0

我正在使用wireguard,这是我在 /etc/wireguard/wireguard.conf 中的服务器配置:

[Interface]
Address = 0.0.0.0
# server private key
PrivateKey = GL7AIArkhGTKkz3vSn/ONifC7SKJtspYDDZEtAybyVE=    
ListenPort = 51820

[Peer]
# windows client public key
PublicKey = 3omwALzVoZhaqdu6dwL9vpRFlv+1omznmtuQKdwODFE=
AllowedIPs = 192.168.3.0/24

这是我的客户端配置:

[Interface]
PrivateKey = f4e60OIQXMdny6+hBDwddHB6tGS6a4WKYpG89ERQK+Tk=
Address = 192.168.3.1/24

[Peer]
PublicKey = 72Gix3UR/coszkazkVp3ieRrlMTOK8ia2TISnaD1Az4=
Endpoint = 14.80.12.186:51820
AllowedIPs = 0.0.0.0/0

客户端使用tunsafe,连接成功。问题是:连接wireguard后,wireguard服务器无法访问互联网异常,这是服务器ipv4转发配置:

[root@dolphin-xiaoqiang ~]# sysctl -a |grep net.ipv4.ip_forward
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
4

1 回答 1

2

在服务器端添加 iptables 规则:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
于 2019-02-17T10:09:04.007 回答