Wireguard 未將流量路由回

tag-icon tag-icon ubuntu routing wireguard
Wireguard 未將流量路由回

我有 2 台 Ubuntu 伺服器,上面安裝了wireguard。一台伺服器充當中間人。所以客戶端流量被路由到中間伺服器,中間伺服器將它們路由到另一台伺服器(我在這裡稱之為伺服器1)。就我而言,流量完全從客戶端路由到中間伺服器,然後路由到伺服器 1 。但它不會路由回中間伺服器,因此當連接wireguard 時沒有網路。伺服器 1 上的輸出wg show如下:

interface: wg0
  public key: Public-Key
  private key: (hidden)
  listening port: 51880

peer: Public_key
  endpoint: [middle server ip:port]
  allowed ips: 10.0.0.0/24
  latest handshake: 1 minute, 21 seconds ago
  transfer: 7.34 KiB received, 372 B sent
  persistent keepalive: every 25 seconds

這是我的伺服器和客戶端配置:

伺服器1配置:

[Interface]
PrivateKey = Private-Key
Address = 10.0.0.1/24
ListenPort = 51880
MTU = 1500

PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ufw route allow in on wg0 out on eth0; ufw route allow in on eth0 out on wg0; ufw allow proto udp from any to any port 51880
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ufw route delete allow in on wg0 out on eth0; ufw route delete allow in on eth0 out on wg0; ufw delete allow proto udp from any to any port 51880


[Peer]
PublicKey = middle server Public-Key
AllowedIPs = 10.0.0.2/24
EndPoint = [middle server ip:port]
PersistentKeepalive = 25

中間伺服器配置:

[Interface]
PrivateKey = Private-Key
Address = 10.0.0.2/24
ListenPort = 52890
Table = 123
MTU = 1500

PreUp = ip rule add iif wg0 table 123 priority 456
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ufw route allow in on wg0 out on eth0; ufw route allow in on eth0 out on wg0; ufw allow proto udp from any to any port 52890
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ufw route delete allow in on wg0 out on eth0; ufw route delete allow in on eth0 out on wg0; ufw delete allow proto udp from any to any port 52890; ip rule del iif wg0 table 123 priority 456

[Peer]
PublicKey = Server 1 Public-Key
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

[Peer]
PublicKey = Clint Public-key
AllowedIPs = 10.0.0.102/32

客戶端配置(Windows客戶端):

[Interface]
PrivateKey = Private-Key
Address = 10.0.0.102/32
DNS = 1.1.1.1, 1.0.0.1
MTU = 1480

[Peer]
PublicKey = middle server Public-Key
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1
Endpoint = [Middle server ip:port]
PersistentKeepalive = 25

我嘗試更改連接埠和地址,但沒有成功。

相關內容