Ubuntu

Wireguard VPN 無法訪問網際網路和區域網路

  • January 23, 2022

我有一台執行 Ubuntu 20.04 和 wireguard 1.0.20200513-1~20.04.2 的伺服器。我在手機(Android Samsung S20+)上安裝了wireguard應用程序,禁用了WIFI並連接到4G。當 VPN 處於活動狀態時,我可以訪問伺服器,而我的家庭網路 (192.168.1.X) 或網際網路上什麼也沒有。伺服器有一個 10.0.0.1 (VPN) 和 192.168.1.171 (LAN) 介面。手機得到一個 10.0.0.2 介面。我猜我需要設置一條路線。伺服器防火牆(ufw 狀態)處於非活動狀態。任何幫助將非常感激。

/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
Address = <MAC>::1/64
SaveConfig = true    
ListenPort = 51820
PrivateKey = <SERVER_KEY>

[Peer]
PublicKey = <CELL_PUB_KEY>
AllowedIPs = 10.0.0.2/32, 
Endpoint = <EXTERNAL_IP>:8598

客戶端配置

Cellphone config
[Interface]
PrivateKey =<CELL_KEY>
Address = 10.0.0.2/24
DNS = 1.1.1.1, 1.0.0.1

[Peer]
PublicKey = <SERVER_PUB_KEY>
AllowedIPs = 10.0.0.0/24, 192.168.1.0/24
Endpoint = <EXTERNAL_IP>:51820

/etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

路線-n

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 enp2s0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp2s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0

在伺服器上

ip route get from 10.0.0.2 iif wg0 192.168.1.1
192.168.1.1 from 10.0.0.2 dev enp2s0
   cache iif wg0

編輯-解決方案-wireguard.conf 中需要 PostUp 和 PostDown 行:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <MY_KEY>

[Peer]
PublicKey = <MY_PUB_KEY>
AllowedIPs = 10.0.0.2/32

在 wireguard.conf 中需要 PostUp 和 PostDown 行:

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <MY_KEY>

[Peer]
PublicKey = <MY_PUB_KEY>
AllowedIPs = 10.0.0.2/32

我不確定,但它對我來說很好,試試吧

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A 轉發 -o wg0 -j 接受;iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE;

PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D 轉發 -o wg0 -j 接受;iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE; 監聽埠 = 51820

[Interface]
Address = 10.0.0.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE;
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o enp2s0 -j MASQUERADE;
ListenPort = 51820
PrivateKey = <MY_KEY>
   
[Peer]
PublicKey = <MY_PUB_KEY>
AllowedIPs = 10.0.0.2/32

引用自:https://serverfault.com/questions/1039643