wirdguard 的配置,自问很仔细,不知道哪里出问题了,代码贴出,大家帮忙看看?

2020-11-26 12:01:58 +08:00
 SteveRogers

详细信息如下

开启 TCP 转发

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

生成公钥和私钥

cd /etc/wireguard/ umask 077 wg genkey | tee privatekey | wg pubkey > publickey umask 022 cat privatekey

kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8=

cat publickey

Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU=

书写服务器配置文件

vim wg0.conf

[Interface]
Address = 10.0.1.1/16
PrivateKey = kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8=
ListenPort = 8006
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU=
AllowedIPs = 10.0.1.2/32

wg-quick up wg0

Client 配置

[Interface]
PrivateKey = kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8=
Address = 10.0.1.2/16
DNS = 223.6.6.6
MTU = 1420

[Peer]
PublicKey = Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU=
AllowedIPs = 10.0.1.0/22
Endpoint = xx.adc.com:8006
PersistentKeepalive = 30

客户端连接日志如下

2020-11-26 12:02:17.742234: [NET] App version: 0.0.20191105 (16); Go backend version: 0.0.20191013
2020-11-26 12:02:17.742626: [NET] Starting tunnel from the app
2020-11-26 12:02:18.523714: [NET] Tunnel interface is utun2
2020-11-26 12:02:18.524107: [NET] Attaching to interface
2020-11-26 12:02:18.524639: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.524717: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.524828: [NET] Routine: event worker - started
2020-11-26 12:02:18.524886: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.524933: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.524962: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.524988: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.525033: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.525084: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525127: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.525210: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.525236: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.525262: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525289: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.525324: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.525350: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525376: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.525403: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.525429: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525461: [NET] Routine: handshake worker - started
2020-11-26 12:02:18.525487: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525540: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525581: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.525613: [NET] Routine: encryption worker - started
2020-11-26 12:02:18.525642: [NET] Routine: TUN reader - started
2020-11-26 12:02:18.525697: [NET] Routine: decryption worker - started
2020-11-26 12:02:18.525807: [NET] UAPI: Updating private key
2020-11-26 12:02:18.525906: [NET] UAPI: Removing all peers
2020-11-26 12:02:18.525939: [NET] UAPI: Transition to peer configuration
2020-11-26 12:02:18.526149: [NET] peer(AAAA…AAAA) - UAPI: Updating endpoint
2020-11-26 12:02:18.526218: [NET] peer(AAAA…AAAA) - UAPI: Updating persistent keepalive interval
2020-11-26 12:02:18.526310: [NET] peer(AAAA…AAAA) - UAPI: Removing all allowedips
2020-11-26 12:02:18.526349: [NET] peer(AAAA…AAAA) - UAPI: Adding allowedip
2020-11-26 12:02:18.526636: [NET] Routine: receive incoming IPv6 - started
2020-11-26 12:02:18.526688: [NET] Routine: receive incoming IPv4 - started
2020-11-26 12:02:18.526819: [NET] UDP bind has been updated
2020-11-26 12:02:18.526868: [NET] Device started
2020-11-26 12:02:18.527599: [APP] Tunnel 'test' connection status changed to 'connected'
2020-11-26 12:02:22.573923: [APP] Status update notification timeout for tunnel 'test'. Tunnel status is now 'connected'.
1998 次点击
所在节点    问与答
18 条回复
bitdust
2020-11-26 12:31:58 +08:00
client 的 privatekey 要自己生成,不要和 server 的 key 相同
301
2020-11-26 12:34:28 +08:00
你客户端和服务端用了相同的一对密钥,我没见过这样的配置,要不用两对试试看,即服务端配置文件用私钥 A 和公钥 B,客户端配置文件用私钥 B 和公钥 A
SteveRogers
2020-11-26 13:02:40 +08:00
@bitdust
@301 一语惊醒梦中人,搞定,在群晖里用第三方编译的套件完成连接
zro
2020-11-26 13:27:17 +08:00
楼主,你从客户端 tracert 的时候中间路程都是* * *吗,我设置的除了开头和最后一跳有显示,其他都是显示* * *,想不出是什么原因。。
SteveRogers
2020-11-26 16:10:50 +08:00
@zro 其实我还没有通,我 wg 状态都显示两台终端了,但是网络没有互通,这个目前日志也不成熟,可能要放弃这个工具
zro
2020-11-26 16:28:31 +08:00
刚开始看别人的 WG 配置也是云里雾里的,但现在配多几次感觉很好用~

我发现你的配置有个问题,客户端的 AllowedIPs = 10.0.1.0/22,其实是等价 10.0.0.0/22 的。。

另外可能要配合 ip route 命令来查互通不了的问题~
SteveRogers
2020-11-26 17:28:05 +08:00
@zro 大佬看看我更新了配置,能连上但是网络不通
@301 大佬看看我更新了配置,能连上但是网络不通
@bitdust 大佬看看我更新了配置,能连上但是网络不通
zro
2020-11-26 18:14:02 +08:00
@SteveRogers #7 key 是直接复制粘贴的吗,又或者会是小写的 L 跟 I 搞混了吗?我就试过。。。
bitdust
2020-11-26 18:17:12 +08:00
盲猜你客户端没有加路由信息。

你的客户端 是运行在哪里的?
需要进入其网络配置端口,添加路由信息,即把所有流量全部路由到 wireguard 的虚拟网卡上
301
2020-11-26 18:20:15 +08:00
@SteveRogers 客户端 AllowedIPs 改成 0.0.0.0/0,那个配置是用来决定哪些流量发往服务端的
SteveRogers
2020-11-26 18:39:08 +08:00
@zro 复制铁站的,肯定不会手工输滴


@bitdust 这个客户端有两个 一个是手机、一个是电脑,没有单独加路由,需要怎么加呢
@301 这个也尝试过,客户端 peer 允许 0.0.0.0/0,不行,用路由跟踪,全部都是*,并且不可达
zro
2020-11-26 18:47:25 +08:00
@SteveRogers #11 你还是把 ip route 帖上吧。。感觉有冲突
301
2020-11-26 19:00:49 +08:00
@SteveRogers 用了你的配置,在 vps 和本地搭了下,可以通
jasonyang9
2020-11-26 19:07:29 +08:00
wg 服务端上的网络接口名字到底是 eth0 还是 eth1 还是其它?
zro
2020-11-26 19:08:56 +08:00
@301 #13 我感觉是楼主设的 WG 子网 /16 太大了,可能跟原有的内网有冲突。。他的配置确实看不出有问题~
SteveRogers
2020-11-26 19:47:00 +08:00
@jasonyang9 eth1 就是我当前服务器的内网 ip,也就是群晖的局域网 ip 地址 172.16.31.xx
@301 那我用 docker 试试,估计群晖的套件问题了
openmynet
2020-11-26 23:26:37 +08:00
这份文档可能会帮到你:github.com/openmynet/Some/blob/master/docs/wireguard.md
irytu
2020-11-27 05:04:21 +08:00
server 以及每个客户端自带一“对” key,本质就是交换 public key 进行 end to end 验证

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/729424

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX