Wireguard 客户端无法在 KDE 之间建立连接

tag-icon tag-icon linux vpn firewall linux-networking wireguard
Wireguard 客户端无法在 KDE 之间建立连接

我成功地从云端的 Rocky Linux 9 服务器建立了 Wireguard VPN。目前有两个客户端:一个 Fedora 桌面和一个 Android 手机。我想解决的第一个问题是允许 KDE Con​​nect 看到这两个客户端,但现在还无法实现。

服务器配置:

[root@vpn wireguard]# cat wg0.conf 
[Interface]
Address = 10.8.0.1/24
SaveConfig = true
PostUp = firewall-cmd --zone=public --add-masquerade
PostUp = firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i wg -o eth0 -j ACCEPT
PostUp = firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE
PostDown = firewall-cmd --zone=public --remove-masquerade
PostDown = firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i wg -o eth0 -j ACCEPT
PostDown = firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = server_private_key
[Peer]
# moto_g84
PublicKey = g84_pub_key
AllowedIPs = 10.8.0.6/32
[Peer]
# d3
PublicKey = desktop_pub_key
AllowedIPs = 10.8.0.7/32

[root@vpn wireguard]# cat /etc/sysctl.d/20-wireguard.conf 
# Port Forwarding for IPv4
net.ipv4.ip_forward=1
# Port forwarding for IPv6
net.ipv6.conf.all.forwarding=1

桌面配置:

root@d3:/etc/wireguard# cat wg-client1.conf 
[Interface]
Address = 10.8.0.7/24
PrivateKey = desktop_private_key
PostUp = resolvectl dns %i 1.1.1.1 9.9.9.9; resolvectl domain %i ~.
PreDown = resolvectl revert %i
[Peer]
PublicKey = server_pub_key
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820
PersistentKeepalive = 25

移动配置:

[root@vpn wireguard]# cat ~/moto_g84.wg 
[Interface]
Address = 10.8.0.6/24
PrivateKey = mobile_private_key
DNS = 1.1.1.1
[Peer]
PublicKey = server_pub_key
AllowedIPs = 0.0.0.0/0
Endpoint = 1.2.3.4:51820
PersistentKeepalive = 25

我的家庭网络是 192.168.15.0/24

我可以从桌面(静态 IP) ping 到移动设备的家庭网络地址(dhcp),但 ping 到移动设备的 VPN 地址被过滤了:

cpn@d3:~$ ping 192.168.15.4
PING 192.168.15.4 (192.168.15.4) 56(84) bytes de dados.
64 bytes de 192.168.15.4: icmp_seq=1 ttl=64 tempo=140 ms
^C
--- 192.168.15.4 estatísticas de ping ---
1 pacotes transmitidos, 1 recebidos, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 140.194/140.194/140.194/0.000 ms
cpn@d3:~$ ping 10.8.0.6
PING 10.8.0.6 (10.8.0.6) 56(84) bytes de dados.
De 10.8.0.1 icmp_seq=1 Pacote filtrado
De 10.8.0.1 icmp_seq=2 Pacote filtrado
^C
--- 10.8.0.6 estatísticas de ping ---
2 pacotes transmitidos, 0 recebidos, +2 erros, 100% packet loss, time 1001ms

我猜测问题出在防火墙规则上。如何解决?

相关内容