问题
我想使用 Wireguard 作为 VPN,以便能够远程访问我的 LAN 设备,同时能够通过我的本地 Pi-hole 路由流量以阻止广告并在不受信任的网络上确保安全。
因此,我按照 Pi-hole的 Wireguard 教程,在 Pi-hole 上设置了 Wireguard 。我严格遵循了所有步骤,在设置完所有步骤后,我可以通过10.100.0.1客户端访问服务器,但无法访问其他任何内容 - 无论是网站还是本地设备。
我目前所做的:
- 按照此处所述创建 Wireguard 配置
- 按照此处所述创建客户端配置
- 让我的客户端能够按照此处所述通过 Wireguard 传输所有互联网流量
- 修改
99-sysctl.conf文件以启用 IP 转发,并在服务器上启用 NAT,如此处所述
我不知道缺少了什么。
这是我的配置文件的内容:
wg0.conf
Address = 10.100.0.1/24, fd08:4711::1/64
ListenPort = 47111
PrivateKey = redacted
PostUp = nft add table ip wireguard; nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade; nft add table ip6 wireguard; nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;}; nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade
PostDown = nft delete table ip wireguard; nft delete table ip6 wireguard
[Peer]
PublicKey = redacted
PresharedKey = redacted
AllowedIPs = 10.100.0.2/32, fd08:4711::2/128
客户端配置文件
[Interface]
Address = 10.100.0.2/32, fd08:4711::2/128
DNS = 10.100.0.1
PrivateKey = redacted
[Peer]
#AllowedIPs = 10.100.0.1/32, fd08:4711::1/128
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = mydoma.in:47111
PersistentKeepalive = 25
PublicKey = redacted
PresharedKey = redacted
输出ip route
default via 192.24.0.1 dev enp6s0 proto dhcp src 192.24.0.3 metric 100
10.0.0.0/24 dev br-2747fb0d94d8 proto kernel scope link src 10.0.0.1
10.100.0.0/24 dev wg0 proto kernel scope link src 10.100.0.1
10.178.40.0/24 dev tun0 proto kernel scope link src 10.178.40.1
192.17.0.0/16 dev docker0 proto kernel scope link src 192.17.0.1 linkdown
192.18.0.0/16 dev br-cb5d7cb9fc9b proto kernel scope link src 192.18.0.1
192.19.0.0/16 dev br-6fa7708a9945 proto kernel scope link src 192.19.0.1
192.20.0.0/16 dev br-0003ef5216eb proto kernel scope link src 192.20.0.1
192.21.0.0/16 dev br-5779db6c38ec proto kernel scope link src 192.21.0.1
192.22.0.0/16 dev br-0b6ecf5437f9 proto kernel scope link src 192.22.0.1 linkdown
192.23.0.0/16 dev br-9813798ea15d proto kernel scope link src 192.23.0.1
192.24.0.0/24 dev enp6s0 proto kernel scope link src 192.24.0.3 metric 100
192.25.0.0/16 dev br-bd655dfed23b proto kernel scope link src 192.25.0.1 linkdown
wireguard 客户端日志输出
--------- beginning of main
09-17 15:55:49.839 27728 27791 I WireGuard/GoBackend: Bringing tunnel wireguard_vpn UP
09-17 15:55:49.840 27728 27791 D WireGuard/GoBackend: Requesting to start VpnService
09-17 15:55:49.935 27728 27791 D WireGuard/GoBackend: Go backend 2163620
09-17 15:55:49.937 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Attaching to interface tun0
09-17 15:55:49.941 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UAPI: Updating private key
09-17 15:55:49.942 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UAPI: Removing all peers
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 3 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 6 - started
09-17 15:55:49.942 27728 27797 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 3 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 3 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 4 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 2 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 5 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 5 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 4 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 6 - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 8 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 5 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 6 - started
09-17 15:55:49.942 27728 27959 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 1 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 7 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 8 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 7 - started
09-17 15:55:49.942 27728 27797 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 2 - started
09-17 15:55:49.942 27728 27803 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 8 - started
09-17 15:55:49.942 27728 27959 D WireGuard/GoBackend/wireguard_vpn: Routine: TUN reader - started
09-17 15:55:49.942 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: encryption worker 7 - started
09-17 15:55:49.942 27728 27956 D WireGuard/GoBackend/wireguard_vpn: Routine: event worker - started
09-17 15:55:49.943 27728 27957 D WireGuard/GoBackend/wireguard_vpn: Routine: handshake worker 2 - started
09-17 15:55:49.943 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Created
09-17 15:55:49.943 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Adding allowedip
09-17 15:55:49.943 27728 27955 D WireGuard/GoBackend/wireguard_vpn: Routine: decryption worker 4 - started
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Adding allowedip
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating endpoint
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating persistent keepalive interval
09-17 15:55:49.944 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - UAPI: Updating preshared key
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: UDP bind has been updated
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Starting
09-17 15:55:49.947 27728 27955 D WireGuard/GoBackend/wireguard_vpn: Routine: receive incoming v6 - started
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Sending keepalive packet
09-17 15:55:49.947 27728 27791 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Sending handshake initiation
09-17 15:55:49.947 27728 31398 D WireGuard/GoBackend/wireguard_vpn: Routine: receive incoming v4 - started
09-17 15:55:49.947 27728 27803 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Routine: sequential sender - started
09-17 15:55:49.947 27728 27957 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Routine: sequential receiver - started
09-17 15:55:49.948 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Interface state was Down, requested Up, now Up
09-17 15:55:49.948 27728 27791 D WireGuard/GoBackend/wireguard_vpn: Device started
09-17 15:55:49.968 27728 27957 D WireGuard/GoBackend/wireguard_vpn: peer(5jcX…pTiU) - Received handshake response
系统信息
服务器
- Xubuntu 24.04.1 LTS
- 64GB 内存
- 通过安装脚本安装 Pi-hole (非 dockerized)
- 通过安装脚本安装 Wireguard (非 dockerized)
- UFW 已启用,
udp allow 47111/udp完成
路由器
- FRITZ!Box 已启用 47111/UDP 端口转发
客户
- GrapheneOS / Android 14
- Wireguard F-Droid
- 通过二维码解析配置
如果有人能给我提供任何类型的提示,我将不胜感激。
提前致谢。
ChatGPT 在这里非常有用。
除了允许 47111/udp 之外,还必须进行一些 ufw 调整:
之后问题就解决了。也许这对某些人有帮助。