WireGuard Ubuntu 22.04服务端与MacOS客户端显示连接活跃但实际无法正常连通问题求助
2026-4-20
WireGuard Ubuntu 22.04服务端与MacOS客户端显示连接活跃但实际无法正常连通问题求助
我现在遇到了WireGuard的连通故障,情况如下:
我有一台运行Ubuntu 22.04的云服务器,已经部署好WireGuard服务端;同时有一台MacOS设备安装了WireGuard客户端。现在客户端APP显示连接已激活,但我的IP地址并没有切换成服务器的IP,而且在服务端也看不到任何活跃的连接记录。
我的配置文件信息:
服务端配置 /etc/wireguard/wg0.conf
[Interface] Address = 10.8.0.1/24, cce7:c18e:3cd5::2/64 ListenPort = 41194 SaveConfig = true PostUp = ufw route allow in on wg0 out on ens192 PostUp = iptables -t nat -I POSTROUTING -o ens192 -j MASQUERADE PostUp = ip6tables -t nat -I POSTROUTING -o ens192 -j MASQUERADE PreDown = ufw route delete allow in on wg0 out on ens192 PreDown = iptables -t nat -D POSTROUTING -o ens192 -j MASQUERADE PreDown = ip6tables -t nat -D POSTROUTING -o ens192 -j MASQUERADE PrivateKey = <server_private_key>
客户端Peer配置
[Interface] PrivateKey = <peer_private_key> Address = 10.8.0.2/24, cce7:c18e:3cd5::2/64 [Peer] PublicKey = <server_public_key> AllowedIPs = 10.8.0.0/24, cce7:c18e:3cd5::/64 Endpoint = dunno.com:41194
防火墙设置
我已经在防火墙开放了UDP 41194端口,并且wg0配置里的路由规则也已生效:
- 41194/udp ALLOW Anywhere
- 41194/udp (v6) ALLOW Anywhere (v6)
- Anywhere on ens192 ALLOW FWD Anywhere on wg0
- Anywhere (v6) on ens192 ALLOW FWD Anywhere (v6) on wg0
WireGuard服务运行状态
服务端的WireGuard服务是正常运行的:
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0 Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled) Active: active (exited) since Sat 2023-12-16 11:22:50 UTC; 8s ago Docs: man:wg-quick(8) man:wg(8) https://www.wireguard.com/ https://www.wireguard.com/quickstart/ https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 Process: 5925 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS) Main PID: 5925 (code=exited, status=0/SUCCESS) CPU: 239ms Dec 16 11:22:50 localhost wg-quick[5925]: [#] wg setconf wg0 /dev/fd/63 Dec 16 11:22:50 localhost wg-quick[5925]: [#] ip -4 address add 10.8.0.1/24 dev wg0 Dec 16 11:22:50 localhost wg-quick[5925]: [#] ip -6 address add cce7:c18e:3cd5::2/64 dev wg0 Dec 16 11:22:50 localhost wg-quick[5925]: [#] ip link set mtu 1420 up dev wg0 Dec 16 11:22:50 localhost wg-quick[5925]: [#] ufw route allow in on wg0 out on ens192 Dec 16 11:22:50 localhost wg-quick[5956]: Rule added Dec 16 11:22:50 localhost wg-quick[5956]: Rule added (v6) Dec 16 11:22:50 localhost wg-quick[5925]: [#] iptables -t nat -I POSTROUTING -o ens192 -j MASQUERADE Dec 16 11:22:50 localhost wg-quick[5925]: [#] ip6tables -t nat -I POSTROUTING -o ens192 -j MASQUERADE Dec 16 11:22:50 localhost systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
当前问题
我能激活客户端的连接,APP显示绿灯,但访问查IP类网站时,显示的还是我本地的IP。另外在服务端执行wg show wg0也看不到任何活跃连接:
#wg show wg0 interface: wg0 public key: <public_server_key> private key: (hidden) listening port: 41194
更新进展
看到@Michalng的评论后,我明白了AllowedIPs是用来定义哪些流量需要走WireGuard隧道的,于是我把客户端的AllowedIPs改成了::/0, 0.0.0.0/0,现在能看到有数据通过连接传输到服务器了,但出现了DNS解析的问题。
之后我在客户端配置里添加了我OpenWRT路由器的IP作为DNS:
[Interface] .... DNS = 192.168.200.1
现在在Mac终端执行nslookup google.com能正常解析,但浏览器里打不开同一个页面,一直加载。而且客户端APP显示“Data sent: X MB”,但在服务端执行wg show all还是只显示wg0接口,看不到Peer的连接信息。
请问我还差什么配置或者步骤才能让整个连接正常工作?
备注:内容来源于stack exchange,提问作者AntonSack
