@val_gr
Студент, программирую на Python и C# (Xamarin)

Проблемы с wireguard, в чём дело?

По каким то причинам не работает впн wireguard. Сервер от Oracle.

Логи:
ubuntu@amberserver:~$ sudo wg show
interface: wg0
  public key: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
  private key: (hidden)
  listening port: 51820

peer: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  endpoint: 95.105.124.30:52684
  allowed ips: 10.8.0.2/32
  latest handshake: 44 seconds ago
  transfer: 126.30 KiB received, 220 B sent
ubuntu@amberserver:~$ sudo systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sun 2022-07-03 16:51:18 UTC; 1min 13s ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 1416 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
   Main PID: 1416 (code=exited, status=0/SUCCESS)
        CPU: 47ms

Jul 03 16:51:18 amberserver systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Jul 03 16:51:18 amberserver wg-quick[1416]: [#] ip link add wg0 type wireguard
Jul 03 16:51:18 amberserver wg-quick[1416]: [#] wg setconf wg0 /dev/fd/63
Jul 03 16:51:18 amberserver wg-quick[1416]: [#] ip -4 address add 10.8.0.1/24 dev wg0
Jul 03 16:51:18 amberserver wg-quick[1416]: [#] ip link set mtu 8920 up dev wg0
Jul 03 16:51:18 amberserver wg-quick[1416]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Jul 03 16:51:18 amberserver systemd[1]: Finished WireGuard via wg-quick(8) for wg0.


Конфиг на серве:
[Interface]
Address = 10.8.0.1/24
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = XXXXXXXXXXXXXXXXXXX

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 10.8.0.2/32


Конфиг на клиенте:
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXX
Address = 10.8.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
Endpoint = 130.162.249.9:51820
PersistentKeepalive = 21


Ещё логи:
ubuntu@amberserver:~$ ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9000
        inet 10.0.0.60  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::17ff:fe0a:2e58  prefixlen 64  scopeid 0x20<link>
        ether 02:00:17:0a:2e:58  txqueuelen 1000  (Ethernet)
        RX packets 2171  bytes 397825 (397.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1783  bytes 538699 (538.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 48  bytes 7613 (7.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 48  bytes 7613 (7.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 8920
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 984  bytes 129332 (129.3 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5  bytes 220 (220.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ubuntu@amberserver:~$ sudo lsof -i -P -n | grep LISTEN
systemd      1            root  140u  IPv4  14886      0t0  TCP *:111 (LISTEN)
systemd      1            root  142u  IPv6  14119      0t0  TCP *:111 (LISTEN)
rpcbind    754            _rpc    4u  IPv4  14886      0t0  TCP *:111 (LISTEN)
rpcbind    754            _rpc    6u  IPv6  14119      0t0  TCP *:111 (LISTEN)
systemd-r  813 systemd-resolve   14u  IPv4  15269      0t0  TCP 127.0.0.53:53 (LISTEN)
sshd       948            root    3u  IPv4  17815      0t0  TCP *:22 (LISTEN)
sshd       948            root    4u  IPv6  17817      0t0  TCP *:22 (LISTEN)
ubuntu@amberserver:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp multiport dports 51820
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp multiport dports 5901:5903,x11-1:x11-3

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain InstanceServices (0 references)
target     prot opt source               destination
ubuntu@amberserver:~$
  • Вопрос задан
  • 160 просмотров
Решения вопроса 1
@val_gr Автор вопроса
Студент, программирую на Python и C# (Xamarin)
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE


В этих строчках нужно было заменить eth0 на enp0s3
Ответ написан
Пригласить эксперта
Ответы на вопрос 1
@Zerg89
nano /etc/sysctl.conf
net.ipv4.ip_forward=1
reboot или sysctl -p
Ответ написан
Комментировать
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Войти через центр авторизации
Похожие вопросы