Почему этот маршрут Wireguard не работает?
Я установил три узла Wireguard - a, b и c (файл Vagrant ниже). И b, и c подключаются к a и могут подключаться к a через туннель Wireguard. Но b и c не могут пинговать друг друга - почему?
Vagrant.configure("2") do |config|
[
{
name: "a",
wgcfg: <<-WGCFG
[Interface]
PrivateKey=gCQW9uFhkiFwXAOfVINXm+BF4s8fZcTWAfxJboAg01I=
ListenPort=50031
Address=192.168.234.65/26
[Peer]
PublicKey=5T5HdEaGxtDLCoC4QTb3B1e0suer4IadTEwWZ5Je7w0=
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
[Peer]
PublicKey=1nYwoKaMswzdiM/2UNDDJf/DRX5m/6M27dLMOeqaxwk=
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
WGCFG
},
{
name: "b",
wgcfg: <<-WGCFG
[Interface]
PrivateKey=KFsOZmkbHUmPNQmjgWn4lJa/MiszGcAuFNJb8HSda2M=
Address=192.168.234.66/26
[Peer]
PublicKey=5U5KqwaEA3I9nMYAfVA6thA2XUwOUVU8Y4C8CzeRzVo=
Endpoint=172.28.128.3:50031
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
WGCFG
},
{
name: "c",
wgcfg: <<-WGCFG
[Interface]
PrivateKey=6Gl/ZbyOKJHhQUSLaMrShU/ukNfvvDdiwz1a7t45Q3I=
Address=192.168.234.67/26
[Peer]
PublicKey=5U5KqwaEA3I9nMYAfVA6thA2XUwOUVU8Y4C8CzeRzVo=
Endpoint=172.28.128.3:50031
AllowedIPs=192.168.234.0/26
PersistentKeepalive=25
WGCFG
}
].each do |specs|
config.vm.define specs[:name] do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "private_network", type: "dhcp"
config.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
end
config.vm.provision "shell", inline: <<-SHELL
sudo add-apt-repository -y ppa:wireguard/wireguard
sudo bash -c 'DEBIAN_FRONTEND=noninteractive apt-get -y install wireguard tshark'
sudo bash -exo pipefail -c 'cat <<<"$0" >/etc/wireguard/wg1.conf' '#{specs[:wgcfg]}'
sudo systemctl enable wg-quick@wg1.service
sudo systemctl restart wg-quick@wg1.service
sudo bash -exo pipefail -c 'cat <<<'net.ipv4.ip_forward=1' >/etc/sysctl.d/99-router.conf'
sudo sysctl -w net.ipv4.ip_forward=1
SHELL
end
end
end
0
задан Al Klimov
7 October 2019 в 07:36
Ссылка
1 ответ
Сделайте одну/30 подсеть для a-b и один для a-c. Включайте a-b подсеть в AllowedIPs на c и a-c подсеть в AllowedIPs на b. Т.е.:
Vagrant.configure("2") do |config|
[
{
name: "a",
wgcfgs: [
{
nic: "wg0",
cfg: <<-WGCFG
[Interface]
PrivateKey=gCQW9uFhkiFwXAOfVINXm+BF4s8fZcTWAfxJboAg01I=
ListenPort=50031
Address=192.168.234.65/30
[Peer]
PublicKey=5T5HdEaGxtDLCoC4QTb3B1e0suer4IadTEwWZ5Je7w0=
AllowedIPs=192.168.234.66/32
PersistentKeepalive=25
WGCFG
},
{
nic: "wg1",
cfg: <<-WGCFG
[Interface]
PrivateKey=gCQW9uFhkiFwXAOfVINXm+BF4s8fZcTWAfxJboAg01I=
ListenPort=50032
Address=192.168.234.69/30
[Peer]
PublicKey=1nYwoKaMswzdiM/2UNDDJf/DRX5m/6M27dLMOeqaxwk=
AllowedIPs=192.168.234.70/32
PersistentKeepalive=25
WGCFG
}
]
},
{
name: "b",
wgcfgs: [
{
nic: "wg0",
cfg: <<-WGCFG
[Interface]
PrivateKey=KFsOZmkbHUmPNQmjgWn4lJa/MiszGcAuFNJb8HSda2M=
Address=192.168.234.66/30
[Peer]
PublicKey=5U5KqwaEA3I9nMYAfVA6thA2XUwOUVU8Y4C8CzeRzVo=
Endpoint=172.28.128.3:50031
AllowedIPs=192.168.234.65/32, 192.168.234.68/30
PersistentKeepalive=25
WGCFG
}
]
},
{
name: "c",
wgcfgs: [
{
nic: "wg0",
cfg: <<-WGCFG
[Interface]
PrivateKey=6Gl/ZbyOKJHhQUSLaMrShU/ukNfvvDdiwz1a7t45Q3I=
Address=192.168.234.70/30
[Peer]
PublicKey=5U5KqwaEA3I9nMYAfVA6thA2XUwOUVU8Y4C8CzeRzVo=
Endpoint=172.28.128.3:50032
AllowedIPs=192.168.234.69/32, 192.168.234.64/30
PersistentKeepalive=25
WGCFG
}
]
}
].each do |specs|
config.vm.define specs[:name] do |config|
config.vm.box = "ubuntu/bionic64"
config.vm.network "private_network", type: "dhcp"
config.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
end
config.vm.provision "shell", inline: <<-SHELL
sudo add-apt-repository -y ppa:wireguard/wireguard
sudo bash -c 'DEBIAN_FRONTEND=noninteractive apt-get -y install wireguard'
sudo bash -exo pipefail -c 'cat <<<'net.ipv4.ip_forward=1' >/etc/sysctl.d/99-router.conf'
sudo sysctl -w net.ipv4.ip_forward=1
#{specs[:wgcfgs].map{|wgcfg|<<-WG
sudo bash -exo pipefail -c 'cat <<<"[110]" >/etc/wireguard/#{wgcfg[:nic]}.conf' '#{wgcfg[:cfg]}'
sudo systemctl enable wg-quick@#{wgcfg[:nic]}.service
sudo systemctl restart wg-quick@#{wgcfg[:nic]}.service
WG
}.join}
SHELL
end
end
end
0