두 개의 가상 머신(서버, 클라이언트)이 네트워크 10.0.0.0/24에 연결되어 있고 wireguard를 실행 중입니다. 서버의 구성은 다음과 같습니다.
[Interface]
PrivateKey = <server_private_key>
Address = 172.0.0.1/24
ListenPort = 10001
[Peer]
PublicKey = <client_public_key>
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 10
서버 iptables 규칙
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
클라이언트의 구성은 다음과 같습니다.
[Interface]
PrivateKey = <client_private_key>
Address = 172.0.0.2/24
[Peer]
PublicKey = <server_public_key>
AllowedIPs = 172.0.0.0/24
Endpoint = 172.0.0.1:10001
PersistentKeepalive = 10
및 클라이언트 iptables 규칙
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
클라이언트에 ping을 실행하면 172.0.0.2다음과 같은 결과가 나타납니다.
PING 172.0.0.2 (172.0.0.2) 56(84) bytes of data.
From 172.0.0.1 icmp_seq=1 Destination Host Unreachable
ping: sendmsg: Destination address required
From 172.0.0.1 icmp_seq=2 Destination Host Unreachable
ping: sendmsg: Destination address required
From 172.0.0.1 icmp_seq=3 Destination Host Unreachable
ping: sendmsg: Destination address required
^C
--- 172.0.0.2 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2045ms
서버에 ping을 보내면 172.0.0.1모든 패킷이 삭제됩니다.
PING 172.0.0.1 (172.0.0.1) 56(84) bytes of data.
^C
--- 172.0.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2053ms