Не получается выйти в инет через VPN. Тоннель собирается, внутренний IP сервера пингуется, но за сервер в инет не выходит ничего.
cat /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward=1
Server:
[Interface]
Address = 10.200.200.1/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey =
[Peer]
PublicKey =
AllowedIPs = 10.200.200.100/32
Client:
[Interface]
Address = 10.200.200.100/24
PrivateKey =
DNS = 10.200.200.1
[Peer]
PublicKey =
AllowedIPs = 0.0.0.0/0
Endpoint = 50.50.50.50:51820
Client:
ping 10.200.200.1
PING 10.200.200.1 (10.200.200.1) 56(84) bytes of data.
64 bytes from 10.200.200.1: icmp_seq=1 ttl=64 time=76.9 ms
64 bytes from 10.200.200.1: icmp_seq=2 ttl=64 time=76.8 ms
64 bytes from 10.200.200.1: icmp_seq=3 ttl=64 time=77.4 ms
64 bytes from 10.200.200.1: icmp_seq=4 ttl=64 time=79.8 ms
----------------------------------------------------------
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 102ms
----------------------------------------------------------
ip route
default via 192.168.1.1 dev enp0s20f0u1 proto dhcp src 192.168.1.31 metric 202
10.200.200.0/24 dev wg0 proto kernel scope link src 10.200.200.100
192.168.1.0/24 dev enp0s20f0u1 proto dhcp scope link src 192.168.1.31 metric 202
192.168.11.0/30 dev enp0s31f6 proto kernel scope link src 192.168.11.1 linkdown
----------------------------------------------------------
routel
target gateway source proto scope dev tbl
default link wg0 51820
default 192.168.1.1 192.168.1.31 dhcp enp0s20f0u1
10.200.200.0/ 24 10.200.200.100 kernel link wg0
192.168.1.0/ 24 192.168.1.31 dhcp linkenp0s20f0u1
192.168.11.0/ 30 192.168.11.1 kernel linkenp0s31f6
10.200.200.0 broadcast 10.200.200.100 kernel link wg0 local
10.200.200.100 local 10.200.200.100 kernel host wg0 local
10.200.200.255 broadcast 10.200.200.100 kernel link wg0 local
192.168.1.0 broadcast 192.168.1.31 kernel linkenp0s20f0u1 local
192.168.1.31 local 192.168.1.31 kernel hostenp0s20f0u1 local
192.168.1.255 broadcast 192.168.1.31 kernel linkenp0s20f0u1 local
Server:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12134 2091K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
81 3684 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
696 22760 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 ctstate NEW
659 44214 UDP udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
218 10764 TCP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 ctstate NEW
657 43862 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
225 11024 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
8 320 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
Chain FORWARD (policy DROP 4865 packets, 274K bytes)
pkts bytes target prot opt in out source destination
10013 857K ACCEPT all -- wg0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2032 packets, 164K bytes)
pkts bytes target prot opt in out source destination
Chain TCP (1 references)
pkts bytes target prot opt in out source destination
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:777
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51820
Chain UDP (1 references)
pkts bytes target prot opt in out source destination
2 352 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51820