WireGuard - 无法 ping 服务器或解析域
WireGuard - Can't ping server or resolve domains
过去 5 个小时我一直在尝试在我的服务器上设置 WireGuard,但在完成所有设置后,我无法 ping IP 或解析域。
以下是服务器配置
[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
ListenPort = 51820
# Server's private key
PrivateKey = EPRQ7Tujdx2pITBV9DeUz+PzYFVb1sax9Fn2hMcLMGI=
[Peer]
# Client's public key
PublicKey = 7FGaduQME4ytI3AyYusl/itkOWU3YgQ3jU7Bsme76WU=
AllowedIPs = 10.100.100.2/32
这是客户端的配置
[Interface]
Address = 10.100.100.2/32
# Client's private key
PrivateKey = 0B5b3ysvvpn6kC50sdCFELlMhIexY47kKRRMtBpqdlQ=
[Peer]
# Server's public key
PublicKey = HUuRYaDwqPNHirxlFTewTVKTsCi2udFImqvDfoiAH24=
Endpoint = 129.213.59.233:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21
服务器启用了 IP 转发。
我正试图关注这个视频:https://www.youtube.com/watch?v=n00ayGUdCaI
服务器端iptables配置有两个问题:
以下4个配置重复两次。
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;
ip6tables -A FORWARD -i wg0 -j ACCEPT;
iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;
ip6tables -D FORWARD -i wg0 -j ACCEPT;
对于以下4行配置,请将wg0替换为您的主网络接口名称。
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; -> iptables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE;
ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE -> ip6tables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE
iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; -> iptables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE;
ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE -> ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
for the main network interface name should easy to get with ifconfig or ip -c a command
最终,需要更改 iptables 配置部分应该是这样的:
[Interface]
...
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE;ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE
...
过去 5 个小时我一直在尝试在我的服务器上设置 WireGuard,但在完成所有设置后,我无法 ping IP 或解析域。
以下是服务器配置
[Interface]
Address = 10.100.100.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
ListenPort = 51820
# Server's private key
PrivateKey = EPRQ7Tujdx2pITBV9DeUz+PzYFVb1sax9Fn2hMcLMGI=
[Peer]
# Client's public key
PublicKey = 7FGaduQME4ytI3AyYusl/itkOWU3YgQ3jU7Bsme76WU=
AllowedIPs = 10.100.100.2/32
这是客户端的配置
[Interface]
Address = 10.100.100.2/32
# Client's private key
PrivateKey = 0B5b3ysvvpn6kC50sdCFELlMhIexY47kKRRMtBpqdlQ=
[Peer]
# Server's public key
PublicKey = HUuRYaDwqPNHirxlFTewTVKTsCi2udFImqvDfoiAH24=
Endpoint = 129.213.59.233:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 21
服务器启用了 IP 转发。
我正试图关注这个视频:https://www.youtube.com/watch?v=n00ayGUdCaI
服务器端iptables配置有两个问题:
以下4个配置重复两次。
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;ip6tables -A FORWARD -i wg0 -j ACCEPT;iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;ip6tables -D FORWARD -i wg0 -j ACCEPT;
对于以下4行配置,请将
wg0替换为您的主网络接口名称。iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE;->iptables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE;ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE->ip6tables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADEiptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE;->iptables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE;ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE->ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE
for the main network interface name should easy to get with
ifconfigorip -c acommand
最终,需要更改 iptables 配置部分应该是这样的:
[Interface]
...
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE;ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o <your main network interface name> -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o <your main network interface name> -j MASQUERADE
...