Question

我已经与Wireguard建立了以下vpn连接：

LAN1（192.168.1.0）和LAN2（192.168.178.0）通过Wireguard VPN服务器连接，该服务器在公共虚拟专用服务器（VPS）上运行。在本地LAN上，有Raspberry Pi可以路由流量（LAN1上的192.168.1.31和LAN2上的192.168.178.234）。我还在两个LAN的fritz框中添加了静态ipv4路由（参见图片）。

现在的问题是，并非所有流量都从一个LAN路由到另一个LAN。例如，我可以从LAN1 SSH到LAN2中的树莓派，但是在开始sudo apt升级时，它卡住了并且连接丢失了。我也可以ping LAN2上的所有设备。但是，当尝试在LAN2上打开fritzbox的http前端时，它不会加载。同样有趣的是，通过手机，我可以毫无问题地完成所有工作。也许我的配置有问题？一切工作都很好，直到wireguard更新在2020年5月/六月来。

这是配置：

wg0-client1.conf

[Interface]
Table = off
PrivateKey = <PRIVATE-KEY-CLIENT1>
Address = 172.16.100.2/24 # client1 address
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; 
    ip route add 192.168.178.0/24 via 172.16.100.2 mtu 1420; # route packets from/to LAN2 through wireguard interface (172.16.100.0/24 net)
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Virtual Private Server (VPS)
[Peer]
PublicKey = <PUBLIC-KEY-SERVER>
AllowedIPs = 172.16.100.0/24,192.168.178.0/24 # accept packets from server from VPN + local net of client2
Endpoint = [IPv6-of-server]:51820 # DONT FORGET THE BRACKETS! 
PersistentKeepalive = 25

wg0-client2.conf

[Interface]
Table = off
PrivateKey = <PRIVATE-KEY-CLIENT2>
Address = 172.16.100.3/24 # client2 address
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; 
    ip route add 192.168.1.0/24 via 172.16.100.3 mtu 1420; # route packets from/to LAN1 through wireguard interface (172.16.100.0/24 net)
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# Virtual Private Server (VPS)
[Peer]
PublicKey = <PUBLIC-KEY-SERVER>
AllowedIPs = 172.16.100.0/24,192.168.178.0/24 # accept packets from server from VPN + local net of client1
Endpoint = [IPv6-of-server]:51820 # DONT FORGET THE BRACKETS! 
PersistentKeepalive = 25

mobile-phone.conf

[Interface]
Address = 172.16.100.4/24
DNS = 172.16.100.1
PrivateKey = <PRIVATE-KEY-PHONE>

[Peer]
AllowedIPs = 172.16.100.0/24, 192.168.178.0/24, 192.168.1.0/24 # allow to connect to both LANs
Endpoint = [IPv6-of-server]:51820 # DONT FORGET THE BRACKETS! 
PublicKey = <PUBLIC-KEY-SERVER>

wg0-server.conf

[Interface]
Table = off
Address = 172.16.100.1/24
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; 
    ip route add 192.168.178.0/24 via 172.16.100.1 mtu 1420; ip route add 192.168.1.0/24 via 172.16.100.1 mtu 1420
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = <PRIVATE-KEY-SERVER>

# CLIENT 1
[Peer]
PublicKey = <PUBLIC-KEY-CLIENT1>
AllowedIPs = 172.16.100.2/32,192.168.1.0/24 # route traffic for itself and for the LAN it belongs to

# CLIENT 2
[Peer]
PublicKey = <PUBLIC-KEY-CLIENT2>
AllowedIPs = 172.16.100.3/32,192.168.178.0/24 # route traffic for itself and for the LAN it belongs to

# Mobile Phone
[Peer]
PublicKey = <PUBLIC-KEY-CLIENT3>
AllowedIPs = 172.16.100.10/32 # only route traffic for itself

# ... more clients possible

Wireguard站点通过公共服务器到站点VPN的连接-并非所有流量都经过？

0 个答案: