Не могу сам разобраться в чем проблема, вроде всё перепробовал.
Сервер виртуалка на hetzner.cloud ubuntu server 20
WireGuard
/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.2.0/24
ListenPort = 51820
PrivateKey = ***
[Peer]
PublicKey = ***
AllowedIPs = 192.168.2.5/32
Сеть
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 95.**** netmask 255.255.255.255 broadcast 95.217.216.27
inet6 **** prefixlen 64 scopeid 0x0<global>
inet6 f**** prefixlen 64 scopeid 0x20<link>
ether **** txqueuelen 1000 (Ethernet)
RX packets 2628633 bytes 267355939 (267.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2868851 bytes 2423794900 (2.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 95.**** netmask 255.255.255.255 broadcast 0.0.0.0
ether **** txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 143389020 bytes 300907498907 (300.9 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 143389020 bytes 300907498907 (300.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1360
inet 192.168.2.0 netmask 255.255.255.0 destination 192.168.2.0
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 25 bytes 1264 (1.2 KB)
RX errors 0 dropped 7 overruns 0 frame 0
TX packets 11 bytes 1376 (1.3 KB)
TX errors 7 dropped 0 overruns 0 carrier 0 collisions 0
Маршруты
routel
target gateway source proto scope dev tbl
default 172.31.1.1 eth0
172.31.1.1 link eth0
192.168.2.0/ 24 192.168.2.0 kernel link wg0
95.**8 local 95.**8 kernel host eth0 local
95.**7 local 95.**7 kernel host eth0 local
95.**7 broadcast 95.**7 kernel link eth0 local
127.0.0.0 broadcast 127.0.0.1 kernel link lo local
127.0.0.0/ 8 local 127.0.0.1 kernel host lo local
127.0.0.1 local 127.0.0.1 kernel host lo local
127.255.255.255 broadcast 127.0.0.1 kernel link lo local
192.168.2.0 local 192.168.2.0 kernel host wg0 local
192.168.2.0 broadcast 192.168.2.0 kernel link wg0 local
192.168.2.255 broadcast 192.168.2.0 kernel link wg0 local
::1 local kernel lo
2**4::/ 64 kernel eth0
fe80::/ 64 kernel eth0
default fe80::1 eth0
::1 local kernel lo local
2**4::1 local kernel eth0 local
fe**c local kernel eth0 local
ff00::/ 8 eth0 local
ff00::/ 8
IPTables
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
#
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
#
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
# Accept traffic from internal interfaces
-A INPUT ! -i eth0 -j ACCEPT
# Accept traffic with the ACK flag set
-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
# Allow incoming data that is part of a connection we established
-A INPUT -m state --state ESTABLISHED -j ACCEPT
# Allow data that is related to existing connections
-A INPUT -m state --state RELATED -j ACCEPT
# Accept responses to DNS queries
-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
# Accept responses to our pings
-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
# Accept notifications of unreachable hosts
-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT
# Accept notifications to reduce sending speed
-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT
# Accept notifications of lost packets
-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT
# Accept notifications of protocol problems
-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT
#
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
#
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 2.****.2 -j ACCEPT
#
-A INPUT -p tcp -m tcp --dport 51820 -j ACCEPT
#
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
#
-A INPUT -p tcp -m tcp --dport auth -j ACCEPT
COMMIT
#
Клиент, по сложнее, это роутер домашней сети на ubuntu server 20
WireGuard
[Interface]
PrivateKey = ****
Address = 192.168.2.5/32
[Peer]
PublicKey = *****
Endpoint = 95.****7:51820
AllowedIPs = 192.168.2.0/24
PersistentKeepalive = 20
Сеть
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.*.*.* netmask 255.255.255.192 broadcast 10.*.*.255
inet6 fe80::***3 prefixlen 64 scopeid 0x20<link>
ether **** txqueuelen 1000 (Ethernet)
RX packets 19271715 bytes 11632872490 (11.6 GB)
RX errors 0 dropped 14715 overruns 0 frame 0
TX packets 34385445 bytes 22939419548 (22.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enxd03745808a81: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::d237:45ff:fe80:8a81 prefixlen 64 scopeid 0x20<link>
ether d0:37:45:80:8a:81 txqueuelen 1000 (Ethernet)
RX packets 3479852 bytes 447509307 (447.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5774541 bytes 6861799687 (6.8 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 113657 bytes 13774350 (13.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 113657 bytes 13774350 (13.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1456
inet 2***2 netmask 255.255.255.255 destination 1***7
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 15995507 bytes 10613692732 (10.6 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34373520 bytes 21151140776 (21.1 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1376
inet 192.168.2.5 netmask 255.255.255.255 destination 192.168.2.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 18 bytes 2020 (2.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89 bytes 4796 (4.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enxd03745808a81 смотрит в локальную сеть
enp2s0 к провайдеру
подключение к интернету через L2TP интерфейс ppp0
Настройки сети
# This is the network config written by 'subiquit
network:
ethernets:
enp2s0:
addresses:
- 10.*.*.*/26
gateway4: 10.*.*.*
dhcp4: false
nameservers:
addresses:
- *.*.*.*
- *.*.*.*
routes:
- to: 192.168.149.0/24
via: 10.*.*.*
enxd03745808a81:
addresses:
- 192.168.1.1/24
dhcp4: false
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: [home]
version: 2
Далее в комментарии, не влезло в пост, ограничения на длинну
ip_forward включен на обоих машинах
С сервера клиент пингуется, с клиента пинг сервера:
# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
From 192.168.2.0 icmp_seq=1 Destination Host Unreachable
From 192.168.2.0 icmp_seq=2 Destination Host Unreachable
From 192.168.2.0 icmp_seq=3 Destination Host Unreachable
From 192.168.2.0 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.2.1 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3004ms
Четвертый день не могу разобраться с этой ерундой, такое впечатление, что перепробовал всё. Видимо глаз замылился, надеюсь на вашу помощь.