wireguard 布网故障

一般都是 allowips 的锅

@Jimmyisme 应该木有问题，外网 C 是能顺利访问的。附上我的 allowips 配置

节点 A：
---
配置节点 B 的信息：
AllowedIPs = 10.252.1.1/32, 192.168.88.0/24
----

节点 B:
---
配置节点 A 的信息：
AllowedIPs = 10.252.1.2/32, 192.168.1.0/24
----

还有路由表。OpenWrt 有一个选项可以自动添加，点点点即可，非 OpenWrt 可能需要手动添加路由。

在哪个系统部署的，配置文件贴出来

C 节点，要开 ip_forward ，以及 C 上面的要有去 A 和 B 的路由

如果 c 可以访问到 ab ，那 c 的 postrouting 添加出 wg 接口的伪装。因为 ab 没有对方的路由表

@bobryjosin

节点 A
--------------
root@j1900:~# cat /etc/wireguard/wg0.conf
# peer_201# Address updated at:    2022-08-13 02:04:21.28015476 +0000 UTC
# Private Key updated at: 2022-08-12 11:34:22.54225801 +0000 UTC
[Interface]
Address = 10.252.1.2/32
ListenPort = 52320
PrivateKey = xxx
MTU = 1450
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o br0 -j MASQUERADE
# ID:          phone
# Name:        peer_C1
# Email:
# Created at:  2022-08-13 02:03:42.226570346 +0000 UTC
# Update at:    2022-08-13 02:03:42.226570346 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.3/32
# ID:          yoga
# Name:        peer_C2
# Email:
# Created at:  2022-08-13 02:04:00.216322658 +0000 UTC
# Update at:    2022-08-13 02:04:00.216322658 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.4/32
# ID:          business tmp
# Name:        peer_C3
# Email:
# Created at:  2023-05-30 02:04:00.216322658 +0000 UTC
# Update at:    2023-05-30 02:04:00.216322658 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.5/32
# ID:          dev_ub2004
# Name:        peer_C4
# Email:
# Created at:  2023-05-30 02:04:00.216322658 +0000 UTC
# Update at:    2023-05-30 02:04:00.216322658 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.6/32
# ID:          cbrgd76jimivehamds2g
# Name:        peer_403
# Email:
# Created at:  2022-08-13 02:04:12.49288016 +0000 UTC
# Update at:    2022-08-13 05:02:27.105906129 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.1/32, 192.168.88.0/24
Endpoint = ddnsXXX.space:52320
PersistentKeepalive = 25
--------------
节点 B
-------------
# peer_403

# Address updated at: 2022-08-13 02:04:21.28015476 +0000 UTC
# Private Key updated at: 2022-08-12 11:34:22.54225801 +0000 UTC
[Interface]
Address = 10.252.1.1/32
ListenPort = 52320
PrivateKey = XXXX
MTU = 1450
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o br0 -j MASQUERADE


# ID: phone
# Name: peer_C1
# Email:
# Created at: 2022-08-13 02:03:42.226570346 +0000 UTC
# Update at: 2022-08-13 02:03:42.226570346 +0000 UTC
[Peer]
PublicKey = XXXXXX
AllowedIPs = 10.252.1.3/32

# ID: yoga
# Name: peer_C2
# Email:
# Created at: 2022-08-13 02:04:00.216322658 +0000 UTC
# Update at: 2022-08-13 02:04:00.216322658 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.4/32

# ID: business tmp
# Name: peer_C3
# Email:
# Created at: 2023-05-30 02:04:00.216322658 +0000 UTC
# Update at: 2023-05-30 02:04:00.216322658 +0000 UTC
[Peer]
PublicKey = xxx
AllowedIPs = 10.252.1.5/32

# ID: dev_ub2004
# Name: peer_C4
# Email:
# Created at: 2023-05-30 02:04:00.216322658 +0000 UTC
# Update at: 2023-05-30 02:04:00.216322658 +0000 UTC
[Peer]
PublicKey = xxxxx
AllowedIPs = 10.252.1.6/32

# ID: xxxxxxx
# Name: peer_201
# Email:
# Created at: 2022-08-13 02:04:12.49288016 +0000 UTC
# Update at: 2022-08-13 05:02:27.105906129 +0000 UTC
[Peer]
PublicKey = xxxx
AllowedIPs = 10.252.1.2/32, 192.168.1.0/24
Endpoint = ddnsxxxxA.space:52320
PersistentKeepalive = 25

------------

@csdreamdong 节点 C 就是 PC ，能正常访问 A B 两个节点的局域网，但 AB 局域网无法互相访问。。

@Ipsum 有

节点 A
-----------
root@j1900:~# ip r|grep 88
192.168.88.0/24 dev wg0 scope link
-----------


节点 B
----------------
root@wuwg-EQ:~# ip r|grep 1.0
169.254.0.0/16 dev br0 scope link metric 1000
192.168.1.0/24 dev wg0 scope link

---------------

@Damn 路由是有的

ddnsXXX.space:52320 这是节点 c ？

试试
把 iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
改成
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

@Ipsum
带 ddns 的是节点 A 和节点 b

节点 C （ pc ）走外网是能链接节点 A\B 的局域网的（捂脸

sysctl -a |grep forward 看看

节点 c 的 wg 写

peer A
allowIPs= A 的局域网

peerb
allowIPs= B 的局域网

要开 forward 和 snat

用 wg 看下，很大可能 A-B 不通

OSPF 解君愁。A B 都上 MikroTik ，然后 A B 跑 OSPF 。

把 wg-quick interface 搞上来看看

@Qetesh 现在就是节点 A <--> B 不通，但作为对外服务的 wg 节点(AB)，我的客户端 C （ pc ）是可以链接 AB 两个节点的.

@ghostwwg wireguard 是类似 Mesh 网络，全连接的状态。怀疑 AB 之间的认证的公私钥等有问题