search

dndx / phantun

Transforms UDP stream into (fake) TCP streams that can go through Layer 3 & Layer 4 (NAPT) firewalls/NATs.
Apache License 2.0
1.71k stars 137 forks source link

Wireguard through Phantun,peers see each orther,but no internet sharing. #94

Closed Kjwj closed 1 year ago

Kjwj commented 1 year ago

Hello ,Dear all experts. I try to use Phantun in my case, I read the instructions carefully. yep,I can create two-way peer-to-peer links. But the client cannot share the server's internet service. I tried for days, but still couldn't find the root of the problem.I am so stupid.I would like to get some guidance from everyone.

The circumstances are as follows:

Step 1. Server (@ubuntu 22.04.1 LTS )& Client(@ubuntu 18.04.6 LTS) : net.ipv4.ip_forward=1 ---check

Step 2. firewall rules ---check

Server:

server@instance:~# iptables -L -t nat -v Chain PREROUTING (policy ACCEPT 20187 packets, 806K bytes) pkts bytes target prot opt in out source destination
102 5624 DNAT tcp -- ens3 any anywhere anywhere tcp dpt:https to:192.168.201.2

Chain INPUT (policy ACCEPT 20187 packets, 806K bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 24011 packets, 2051K bytes) pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 24574 packets, 2090K bytes) pkts bytes target prot opt in out source destination

Client:

client@instance:~# iptables -L -t nat -v Chain PREROUTING (policy ACCEPT 362 packets, 61371 bytes) pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 20187 packets, 806K bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 24011 packets, 2051K bytes) pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 24574 packets, 2090K bytes) pkts bytes target prot opt in out source destination
34 1496 MASQUERADE all -- any eth0 192.168.200.2 anywhere

Step 3. Wireguard Configuration

Server:

[Interface] PrivateKey = Address = 10.1.1.2/32 ListenPort = 51822 MTU = 1300 PreUp = RUST_LOG=info phantun_server --local 443 --remote 127.0.0.1:51822 &> /var/log/phantun_server.log & PostDown = killall phantun_server || true

[Peer] PublicKey = AllowedIPs = 10.1.1.1/32

Client:

[Interface] PrivateKey = Address = 10.1.1.1/32 MTU = 1300 PreUp = RUST_LOG=info phantun_client --local 127.0.0.1:4567 --remote :443 &> /var/log/phantun_client.log & PostDown = killall phantun_client || true

[Peer] PublicKey = Endpoint = 127.0.0.1:4567 AllowedIPs = 10.1.1.2/32 PersistentKeepalive = 25

Connections: peers can see each orther, ping both way is fine. But only for 10.1.1.1 or 10.1.1.2,Neither side can access the other's intranet. Server at 10.0.0.x intranet ; client at 192.168.1.x intranet.They can't get to each other's LANs. Including Internet.

Am I missing the most basic things? Please Help me.

Handsome1080P commented 1 year ago

google "wireguard how to share networking".U can ping earch other,so not phantun's issue.

dndx commented 1 year ago

You should try to get your tunnel working without Phantun first, as long as sudo wg shows successful handshake, Phantun is functioning correctly.