Wireguard 对等端在连接后丢失 VPN IP 地址,但仍保持与 VPN 服务器的连接,并且可以在 Ubuntu Server 上 ping 服务器 IP。如何修复?

tag-icon tag-icon ubuntu wireguard ubuntu-22.04 vpn-client
Wireguard 对等端在连接后丢失 VPN IP 地址,但仍保持与 VPN 服务器的连接,并且可以在 Ubuntu Server 上 ping 服务器 IP。如何修复?

我正在通过 Wireguard VPN(作为 VPN 客户端)将 Ubuntu 22.04 Web 服务器隧道传输到另一台 Ubuntu 22.04 服务器作为 Wireguard VPN 主机(服务器)。我已完全按照以下设置了客户端/服务器这些说明来自 Linuxbabe在 WG 服务器上启用端口转发和伪装。我还在 WG 客户端上运行非绑定 DNS。我的 WG 客户端和 WG 服务器都运行 Ubuntu 22.04。

当我使用和连接我的 VPN 客户端时,我的客户端成功连接到 wireguard 服务器。sudo systemctl start [email protected]sudo systemctl enable [email protected]

连接到隧道时10.10.10.1是 VPN 服务器的私有 IP 地址,10.10.10.2是 VPN 客户端的私有 IP 地址。我可以10.10.10.1从客户端成功 ping 通,表明 VPN 连接成功。

然后我curl https://icanhazip.com在 wireguard 客户端上运行,它成功显示我正在使用 Wireguard 服务器的 IP 地址。太棒了!对吧?嗯,不完全是。

大约一分钟后,Wireguard 客户端就会丢失服务器的 IP 地址。成功连接到隧道一分钟后,我再次尝试该命令curl https://icanhazip.com,它现在返回的是我家的公共 IP 地址,而不是 wireguard 服务器的 IP 地址。

但是,尽管我使用的是家庭 IP 地址,但似乎仍然以某种方式连接到 WG 服务器,因为当我运行命令时,它返回以下内容:systemctl status [email protected]

[email protected] - WireGuard via wg-quick(8) for wg/client0
     Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: enabled)
     Active: active (exited) since Thu 2024-03-14 22:12:48 CDT; 17min ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 11681 ExecStart=/usr/bin/wg-quick up wg-client0 (code=exited, status=0/SUCCESS)
   Main PID: 11681 (code=exited, status=0/SUCCESS)
        CPU: 364ms

此外,ping 10.10.10.1在我注意到我的 IP 地址使用的是我的家庭 IP 后, a 仍然成功。因此,不知何故,我的 WG 客户端正在连接到 WG 服务器,但没有使用 WG 服务器的 IP 地址。

以下是 WG 客户端上的 Wireguard 日志:

sudo dmesg -wH | grep wireguard
[  +4.964216] wireguard: wg-client0: Keypair 56 destroyed for peer 6
[  +0.000031] wireguard: wg-client0: Keypair 57 destroyed for peer 6
[  +0.145173] wireguard: wg-client0: Peer 6 (123.45.678.9:51820) destroyed
[  +0.048057] wireguard: wg-client0: Interface destroyed
[  +2.575997] wireguard: wg-client0: Interface created
[  +0.022138] wireguard: wg-client0: Peer 7 created
[  +0.040251] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000055] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.054499] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000047] wireguard: wg-client0: Keypair 58 created for peer 7
[  +2.921467] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.036876] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000068] wireguard: wg-client0: Keypair 59 created for peer 7
[  +0.000038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.844707] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +5.255566] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.426967] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.017808] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000070] wireguard: wg-client0: Keypair 58 destroyed for peer 7
[  +0.000021] wireguard: wg-client0: Keypair 60 created for peer 7
[  +0.000033] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.643183] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +1.076531] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.694589] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000355] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.040759] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000061] wireguard: wg-client0: Keypair 59 destroyed for peer 7
[  +0.000021] wireguard: wg-client0: Keypair 61 created for peer 7
[  +0.000031] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.597413] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.753398] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000386] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.019951] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000053] wireguard: wg-client0: Keypair 60 destroyed for peer 7
[  +0.000020] wireguard: wg-client0: Keypair 62 created for peer 7
[  +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +5.165602] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.296682] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.000218] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.026552] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000048] wireguard: wg-client0: Keypair 61 destroyed for peer 7
[  +0.000015] wireguard: wg-client0: Keypair 63 created for peer 7
[  +0.000023] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.707453] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +2.242105] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.736789] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.018656] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000055] wireguard: wg-client0: Keypair 62 destroyed for peer 7
[  +0.000017] wireguard: wg-client0: Keypair 64 created for peer 7
[  +0.000028] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +3.992663] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.736520] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.006477] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000041] wireguard: wg-client0: Keypair 63 destroyed for peer 7
[  +0.000013] wireguard: wg-client0: Keypair 65 created for peer 7
[  +0.000020] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.557038] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.711950] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +0.737920] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.007975] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000059] wireguard: wg-client0: Keypair 64 destroyed for peer 7
[  +0.000021] wireguard: wg-client0: Keypair 66 created for peer 7
[  +0.000030] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.865521] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.251146] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +1.737488] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.008468] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000055] wireguard: wg-client0: Keypair 65 destroyed for peer 7
[  +0.000019] wireguard: wg-client0: Keypair 67 created for peer 7
[  +0.000025] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.406383] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.561784] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +1.734768] wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
[  +0.008146] wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
[  +0.000075] wireguard: wg-client0: Keypair 66 destroyed for peer 7
[  +0.000025] wireguard: wg-client0: Keypair 68 created for peer 7
[  +0.000036] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
[  +4.717223] wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)

sudo journalctl -kf | grep wireguard

Mar 14 22:34:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 67 destroyed for peer 7
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Keypair 69 created for peer 7
Mar 14 22:35:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:35:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:36:59 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending handshake initiation to peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Receiving handshake response from peer 7 (123.45.678.9:51820)
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 68 destroyed for peer 7
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Keypair 70 created for peer 7
Mar 14 22:37:04 mail.example.com kernel: wireguard: wg-client0: Sending keepalive packet to peer 7 (123.45.678.9:51820)

这是我启动 wireguard 客户端后的系统日志:

Mar 15 14:32:19 mail systemd[1]: Starting WireGuard via wg-quick(8) for wg/client0...
Mar 15 14:32:19 mail wg-quick[18019]: [#] ip link add wg-client0 type wireguard
Mar 15 14:32:19 mail wg-quick[18019]: [#] wg setconf wg-client0 /dev/fd/63
Mar 15 14:32:19 mail networkd-dispatcher[1125]: WARNING:Unknown index 24 seen, reloading interface list
Mar 15 14:32:19 mail systemd-udevd[18030]: Using default interface naming scheme 'v249'.
Mar 15 14:32:19 mail NetworkManager[1121]: <info>  [1710531139.4647] manager: (wg-client0): new WireGuard device (/org/freedesktop/NetworkManager/Devices/24)
Mar 15 14:32:19 mail wg-quick[18019]: [#] ip -4 address add 10.10.10.2/24 dev wg-client0
Mar 15 14:32:19 mail wg-quick[18019]: [#] ip link set mtu 1420 up dev wg-client0
Mar 15 14:32:19 mail systemd-networkd[1075]: wg-client0: Link UP
Mar 15 14:32:19 mail systemd-networkd[1075]: wg-client0: Gained carrier
Mar 15 14:32:19 mail wg-quick[18049]: [#] resolvconf -a tun.wg-client0 -m 0 -x
Mar 15 14:32:19 mail wg-quick[18019]: [#] wg set wg-client0 fwmark 51820
Mar 15 14:32:19 mail wg-quick[18019]: [#] ip -4 route add 0.0.0.0/0 dev wg-client0 table 51820
Mar 15 14:32:19 mail wg-quick[18019]: [#] ip -4 rule add not fwmark 51820 table 51820
Mar 15 14:32:19 mail wg-quick[18019]: [#] ip -4 rule add table main suppress_prefixlength 0
Mar 15 14:32:19 mail wg-quick[18019]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
Mar 15 14:32:19 mail wg-quick[18076]: [#] iptables-restore -n
Mar 15 14:32:19 mail systemd[1]: Finished WireGuard via wg-quick(8) for wg/client0.
Mar 15 14:34:01 mail CRON[18302]: (root) CMD (for ((i=1; i<=6; i++)) do (ping -c9 10.10.10.1 > /dev/null || systemctl restart [email protected]) done )
Mar 15 14:35:13 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Mar 15 14:35:13 mail systemd[1]: Starting Hostname Service...
Mar 15 14:35:13 mail dbus-daemon[1120]: [system] Successfully activated service 'org.freedesktop.hostname1'
Mar 15 14:35:13 mail systemd[1]: Started Hostname Service.
Mar 15 14:35:17 mail systemd-networkd[1075]: wlan0: Connected WiFi access point: 'danswifi' (61:39:a0:c3:d1:a2)
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: Associated with 61:39:a0:c3:d1:a2
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-CONNECTED - Connection to 61:39:a0:c3:d1:a2 completed [id=0 id_str=]
Mar 15 14:35:17 mail wpa_supplicant[10176]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0

这是我的 Netplan 配置/etc/netplan/Ethernet+WiFi.yaml

network:
  ethernets:
    eth0:
      dhcp4: true
      dhcp4-overrides:
        route-metric: 100
      optional: true
  renderer: networkd
  version: 2
  wifis:
    renderer: networkd
    wlan0:
      access-points:
        1Jerk:
          password: *********************************************************
      dhcp4: true
      dhcp4-overrides:
        route-metric: 200
      optional: true

有人能帮我弄清楚为什么我的 WG 客户端不断丢失其 VPN IP 地址,但仍然以某种方式连接到 WG 服务器吗?你能帮我解决这个问题,以便 WG 客户端的 IP 地址始终是 WG 服务器的 IP 地址吗?

我在这里很无知,在日志中看不到太多信息。

答案1

syslog 中的最后一行是 WiFi 的 dhcp 事件。WiFi 正在覆盖路由,因此断开了通过以太网连接的 vpn 连接。因此,解决方案是禁用 WiFi。您可以使用 rfkill 来执行此操作。

sudo apt install rfkill

sudo rfkill block wifi

一旦您的 WiFi 关闭,它将停止拦截您的以太网连接,并且您的 VPN 现在可以正常工作而无需断开连接。

相关内容