LINUX.ORG.RU

Сообщения makhounizxc

 

WireGuard есть соединение, но ip не меняется

Форум — Admin

Второй день уже пытаюсь поставить WireGuard на сервер (Debian10) Соединение есть, но IP адрес на клиенте не меняется, хотя, вроде, все настроено правильно Может кто подскажет куда копать? Поиски решения ни к чему не привели

Server conf:

SERVER:
[Interface]
PrivateKey = [privatkey]
Address = 10.10.10.1/24
ListenPort = 51194
DNS = 1.1.1.1
SaveConfig = true

PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens192 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens192 -j MASQUERADE

[Peer]
PublicKey = [publickey]
AllowedIPs = 10.10.10.2/32

Client conf:

[Interface]
PrivateKey = [privatkey]
Address = 10.10.10.2/24
 
[Peer]
PublicKey = [publickey]
Endpoint = [serverip]:51194
PersistentKeepalive = 20
AllowedIPs = 10.10.10.1/32

wg show

root@debian10:~# wg show
interface: wg0
  public key: [public serverkey]
  private key: (hidden)
  listening port: 51194

peer: [clinet publickey]
  endpoint: [client real ip]:3454
  allowed ips: 10.10.10.2/32
  latest handshake: 3 minutes, 24 seconds ago
  transfer: 276 B received, 92 B sent

ip route

root@debian10:~# ip route
default via [getway ip] dev ens192 onlink
[serverip].0/24 dev ens192 proto kernel scope link src [serverip].111
10.10.10.0/24 dev wg0 proto kernel scope link src 10.10.10.1

ufw status

root@debian10:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
51194/udp                  ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere
51194/udp (v6)             ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)

systemctl status wg-quick@wg0

root@debian10:~# systemctl status wg-quick@wg0
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sat 2024-09-07 00:58:50 EDT; 2h 23min ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 19893 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 19893 (code=exited, status=0/SUCCESS)

Sep 07 00:58:49 debian10 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Sep 07 00:58:50 debian10 wg-quick[19893]: [#] ip link add wg0 type wireguard
Sep 07 00:58:50 debian10 wg-quick[19893]: [#] wg setconf wg0 /dev/fd/63
Sep 07 00:58:50 debian10 wg-quick[19893]: [#] ip -4 address add 10.10.10.1/24 dev wg0
Sep 07 00:58:50 debian10 wg-quick[19893]: [#] ip link set mtu 1420 up dev wg0
Sep 07 00:58:50 debian10 wg-quick[19893]: [#] resolvconf -a wg0 -m 0 -x
Sep 07 00:58:50 debian10 wg-quick[19893]: Too few arguments.
Sep 07 00:58:50 debian10 wg-quick[19893]: Too few arguments.
Sep 07 00:58:50 debian10 wg-quick[19893]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptabl
Sep 07 00:58:50 debian10 systemd[1]: Started WireGuard via wg-quick(8) for wg0.

ip a show wg0

root@debian10:~# ip a show wg0
22: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.10.10.1/24 scope global wg0
       valid_lft forever preferred_lft forever

wg show wg0 latest-handshakes

root@debian10:~# wg show wg0 latest-handshakes
[client publickey]    1725693605

 , ,

makhounizxc
()
5 комментариев

RSS подписка на новые темы