这是一个创建于 1957 天前的主题,其中的信息可能已经有所发展或是发生改变。
详细信息如下
开启 TCP 转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
生成公钥和私钥
cd /etc/wireguard/ umask 077 wg genkey | tee privatekey | wg pubkey > publickey umask 022 cat privatekey
kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8= cat publickey
Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU= 书写服务器配置文件
vim wg0.conf
[Interface] Address = 10.0.1.1/16 PrivateKey = kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8= ListenPort = 8006 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU= AllowedIPs = 10.0.1.2/32 wg-quick up wg0
Client 配置
[Interface] PrivateKey = kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8= Address = 10.0.1.2/16 DNS = 223.6.6.6 MTU = 1420 [Peer] PublicKey = Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU= AllowedIPs = 10.0.1.0/22 Endpoint = xx.adc.com:8006 PersistentKeepalive = 30 客户端连接日志如下
2020-11-26 12:02:17.742234: [NET] App version: 0.0.20191105 (16); Go backend version: 0.0.20191013 2020-11-26 12:02:17.742626: [NET] Starting tunnel from the app 2020-11-26 12:02:18.523714: [NET] Tunnel interface is utun2 2020-11-26 12:02:18.524107: [NET] Attaching to interface 2020-11-26 12:02:18.524639: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.524717: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.524828: [NET] Routine: event worker - started 2020-11-26 12:02:18.524886: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.524933: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.524962: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.524988: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.525033: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.525084: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525127: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.525210: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.525236: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.525262: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525289: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.525324: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.525350: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525376: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.525403: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.525429: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525461: [NET] Routine: handshake worker - started 2020-11-26 12:02:18.525487: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525540: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525581: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.525613: [NET] Routine: encryption worker - started 2020-11-26 12:02:18.525642: [NET] Routine: TUN reader - started 2020-11-26 12:02:18.525697: [NET] Routine: decryption worker - started 2020-11-26 12:02:18.525807: [NET] UAPI: Updating private key 2020-11-26 12:02:18.525906: [NET] UAPI: Removing all peers 2020-11-26 12:02:18.525939: [NET] UAPI: Transition to peer configuration 2020-11-26 12:02:18.526149: [NET] peer(AAAA…AAAA) - UAPI: Updating endpoint 2020-11-26 12:02:18.526218: [NET] peer(AAAA…AAAA) - UAPI: Updating persistent keepalive interval 2020-11-26 12:02:18.526310: [NET] peer(AAAA…AAAA) - UAPI: Removing all allowedips 2020-11-26 12:02:18.526349: [NET] peer(AAAA…AAAA) - UAPI: Adding allowedip 2020-11-26 12:02:18.526636: [NET] Routine: receive incoming IPv6 - started 2020-11-26 12:02:18.526688: [NET] Routine: receive incoming IPv4 - started 2020-11-26 12:02:18.526819: [NET] UDP bind has been updated 2020-11-26 12:02:18.526868: [NET] Device started 2020-11-26 12:02:18.527599: [APP] Tunnel 'test' connection status changed to 'connected' 2020-11-26 12:02:22.573923: [APP] Status update notification timeout for tunnel 'test'. Tunnel status is now 'connected'. 第 1 条附言 2020 年 11 月 26 日
调整后依然不行,服务器上执行wg,能看到连接,但是网络不通,两个客户端都不通,单独一个客户端也不行
服务器配置
[Interface] Address = 10.0.1.1/16 PrivateKey = kH+D4tV+2MJ0r3Pz0ZcfaAKdtW6JGHw1pxcRhWfXGW8= ListenPort = 8006 PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth1 -j MASQUERADE [Peer] PublicKey = KYhBEfe76T3V2wMPNYqfH67+6KL85WVVMo8NhcFj+xw= AllowedIPs = 10.0.1.2/32 [Peer] PublicKey = 1MRN8OEUQZ5HSaB0jy907zUjl+Z9zQPyVJQruEg2GCI= AllowedIPs = 10.0.1.3/32 客户端的配置
[Interface] PrivateKey = 0OG59gIjuXJzciFFrxBkNDWQzfQoO4p5QkegoxdIv0s= Address = 10.0.1.2/16 DNS = 223.6.6.6 MTU = 1420 [Peer] PublicKey = Na5BMpCXuG0wmyXZH1GE3Uic+hvkq4865lIR+RTJjUU= AllowedIPs = 10.0.0.0/22, 172.16.31.0/22 Endpoint = 116.30.111.111:8006 PersistentKeepalive = 30 第 2 条附言 2020 年 11 月 26 日
补充路由表
netstat -nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default link#20 UCS utun2
default 10.101.128.1 UGScI en0
8.8.8.8 link#20 UHW3I utun2 19
10.0.1.2 10.0.1.2 UH utun2
10.101.128/20 link#8 UCS en0 !
10.101.128.1/32 link#8 UCS en0 !
10.101.128.1 f4:74:88:87:59:c5 UHLWIir en0 1200
10.101.136.225/32 link#8 UCS en0 !
52.87.201.4 link#20 UHWIi utun2
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169.254 link#8 UCS en0 !
172.16.31.1 link#20 UHWIi utun2
223.6.6.6 link#20 UHWIi utun2
224.0.0/4 link#20 UmCS utun2
224.0.0/4 link#8 UmCSI en0 !
239.255.255.250 link#20 UHmW3I utun2 26
255.255.255.255/32 link#20 UCS utun2
255.255.255.255/32 link#8 UCSI en0 !
netstat -nr
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default link#20 UCS utun2
default 10.101.128.1 UGScI en0
8.8.8.8 link#20 UHW3I utun2 19
10.0.1.2 10.0.1.2 UH utun2
10.101.128/20 link#8 UCS en0 !
10.101.128.1/32 link#8 UCS en0 !
10.101.128.1 f4:74:88:87:59:c5 UHLWIir en0 1200
10.101.136.225/32 link#8 UCS en0 !
52.87.201.4 link#20 UHWIi utun2
127 127.0.0.1 UCS lo0
127.0.0.1 127.0.0.1 UH lo0
169.254 link#8 UCS en0 !
172.16.31.1 link#20 UHWIi utun2
223.6.6.6 link#20 UHWIi utun2
224.0.0/4 link#20 UmCS utun2
224.0.0/4 link#8 UmCSI en0 !
239.255.255.250 link#20 UHmW3I utun2 26
255.255.255.255/32 link#20 UCS utun2
255.255.255.255/32 link#8 UCSI en0 !
18 条回复 2020-11-27 05:04:21 +08:00
 | 1 bitdust 2020 年 11 月 26 日 client 的 privatekey 要自己生成,不要和 server 的 key 相同 |
 | 2 301 2020 年 11 月 26 日 via Android 你客户端和服务端用了相同的一对密钥,我没见过这样的配置,要不用两对试试看,即服务端配置文件用私钥 A 和公钥 B,客户端配置文件用私钥 B 和公钥 A |
 | 3 SteveRogers OP |
 | 4 zro 2020 年 11 月 26 日 楼主,你从客户端 tracert 的时候中间路程都是* * *吗,我设置的除了开头和最后一跳有显示,其他都是显示* * *,想不出是什么原因。。  |
| 5 SteveRogers OP @zro 其实我还没有通,我 wg 状态都显示两台终端了,但是网络没有互通,这个目前日志也不成熟,可能要放弃这个工具 |
| 6 zro 2020 年 11 月 26 日 刚开始看别人的 WG 配置也是云里雾里的,但现在配多几次感觉很好用~ 我发现你的配置有个问题,客户端的 AllowedIPs = 10.0.1.0/22,其实是等价 10.0.0.0/22 的。。 另外可能要配合 ip route 命令来查互通不了的问题~ |
| 7 SteveRogers OP |
| 8 zro 2020 年 11 月 26 日 @SteveRogers #7 key 是直接复制粘贴的吗,又或者会是小写的 L 跟 I 搞混了吗?我就试过。。。  |
| 9 bitdust 2020 年 11 月 26 日 盲猜你客户端没有加路由信息。 你的客户端 是运行在哪里的? 需要进入其网络配置端口,添加路由信息,即把所有流量全部路由到 wireguard 的虚拟网卡上 |
| 10 301 2020 年 11 月 26 日 via Android @SteveRogers 客户端 AllowedIPs 改成 0.0.0.0/0,那个配置是用来决定哪些流量发往服务端的 |
| 11 SteveRogers OP |
| 12 zro 2020 年 11 月 26 日 @SteveRogers #11 你还是把 ip route 帖上吧。。感觉有冲突 |
| 13 301 2020 年 11 月 26 日 @SteveRogers 用了你的配置,在 vps 和本地搭了下,可以通 |
 | 14 jasonyang9 2020 年 11 月 26 日 via Android wg 服务端上的网络接口名字到底是 eth0 还是 eth1 还是其它? |
| 16 SteveRogers OP |
 | 17 openmynet 2020 年 11 月 26 日 |
 | 18 irytu 2020 年 11 月 27 日 via iPhone server 以及每个客户端自带一“对” key,本质就是交换 public key 进行 end to end 验证 |
Select Language