Wi-Fiインターフェイス(wlan)を使用して動作するようにWireguardサーバーとクライアントを設定しました。ケーブルを介してルータに接続すると、接続インターフェイスeth0に接続/ハンドシェイクを設定できません。
2つのインターフェイスが同時に動作するようにするにはどうすればよいですか(2つのインターフェイス間で柔軟に切り替えることができるようにしたいですか)。
pi@metalhead_4:~/configs $ cat wguardvpn.conf
[Interface]
PrivateKey =
Address = 10.226.150.3/24,fd11:5ee:bad:c0de::3/64
DNS = 8.8.8.8, 149.112.112.112
#PreUp = iptables --table nat --append POSTROUTING --jump MASQUERADE --out interface eth0
#PreUp = iptables -t nat -I POSTROUTING -j MASQUERADE -o wg0
PreUp = iptables -A POSTROUTING -s 10.226.0.0/24 -o et0 -j SNAT --to-source 10.226.150.3 -t nat
#PreDown = iptables --table nat --delete POSTROUTING --jump MASQUERADE --out interface eth0
#PreDown = iptables -t nat -D POSTROUTING -j MASQUERADE -o wg0
PreDown = iptables -D POSTROUTING -s 10.226.0.0/24 -o et0 -j SNAT --to-source 10.226.150.3 -t nat
[Peer]
PublicKey =
PresharedKey =
Endpoint = 67.170.120.108:51820
AllowedIPs = 0.0.0.0/0, ::0/0
pi@metalhead_4:~ $ sudo wg
interface: wg0
public key:
private key: (hidden)
listening port: 51820
peer:
preshared key: (hidden)
endpoint: 67.170.120.108:51407
allowed ips: 10.226.150.3/32, fd11:5ee:bad:c0de::3/128
latest handshake: 1 hour, 41 minutes, 53 seconds ago
transfer: 7.00 MiB received, 145.60 MiB sent
peer:
preshared key: (hidden)
allowed ips: 10.226.150.2/32, fd11:5ee:bad:c0de::2/128
pi@metalhead_4:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.49.217.61 netmask 255.255.255.0 broadcast 10.49.217.255
inet6 fe80::d506:9085:74d0:2b8a prefixlen 64 scopeid 0x20<link>
inet6 2601:602:8e80:b240:4968:d21a:4abc:fc6d prefixlen 64 scopeid 0x0<global>
inet6 2601:602:8e80:b240::e064 prefixlen 128 scopeid 0x0<global>
ether b8:27:eb:1b:21:4b txqueuelen 1000 (Ethernet)
RX packets 1995 bytes 428128 (418.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5830 bytes 515199 (503.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 52001 bytes 5167821 (4.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52001 bytes 5167821 (4.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 10.226.150.1 netmask 255.255.255.0 destination
10.226.150.1
inet6 fd11:5ee:bad:c0de::1 prefixlen 64 scopeid 0x0<global>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 57864 bytes 7337748 (6.9 MiB)
RX errors 12 dropped 0 overruns 0 frame 12
TX packets 110029 bytes 149649588 (142.7 MiB)
TX errors 0 dropped 2110 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::484d:7bce:4a83:643a prefixlen 64 scopeid 0x20<link>
inet6 2601:602:8e80:b240:8a70:b1dc:4722:ae87 prefixlen 64 scopeid 0x0<global>
inet6 2601:602:8e80:b240::ffe5 prefixlen 128 scopeid 0x0<global>
ether b8:27:eb:4e:74:1e txqueuelen 1000 (Ethernet)
RX packets 447644 bytes 226415651 (215.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 430179 bytes 228344598 (217.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
IPテーブル
pi@metalhead_4:~ $ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:51820 /* wireguard-input-rule */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:51820 ctstate NEW
ACCEPT tcp -- 10.200.200.0/24 anywhere tcp dpt:domain ctstate NEW
ACCEPT tcp -- 10.226.150.0/24 anywhere tcp dpt:domain ctstate NEW
ACCEPT udp -- 10.226.150.0/24 anywhere udp dpt:domain ctstate NEW
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 10.226.150.0/24 ctstate RELATED,ESTABLISHED /* wireguard-forward-rule */
ACCEPT all -- 10.226.150.0/24 anywhere /* wireguard-forward-rule */
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere ctstate NEW
Chain OUTPUT (policy ACCEPT)
target prot opt source destination