配置 WireGuard 和 KeepAlived 后,VIP 会在 VPN 之间切换。VPS 之间的地址为 10.0.0.X,但当我尝试通过 VIP 联系时,出现错误。ChatGPT 建议将每个对等点添加到 AllowedIPs
但是当我这样做时,这个地址只会分配给一个对等方。
# cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
PrivateKey = xxx
ListenPort = 51820
[Peer]
PublicKey = xxx
AllowedIPs = 10.0.0.2/32, 10.0.0.100/32
Endpoint = 161.97.128.186:51820
[Peer]
PublicKey = xxx
AllowedIPs = 10.0.0.3/32, 10.0.0.100/32
Endpoint = 91.229.245.198:51820
After restart
# sudo wg
interface: wg0
public key: xxx
private key: (hidden)
listening port: 51820
peer: xxx
endpoint: 91.229.245.198:51820
allowed ips: 10.0.0.3/32, 10.0.0.100/32
latest handshake: 8 seconds ago
transfer: 3.29 KiB received, 4.41 KiB sent
peer: xxx
endpoint: 161.97.128.186:51820
allowed ips: 10.0.0.2/32
latest handshake: 12 seconds ago
transfer: 1.11 MiB received, 1.35 MiB sent
VIP 地址最终只分配给了一个对等体
当 KeepAlived 将 VIP 分配给 VPS1 时,当我尝试从 VPS 2 或 3 进行 ping 时,出现错误
# ping 10.0.0.100
PING 10.0.0.100 (10.0.0.100) 56(84) bytes of data.
From 10.0.0.3 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.0.3 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Required key not available
From 10.0.0.3 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Required key not available
--- 10.0.0.100 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2047ms
有了这个建议,当在一个点上指定 VIP 时,如果当时 VIP 与他在一起,那么就会与它建立连接。
在我上面指出的例子中,地址 10.0.0.100/32 位于 VPS3,如果 VIP 在那里,那么从 VPS1 就会有到它的连接,但如果它转到 VPS2,那么我将无法通过 VIP 从 VPS1 连接到 VPS 2
下面我将给出我的没有chatGPT建议的标准配置
VPS 1 配置 keepalived
# cat /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface wg0
virtual_router_id 51
priority 101
advert_int 1
unicast_src_ip 10.0.0.1
unicast_peer {
10.0.0.2
10.0.0.3
}
authentication {
auth_type PASS
auth_pass vTrHveEXSnoIo5NE
}
virtual_ipaddress {
10.0.0.100
}
}
WireGuard 会议 VPS1
# cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
PrivateKey = xxx
ListenPort = 51820
[Peer]
PublicKey = xxx
AllowedIPs = 10.0.0.2/32
Endpoint = 161.97.128.186:51820
[Peer]
PublicKey = xxx
AllowedIPs = 10.0.0.3/32
Endpoint = 91.229.245.198:51820
VPS1:
# sudo wg
interface: wg0
public key: xxx
private key: (hidden)
listening port: 51820
peer: xxx
endpoint: 91.229.245.198:51820
allowed ips: 10.0.0.3/32
latest handshake: 8 seconds ago
transfer: 3.29 KiB received, 4.41 KiB sent
peer: xxx
endpoint: 161.97.128.186:51820
allowed ips: 10.0.0.2/32
latest handshake: 12 seconds ago
transfer: 1.11 MiB received, 1.35 MiB sent
VPS2:
interface: wg0
public key: xxx
private key: (hidden)
listening port: 51820
peer: xxx
endpoint: 38.242.222.170:51820
allowed ips: 10.0.0.1/32
latest handshake: 19 seconds ago
transfer: 25.32 KiB received, 18.43 KiB sent
peer: xxx
endpoint: 91.229.245.198:51820
allowed ips: 10.0.0.3/32
latest handshake: 35 seconds ago
transfer: 252.19 KiB received, 350.48 KiB sent
VPS3:
interface: wg0
public key: xxx
private key: (hidden)
listening port: 51820
peer: xxx
endpoint: 38.242.222.170:51820
allowed ips: 10.0.0.1/32
latest handshake: 1 minute, 18 seconds ago
transfer: 2.00 MiB received, 1.66 MiB sent
peer: xxx
endpoint: 161.97.128.186:51820
allowed ips: 10.0.0.2/32
latest handshake: 1 minute, 26 seconds ago
transfer: 489.45 KiB received, 273.22 KiB sent
在所有 VPS 上运行 keepalived
VPS1
# ip addr show wg0
8: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.0.0.1/24 scope global wg0
valid_lft forever preferred_lft forever
inet 10.0.0.100/32 scope global wg0
valid_lft forever preferred_lft forever
当 VPS 1 停止时,它会转到 VPS2,等等。
我正在寻找见解或解决方案,以确保在 WireGuard 设置中所有已配置的 VPS 上都能一致地识别和访问 VIP。如果您能就出现这种差异的原因以及如何解决它提出任何建议,我将不胜感激。