2

在过去的 5 个小时里,我一直在尝试在我的服务器上设置 WireGuard,在完成所有设置后,我无法 ping IP 或解析域。

下面是服务器配置

[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
ListenPort = 51820
# Server's private key
PrivateKey = EPRQ7Tujdx2pITBV9DeUz+PzYFVb1sax9Fn2hMcLMGI=

[Peer]
# Client's public key
PublicKey = 7FGaduQME4ytI3AyYusl/itkOWU3YgQ3jU7Bsme76WU=
AllowedIPs = 10.100.100.2/32

这是客户端的配置

[Interface]
Address = 10.100.100.2/32
# Client's private key
PrivateKey = 0B5b3ysvvpn6kC50sdCFELlMhIexY47kKRRMtBpqdlQ=

[Peer]
# Server's public key
PublicKey = HUuRYaDwqPNHirxlFTewTVKTsCi2udFImqvDfoiAH24=
Endpoint = 129.213.59.233:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21

服务器启用了 IP 转发。

我试图关注这个视频:https ://www.youtube.com/watch?v=n00ayGUdCaI

4

1 回答 1

2

服务器端iptables配置有两个问题:

  1. 以下4个配置重复两次。

    • iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;

    • ip6tables -A FORWARD -i wg0 -j ACCEPT;

    • iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;

    • ip6tables -D FORWARD -i wg0 -j ACCEPT;

  2. 对于以下 4 行配置,应替换wg0为您的主网络接口名称。

    • iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;->iptables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE;

    • ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE->ip6tables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE

    • iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;->iptables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE;

    • ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE->ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE

主网络接口名称应该易于使用ifconfigip -c a命令

最终,需要更改 iptables 配置部分应该是这样的:

[Interface]
...
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE;ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE
...
于 2020-02-26T05:11:43.807 回答