Mar 07 12:10:16 nixos kernel: wireguard: wg0: Handshake for peer 1 (192.248.152.91:58338) did not complete after 5 seconds, retrying (try 3)
Mar 07 12:10:16 nixos kernel: wireguard: wg0: Sending handshake initiation to peer 1 (192.248.152.91:58338)
허용된 IP를 다른 것으로 설정하면 작동하는 것 같습니다 0.0.0.0. 제가 이해한 바에 따르면 Wireguard VPN을 통해서만 해당 IP에 대한 연결을 보낼 수 있습니다.
networking.firewall = {
enable = false;
};
# Enable Wireguard
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.66.66.2/32" ];
listenPort = 58338; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKey= "************************";
peers = [
{
publicKey = "***************";
presharedKey = "*****************";
allowedIPs = [ "0.0.0.0/0" ];
#allowedIPs = [ "10.66.66.1" "94.130.178.87" ];
endpoint = "192.248.152.91:58338"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
나는 다 읽었다https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577/4그러나 IP 경로를 추가한 후에도 ip route add 192.248.152.91 via 10.66.66.1 dev wg0동작에는 아무런 변화가 없는 것 같습니다.
root@nixos> ip route ~
default dev wg0 scope link
default via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.15 metric 202
10.0.2.0/24 dev eth0 proto dhcp scope link src 10.0.2.15 metric 202
192.248.152.91 via 10.66.66.1 dev wg0
답변1
다음 경로를 추가해야 했습니다.
ip route add 192.248.152.91 via 10.0.2.2
여기에서는 이 문제에 대해 많은 논의가 있습니다.https://github.com/NixOS/nixpkgs/issues/51258#issuecomment-673839893