服务器配置:
[Interface]
Address = 10.8.0.1/24
SaveConfig = true
PostUp = ufw route allow in on wg0 out on ens3
PostUp = iptables -t nat -I POSTROUTING -o ens3 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on ens3
PreDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
ListenPort = 51820
PrivateKey = 8CMdwwULGd4dGqbYmbt+6EV2BqyVqk8FLSWuJl1Tukk=
[Peer]
PublicKey = smVxzAVHG4/feMOwmbALKxEQkPYBIwKDzjTrZbbGIBE=
AllowedIPs = 10.8.0.2/32
Endpoint = 5.34.201.5:52856
服务器防火墙:
Status: active
To Action From
-- ------ ----
8877 ALLOW Anywhere
22 ALLOW Anywhere
8080 ALLOW Anywhere
51820/udp ALLOW Anywhere
OpenSSH ALLOW Anywhere
51820 ALLOW Anywhere
8877 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
51820/udp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
51820 (v6) ALLOW Anywhere (v6)
Anywhere on ens3 ALLOW FWD Anywhere on wg0
Anywhere (v6) on ens3 ALLOW FWD Anywhere (v6) on wg0
和服务器网络:
cat /proc/sys/net/ipv4/ip_forward
1
========================================================
现在我的对等配置:
[Interface]
PrivateKey = SLqo/o8boBWny/UFQhZ+AIolyZGtKrU7bNqsDPQg0GI=
Address = 10.8.0.2/24
PostUp = ip rule add table 200 from 5.34.201.5
PostUp = ip route add table 200 default via 5.34.200.1
PreDown = ip rule delete table 200 from 5.34.201.5
PreDown = ip route delete table 200 default via 5.34.200.1
DNS = 1.1.1.1
[Peer]
PublicKey = 4EECoZ8277EgjEAUsnSEC92uUSjXvOqpKz/+sEMizEQ=
AllowedIPs = 0.0.0.0/0
Endpoint = 95.164.44.118:51820
和对等防火墙:
Status: active
To Action From
-- ------ ----
5000 ALLOW Anywhere
51820 ALLOW Anywhere
22 ALLOW Anywhere
8877 ALLOW Anywhere
53 ALLOW Anywhere
47501 ALLOW Anywhere
51820/udp ALLOW Anywhere
5000 (v6) ALLOW Anywhere (v6)
51820 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
8877 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
47501 (v6) ALLOW Anywhere (v6)
51820/udp (v6) ALLOW Anywhere (v6)
和对等网络配置:
cat /proc/sys/net/ipv4/ip_forward
1
服务器和对等端都是 Ubuntu 22.04,并且双方都运行:
wg-quick up wg0
在服务器端当我启用日志时:
echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control
我几乎对 wireguard 一无所知,但是当我使用以下方式启用对等登录时:
sudo dmesg -wT
我收到了这些消息,经过 20 次尝试后,它说放弃了!
[Wed Jun 21 23:02:59 2023] wireguard: wg0: Handshake for peer 14 (95.164.44.118:51820) did not complete after 5 seconds, retrying (try 2)
[Wed Jun 21 23:02:59 2023] wireguard: wg0: Sending handshake initiation to peer 14 (95.164.44.118:51820)
我按照本指南的说明进行操作: 这里
再次检查了所有内容,并再次生成了密钥,但结果相同。有什么想法吗?提前致谢。