ echo -e '\r\033[K \033[1;92m✓\033[m \033[1;92mCleaned\033[m'
 ✓ Cleaned
+ description
++ pct exec 105 ip a s dev eth0
++ awk '/inet / {print $2}'
++ cut -d/ -f1
+ IP=10.0.0.105
+ pct set 105 -description '# Wireguard LXC
  ### https://tteck.github.io/Proxmox/
  <a href='\''https://ko-fi.com/D1D7EP4GF'\''><img src='\''https://img.shields.io/badge/☕-Buy me a coffee-red'\'' /></a>'
+ msg_ok 'Completed Successfully!\n'
+ local 'msg=Completed Successfully!\n'
+ echo -e '\r\033[K \033[1;92m✓\033[m \033[1;92mCompleted Successfully!\n\033[m'
 ✓ Completed Successfully!```

### Profile / Client creation

pivpn add
Enter a Name for the Client: t
::: Client Keys generated
::: Client config generated
::: Updated server config
::: WireGuard reloaded
======================================================================
::: Done! t.conf successfully created!
::: t.conf was copied to /root/configs for easytransfer.
::: Please use this profile only on one device and create additional
::: profiles for other devices. You can also use pivpn -qr
::: to generate a QR Code you can scan with the mobile app.
======================================================================

### Debug output


::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::

分支:master 提交:4032a55c80f25b51419180eda93f44d579ab79e9 作者:4s3ti 日期:2023 年 3 月 29 日星期三 14:54:19 +0200 摘要:文档(问题):删除旧的 markdown 模板

:::: 安装设置 :::: PLAT=Debian OSCN=bullseye USING_UFW=0 pivpnforceipv6route=1 IPv4dev=eth0 install_user=root install_home=/root VPN=wireguard pivpnPORT=51820 pivpnDNS1=1.1.1.1 pivpnDNS2=8.8.8.8 pivpnHOST=REDACTED INPUT_CHAIN_EDITED=0 FORWARD_CHAIN_EDITED=0 INPUT_CHAIN_EDITEDv6= FORWARD_CHAIN_EDITEDv6= pivpnPROTO=udp pivpnMTU=1420 pivpnPERSISTENTKEEPALIVE=25 pivpnDEV=wg0 pivpnNET=10.6.0.0 subnetClass=24 pivpnenableipv6=0 ALLOWED_IPS="0.0.0.0/0,::0/0" UNATTUPG=1 INSTALLED_PACKAGES=(git dnsutils grepcidr net-tools bsdmainutils iptables-persistent wireguard-tools qrencode linux-headers-amd64 wireguard-dkms 无人值守升级)

:::: 服务器配置如下所示 :::: [接口] PrivateKey = server_priv Address = 10.6.0.1/24 MTU = 1420 ListenPort = 51820

开始

[Peer] PublicKey = t_pub PresharedKey = t_psk AllowedIPs = 10.6.0.2/32

结束

================================================ :::: 客户端配置如下所示 :::: [接口] PrivateKey = t_priv 地址 = 10.6.0.2/24 DNS = 1.1.1.1, 8.8.8.8

[Peer] PublicKey = server_pub PresharedKey = t_psk Endpoint = REDACTED:51820 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25

:::: :::: /etc/wireguard 中的文件递归列表如下所示 :::: /etc/wireguard: configs keys wg0.conf

/etc/wireguard/configs:客户端.txt t.conf

/etc/wireguard/keys:服务器_priv 服务器_pub t_priv t_psk t_pub

:::: 自我检查 :::: :: [OK] IP 转发已启用 :: [OK] Iptables MASQUERADE 规则设置 :: [OK] WireGuard 正在运行 :: [OK] WireGuard 已启用(它将在重启时自动启动) :: [OK] WireGuard 正在监听端口 51820/udp

:::: 连接有问题?查看常见问题解答: ::::https://docs.pivpn.io/faq

:::: 警告:此脚本应自动屏蔽敏感的 :::: :::: 信息,但在报告问题之前,仍需确保 PrivateKey、PublicKey :::: :::: 和 PresharedKey 已屏蔽。您不应在此日志中看到的示例密钥 :::: :::: 如下所示: :::: :::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::

:::: 调试完成 :::: ::: ::: 以上调试输出完成。 ::: 复制已保存到 /tmp/debug.log :::

相关内容