search

shvchk / padavan-wireguard-client

WireGuard client for routers with Padavan based firmware
61 stars 20 forks source link

Подключается. Интернета нет. #4

Closed Kerber0ss closed 2 years ago

Kerber0ss commented 2 years ago

Добрый день. Запускаю скрипт, все подымается, ошибок как-бы нет, но на клиентах интернета нет. Грешил на маршруты, но - с роутера ничего не пингуется наружу, кроме IP wireguard сервера внешний. Внутренний (10.66.66.1) не пингуется почему-то. Может подскажите что не так, куда копать?

/ # /etc/storage/wireguard/client.sh start
Internet connection established
Setting up WireGuard interface... done
Removing WireGuard traffic rules... done
Setting up WireGuard traffic rules... done
/ # ping -c3 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
/ # ip route show table all
default dev wg0  table 51  scope link 
default via 10.0.0.1 dev eth3  metric 1 
10.0.0.0/16 dev eth3  proto kernel  scope link  src 10.0.18.94 
127.0.0.0/8 dev lo  scope link 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1 
broadcast 10.0.0.0 dev eth3  table local  proto kernel  scope link  src 10.0.18.94 
local 10.0.18.94 dev eth3  table local  proto kernel  scope host  src 10.0.18.94 
broadcast 10.0.255.255 dev eth3  table local  proto kernel  scope link  src 10.0.18.94 
local 10.66.66.9 dev wg0  table local  proto kernel  scope host  src 10.66.66.9 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev br0  table local  proto kernel  scope link  src 192.168.1.1 
local 192.168.1.1 dev br0  table local  proto kernel  scope host  src 192.168.1.1 
broadcast 192.168.1.255 dev br0  table local  proto kernel  scope link  src 192.168.1.1 
unreachable default dev lo  table 0  proto kernel  metric 4294967295  error -128
unreachable default dev lo  table 0  proto kernel  metric 4294967295  error -128
/ # ip rule
0:  from all lookup local 
30: from all to 13.49.240.77 lookup main 
30: from all to 192.168.1.1/24 lookup main 
30: from all to 10.0.18.94/16 lookup main 
40: from all lookup 51 
32766:  from all lookup main 
32767:  from all lookup default 
wg0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.66.66.9  P-t-P:10.66.66.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:2648 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:6512 (6.3 KiB)
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  anywhere             anywhere             to:10.66.66.9

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  wg0    *       0.0.0.0/0            0.0.0.0/0           
11409 1309K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 6797  593K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0           
   43  3050 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
   31 10228 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmp !type 8

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  317 29561 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0           
 4721  295K TCPMSS     tcp  --  *      !br0    0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS clamp to PMTU
39576   11M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
   30  4895 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
13839 1260K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0           
   24  1344 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate DNAT