客户端上的Wireguard访问设备

编程问答 2022-06-12

问题描述

我的Wireguard设置存在一些问题。我要实现的逻辑是,我将能够从客户端1(笔记本电脑)连接到客户端2(opensense)子网10.88.1.1/24。

目前从客户端到服务器一切正常,但客户端之间无ping操作或任何其他访问。

当前设置为 主Wireguard服务器(ubuntu服务器)IP,例如5.123.456.678 

 [Interface]
    Address = 203.0.113.5/24
    SaveConfig = true
    PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
    ListenPort = 51820
    FwMark = 0xca6c
    PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
    
    [Peer]
    PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
    AllowedIPs = 203.0.113.13/32
    Endpoint = 89.xxx.xxx.xxx:33943
    
    [Peer]
    PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
    AllowedIPs = 203.0.113.15/32
    Endpoint = 46.xxx.xxx.xxx:4109

客户端1(笔记本电脑)

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
Address = 203.0.113.15/24
ListenPort = 51820

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.5/32
Endpoint = 5.123.456.678:51820
PersistentKeepalive = 5

具有子网10.88.1.1的客户端2(opensense)。

interface: wg0
  public key: XXXXXXXXXXXXXXXXXXXXXXX
  private key: (hidden)
  listening port: 51820

peer: XXXXXXXXXXXXXXXXXXXXXXX
  endpoint: 5.123.456.678:51820
  allowed ips: 203.0.113.0/24

解决方法

我已经进行了更多测试,逻辑是您需要添加

在我的案例设置中,

该设置的子网或单个IP现在看起来像这样

服务器

 [Interface]
    Address = 203.0.113.5/24
    SaveConfig = true
    PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
    ListenPort = 51820
    FwMark = 0xca6c
    PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
    
    [Peer]
    PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
    AllowedIPs = 203.0.113.13/32,10.88.1.0/24
    Endpoint = 89.xxx.xxx.xxx:33943
    
    [Peer]
    PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
    AllowedIPs = 203.0.113.15/32,10.88.1.0/24
    Endpoint = 46.xxx.xxx.xxx:4109

客户端1(笔记本电脑)

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
Address = 203.0.113.15/24
ListenPort = 51820

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.0/24,10.88.1.0/24
Endpoint = 5.123.456.678:51820
PersistentKeepalive = 5

具有子网10.88.1.1的客户端2(opensense)。

interface: wg0
  public key: XXXXXXXXXXXXXXXXXXXXXXX
  private key: (hidden)
  listening port: 51820

peer: XXXXXXXXXXXXXXXXXXXXXXX
  endpoint: 5.123.456.678:51820
  allowed ips: 203.0.113.0/24,10.88.1.0/24
wireguard