Ping uma porta específica

Question

tai

Asked: 2024-09-14 01:41:06 +0800 CST2024-09-14 01:41:06 +0800 CST 2024-09-14 01:41:06 +0800 CST

O cliente Wireguard não consegue acessar a internet

772

Problema

Quero usar o Wireguard como VPN para poder acessar meus dispositivos LAN remotamente e, ao mesmo tempo, rotear o tráfego pelo meu Pi-hole local para bloquear anúncios e ficar seguro em redes não confiáveis.

Assim, configurei o Wireguard com Pi-hole usando o tutorial do Pi-hole sobre o Wireguard . Segui todos os passos bem pedantes e depois de configurar tudo, consegui acessar o servidor via 10.100.0.1meu cliente, mas nada mais - nem site nem dispositivos locais.

O que eu fiz até agora:

crie uma configuração Wireguard conforme indicado aqui
crie uma configuração de cliente exatamente como declarado aqui
fazer com que meu cliente consiga canalizar todo o tráfego da Internet através do Wireguard, conforme descrito aqui
altere o 99-sysctl.confarquivo para habilitar o encaminhamento de IP e habilite o NAT no servidor conforme indicado aqui

Não tenho ideia do que está faltando.

Aqui está o conteúdo dos meus arquivos conf:

wg0.conf

Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 47111
PrivateKey = redacted

PostUp = nft add table ip wireguard; nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade; nft add table ip6 wireguard; nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade
PostDown = nft delete table ip wireguard; nft delete table ip6 wireguard

[Peer]
PublicKey = redacted
PresharedKey = redacted
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128

cliente.conf

[Interface]
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1
PrivateKey = redacted

[Peer]
#AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = mydoma.in:47111
PersistentKeepalive = 25
PublicKey = redacted
PresharedKey = redacted

saída deip route

default via 192.24.0.1 dev enp6s0 proto dhcp src 192.24.0.3 metric 100 
10.0.0.0/24 dev br-2747fb0d94d8 proto kernel scope link src 10.0.0.1 
10.100.0.0/24 dev wg0 proto kernel scope link src 10.100.0.1 
10.178.40.0/24 dev tun0 proto kernel scope link src 10.178.40.1 
192.17.0.0/16 dev docker0 proto kernel scope link src 192.17.0.1 linkdown 
192.18.0.0/16 dev br-cb5d7cb9fc9b proto kernel scope link src 192.18.0.1 
192.19.0.0/16 dev br-6fa7708a9945 proto kernel scope link src 192.19.0.1 
192.20.0.0/16 dev br-0003ef5216eb proto kernel scope link src 192.20.0.1 
192.21.0.0/16 dev br-5779db6c38ec proto kernel scope link src 192.21.0.1 
192.22.0.0/16 dev br-0b6ecf5437f9 proto kernel scope link src 192.22.0.1 linkdown 
192.23.0.0/16 dev br-9813798ea15d proto kernel scope link src 192.23.0.1 
192.24.0.0/24 dev enp6s0 proto kernel scope link src 192.24.0.3 metric 100 
192.25.0.0/16 dev br-bd655dfed23b proto kernel scope link src 192.25.0.1 linkdown

saída de log do cliente wireguard

--------- beginning of main
09-17 15:55:49.839 27728 27791 I WireGuard/GoBackend: Bringing tunnel wireguard_vpn UP
09-17 15:55:49.840 27728 27791 D WireGuard/GoBackend: Requesting to start VpnService
09-17 15:55:49.935 27728 27791 D WireGuard/GoBackend: Go backend 2163620
09-17 15:55:49.937 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Attaching to interface tun0
09-17 15:55:49.941 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UAPI: Updating private key
09-17 15:55:49.942 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UAPI: Removing all peers
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 3 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 6 - started
09-17 15:55:49.942 27728 27797 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 3 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 3 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 4 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 2 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 5 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 5 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 4 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 6 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 8 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 5 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 6 - started
09-17 15:55:49.942 27728 27959 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 7 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 8 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 7 - started
09-17 15:55:49.942 27728 27797 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 2 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 8 - started
09-17 15:55:49.942 27728 27959 D WireGuard/GoBackend/wireguard_vpn: Routine: TUN reader - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 7 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: event worker - started
09-17 15:55:49.943 27728 27957 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 2 - started
09-17 15:55:49.943 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Created
09-17 15:55:49.943 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Adding allowedip
09-17 15:55:49.943 27728 27955 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 4 - started
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Adding allowedip
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating endpoint
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating persistent keepalive interval
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating preshared key
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UDP bind has been updated
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Starting
09-17 15:55:49.947 27728 27955 D WireGuard/GoBackend/wireguard_vpn: Routine: receive incoming v6 - started
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Sending keepalive packet
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Sending handshake initiation
09-17 15:55:49.947 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: receive incoming v4 - started
09-17 15:55:49.947 27728 27803 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Routine: sequential sender - started
09-17 15:55:49.947 27728 27957 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Routine: sequential receiver - started
09-17 15:55:49.948 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Interface state was Down, requested Up, now Up
09-17 15:55:49.948 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Device started
09-17 15:55:49.968 27728 27957 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Received handshake response

Informações do sistema

Servidor

Xubuntu 24.04.1 LTS
64 GB de RAM
Pi-hole instalado via script de instalação (não dockerizado)
Wireguard instalado via script de instalação (não dockerizado)
UFW habilitado, udp allow 47111/udpconcluído

Roteador

FRITZ!Box com encaminhamento de porta para 47111/UDP habilitado

Cliente

GrapheneOS / Android 14
Wireguard F-Droid
configuração analisada via código QR

Se alguém puder me dar dicas de qualquer tipo, eu ficaria muito grato.

Muito obrigado antecipadamente.

1 respostas

Voted

tai · Answer 1 · 2024-09-17T22:06:48+08:00

Best Answer

tai

2024-09-17T22:06:48+08:002024-09-17T22:06:48+08:00

O ChatGPT foi bastante útil aqui.

Alguns ajustes de ufw tiveram que ser feitos além de permitir 47111/udp:

sudo ufw allow in on wg0
sudo ufw allow out on wg0
sudo ufw route allow in on wg0 out on enp6s0
sudo ufw route allow in on enp6s0 out on wg0

Depois disso, o problema desapareceu. Talvez isso ajude alguém.