На VPS поднят WG и Bird. Необходимо получить префиксы на микротик, находящийся за NAT провайдера. Не могу понять почему они не приходят. Подскажите, пожалуйста!
/etc/bird/bird.conf:
log syslog all;
router id 10.10.8.1;
protocol kernel
{
scan time 60;
import none;
export none;
}
protocol device {
scan time 60;
}
protocol static static_bgp {
include "Google.txt";
}
protocol bgp HapAc2 {
description "Mikrotik HapAc2";
neighbor 10.10.8.2 as 64999;
hold time 240;
import none;
export where proto = "static_bgp";
next hop self;
local as 64888;
source address 10.10.8.1;
passive on;
}
sudo birdc show protocol all
BIRD 1.6.8 ready.
name proto table state since info
kernel1 Kernel master up 15:22:28
Preference: 10
Input filter: REJECT
Output filter: REJECT
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 1912 2 1910 --- 0
Export withdraws: 2 --- --- --- 0
device1 Device master up 15:22:28
Preference: 240
Input filter: ACCEPT
Output filter: REJECT
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 0 0 0 --- 0
Export withdraws: 0 --- --- --- 0
static_bgp Static master up 15:22:28
Preference: 200
Input filter: ACCEPT
Output filter: REJECT
Routes: 955 imported, 0 exported, 955 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 955 0 0 0 955
Import withdraws: 0 0 --- 0 0
Export updates: 0 0 0 --- 0
Export withdraws: 0 --- --- --- 0
HapAc2 BGP master start 16:06:19 Idle
Description: Mikrotik HapAc2
Preference: 100
Input filter: REJECT
Output filter: (unnamed)
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 0 0 0 --- 0
Export withdraws: 0 --- --- --- 0
BGP state: Idle
Neighbor address: 10.10.8.2
Neighbor AS: 64999
sudo nano /etc/wireguard/wg0.conf
[Interface]
PrivateKey = Prkey
Address = 10.10.8.1/32
ListenPort = 51830
[Peer]
PublicKey = Pubkey
AllowedIPs = 10.10.8.2
PresharedKey = Prekey
sudo wg
interface: wg0
public key: pubkey
private key: (hidden)
listening port: 51830
peer: pubkey
preshared key: (hidden)
endpoint: *******:5284
allowed ips: 10.10.8.2/32
latest handshake: 46 seconds ago
transfer: 27.09 KiB received, 9.44 KiB sent
[admin@MikroTik] > ping habr.ru interface=wireguard_bird
SEQ HOST SIZE TTL TIME STATUS
0 178.248.233.33 56 56 57ms840us
1 178.248.233.33 56 56 56ms420us
2 178.248.233.33 56 56 55ms768us
3 178.248.233.33 56 56 56ms206us
sent=4 received=4 packet-loss=0% min-rtt=55ms768us avg-rtt=56ms558us max-rtt=57ms840us
Пинг на сервере ping habr.ru -I wg0
PING habr.ru (178.248.233.33) from 10.10.8.1 wg0: 56(84) bytes of data.
From hospr10629 (10.10.8.1) icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Required key not available
sudo iptables -L –line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
