1

我已经建立了与wireguard的以下vpn连接:

LAN1 (192.168.1.0) 和 LAN2 (192.168.178.0) 通过运行在公共虚拟专用服务器 (VPS) 上的wireguard vpn 服务器连接。在本地 LAN 上有用于路由流量的 Raspberry Pi(LAN1 上的 192.168.1.31 和 LAN2 上的 192.168.178.234)。我还在两个 LAN 的 fritz 框中添加了静态 ipv4 路由(见图)。

现在的问题是,并非所有流量都从一个 LAN 路由到另一个 LAN。例如,我可以从 LAN1 ssh 到 LAN2 中的树莓派,但是在启动 sudo apt upgrade 时,它​​卡住了,连接丢失了。我也可以 ping LAN2 上的所有设备。但是当尝试在 LAN2 上打开 fritzbox 的 http 前端时,它不会加载。同样有趣的是,通过手机,我可以毫无问题地做所有事情。也许我的配置有问题?一切都运行良好,直到 2020 年 5 月 / 6 月更新了线控。

这是配置:

wg0-client1.conf

[Interface]
Table = off
PrivateKey = <PRIVATE-KEY-CLIENT1>
Address = 172.16.100.2/24 # client1 address
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; 
    ip route add 192.168.178.0/24 via 172.16.100.2 mtu 1420; # route packets from/to LAN2 through wireguard interface (172.16.100.0/24 net)
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Virtual Private Server (VPS)
[Peer]
PublicKey = <PUBLIC-KEY-SERVER>
AllowedIPs = 172.16.100.0/24,192.168.178.0/24 # accept packets from server from VPN + local net of client2
Endpoint = [IPv6-of-server]:51820 # DONT FORGET THE BRACKETS! 
PersistentKeepalive = 25

wg0-client2.conf

[Interface]
Table = off
PrivateKey = <PRIVATE-KEY-CLIENT2>
Address = 172.16.100.3/24 # client2 address
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; 
    ip route add 192.168.1.0/24 via 172.16.100.3 mtu 1420; # route packets from/to LAN1 through wireguard interface (172.16.100.0/24 net)
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Virtual Private Server (VPS)
[Peer]
PublicKey = <PUBLIC-KEY-SERVER>
AllowedIPs = 172.16.100.0/24,192.168.178.0/24 # accept packets from server from VPN + local net of client1
Endpoint = [IPv6-of-server]:51820 # DONT FORGET THE BRACKETS! 
PersistentKeepalive = 25

mobile-phone.conf

[Interface]
Address = 172.16.100.4/24
DNS = 172.16.100.1
PrivateKey = <PRIVATE-KEY-PHONE>

[Peer]
AllowedIPs = 172.16.100.0/24, 192.168.178.0/24, 192.168.1.0/24 # allow to connect to both LANs
Endpoint = [IPv6-of-server]:51820 # DONT FORGET THE BRACKETS! 
PublicKey = <PUBLIC-KEY-SERVER>

wg0-server.conf

[Interface]
Table = off
Address = 172.16.100.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; 
    ip route add 192.168.178.0/24 via 172.16.100.1 mtu 1420; ip route add 192.168.1.0/24 via 172.16.100.1 mtu 1420
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <PRIVATE-KEY-SERVER>

# CLIENT 1
[Peer]
PublicKey = <PUBLIC-KEY-CLIENT1>
AllowedIPs = 172.16.100.2/32,192.168.1.0/24 # route traffic for itself and for the LAN it belongs to

# CLIENT 2
[Peer]
PublicKey = <PUBLIC-KEY-CLIENT2>
AllowedIPs = 172.16.100.3/32,192.168.178.0/24 # route traffic for itself and for the LAN it belongs to

# Mobile Phone
[Peer]
PublicKey = <PUBLIC-KEY-CLIENT3>
AllowedIPs = 172.16.100.10/32 # only route traffic for itself

# ... more clients possible

LAN1 静态 ipv4 路由 LAN2 静态 ipv4 路由

4

0 回答 0