对等点 13 (xxxx:51820) 的握手在 20 次尝试后未完成,放弃

tag-icon tag-icon wireguard
对等点 13 (xxxx:51820) 的握手在 20 次尝试后未完成,放弃

服务器配置:

[Interface]
Address = 10.8.0.1/24
SaveConfig = true
PostUp = ufw route allow in on wg0 out on ens3
PostUp = iptables -t nat -I POSTROUTING -o ens3 -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on ens3
PreDown = iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
ListenPort = 51820
PrivateKey = 8CMdwwULGd4dGqbYmbt+6EV2BqyVqk8FLSWuJl1Tukk=

[Peer]
PublicKey = smVxzAVHG4/feMOwmbALKxEQkPYBIwKDzjTrZbbGIBE=
AllowedIPs = 10.8.0.2/32
Endpoint = 5.34.201.5:52856

服务器防火墙:

Status: active

To                         Action      From
--                         ------      ----
8877                       ALLOW       Anywhere
22                         ALLOW       Anywhere
8080                       ALLOW       Anywhere
51820/udp                  ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
51820                      ALLOW       Anywhere
8877 (v6)                  ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
8080 (v6)                  ALLOW       Anywhere (v6)
51820/udp (v6)             ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)
51820 (v6)                 ALLOW       Anywhere (v6)

Anywhere on ens3           ALLOW FWD   Anywhere on wg0
Anywhere (v6) on ens3      ALLOW FWD   Anywhere (v6) on wg0

和服务器网络:

cat /proc/sys/net/ipv4/ip_forward
1

========================================================

现在我的对等配置:

[Interface]
PrivateKey = SLqo/o8boBWny/UFQhZ+AIolyZGtKrU7bNqsDPQg0GI=
Address = 10.8.0.2/24

PostUp = ip rule add table 200 from 5.34.201.5
PostUp = ip route add table 200 default via 5.34.200.1
PreDown = ip rule delete table 200 from 5.34.201.5
PreDown = ip route delete table 200 default via 5.34.200.1

DNS = 1.1.1.1

[Peer]
PublicKey = 4EECoZ8277EgjEAUsnSEC92uUSjXvOqpKz/+sEMizEQ=
AllowedIPs = 0.0.0.0/0
Endpoint = 95.164.44.118:51820

和对等防火墙:

Status: active

To                         Action      From
--                         ------      ----
5000                       ALLOW       Anywhere
51820                      ALLOW       Anywhere
22                         ALLOW       Anywhere
8877                       ALLOW       Anywhere
53                         ALLOW       Anywhere
47501                      ALLOW       Anywhere
51820/udp                  ALLOW       Anywhere
5000 (v6)                  ALLOW       Anywhere (v6)
51820 (v6)                 ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
8877 (v6)                  ALLOW       Anywhere (v6)
53 (v6)                    ALLOW       Anywhere (v6)
47501 (v6)                 ALLOW       Anywhere (v6)
51820/udp (v6)             ALLOW       Anywhere (v6)

和对等网络配置:

cat /proc/sys/net/ipv4/ip_forward
1

服务器和对等端都是 Ubuntu 22.04,并且双方都运行:

wg-quick up wg0

在服务器端当我启用日志时:

echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control

我几乎对 wireguard 一无所知,但是当我使用以下方式启用对等登录时:

sudo dmesg -wT

我收到了这些消息,经过 20 次尝试后,它说放弃了!

[Wed Jun 21 23:02:59 2023] wireguard: wg0: Handshake for peer 14 (95.164.44.118:51820) did not complete after 5 seconds, retrying (try 2)
[Wed Jun 21 23:02:59 2023] wireguard: wg0: Sending handshake initiation to peer 14 (95.164.44.118:51820)

我按照本指南的说明进行操作: 这里

再次检查了所有内容,并再次生成了密钥,但结果相同。有什么想法吗?提前致谢。

相关内容