关于 - 阡陌难逢

[Ssssix40]

http://spiritshaman.me/about.html

一切有为法,如梦幻泡影,如露亦如电,应做如是观.

[AnonymousWebHacker]

Hi, nice too meet you
You can make that?
hwdsl2/setup-ipsec-vpn#990

L2PT Server --> Wireguard Client ? [email protected]

[Ssssix40]

Hi, nice too meet you You can make that? hwdsl2/setup-ipsec-vpn#990

L2PT Server --> Wireguard Client ? [email protected]

Nice to meet u too
I'm sorry
I tried but I failed

[AnonymousWebHacker]

Something strange happens to me, when I start the wireguard client, I cannot connect to the L2PT.

Could you ever connect?

[Ssssix40]

maybe i know what happend
when u start wireguard client by default，this client all traffic goes to the wg server include L2PT
so your connect from L2PT client goes to wg server too
PS: it's only a guess

you can delete
AllowedIPs = 0.0.0.0/0, ::0/0
in your wg client config
to sovle

I start the wireguard client, I cannot connect to the L2PT

[AnonymousWebHacker]

When I started the wireguard, it did not let me access the server via ssh, I had to add that other configuration

Wireguard Client configuracion

[Interface]
PrivateKey = <redacted>
Address = 10.66.66.6/32,fd42:42:42::6/128
DNS = 1.1.1.1,1.0.0.1

# Configuration allow ssh ip vps
PostUp = ip rule add table 200 from <ip-vps>
PostUp = ip route add table 200 default via <gw-vps>
PreDown = ip rule delete table 200 from <ip-vps>
PreDown = ip route delete table 200 default via  <gw-vps>

[Peer]
PublicKey = <redacted>
PresharedKey = <redacted>
Endpoint = ipserver-external:443
AllowedIPs = 0.0.0.0/0

I think there must be some other configuration that can be added to the wireguard config so that the ports used by the l2pt, allow to accept traffic on xl2tpd and pluto [500 adn 4500]

root@srv156201-206152:/home/proxmox# netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:39937         0.0.0.0:*               LISTEN      823/containerd      
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN      1683/prometheus     
tcp        0      0 127.0.0.1:9091          0.0.0.0:*               LISTEN      1667/node           
tcp        0      0 127.0.0.1:9092          0.0.0.0:*               LISTEN      1998/outline-ss-ser 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      731/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      909/sshd: /usr/sbin 
tcp6       0      0 :::61540                :::*                    LISTEN      1667/node           
tcp6       0      0 :::28651                :::*                    LISTEN      1998/outline-ss-ser 
tcp6       0      0 :::22                   :::*                    LISTEN      909/sshd: /usr/sbin 
udp        0      0 127.0.0.1:4500          0.0.0.0:*                           1983/pluto          
udp        0      0 154.126.101.116:4500    0.0.0.0:*                           1983/pluto          
udp        0      0 172.17.0.1:4500         0.0.0.0:*                           1983/pluto          
udp        0      0 0.0.0.0:1701            0.0.0.0:*                           2007/xl2tpd         
udp        0      0 127.0.0.1:500           0.0.0.0:*                           1983/pluto          
udp        0      0 154.126.101.116:500     0.0.0.0:*                           1983/pluto          
udp        0      0 172.17.0.1:500          0.0.0.0:*                           1983/pluto          
udp        0      0 127.0.0.53:53           0.0.0.0:*                           731/systemd-resolve 
udp6       0      0 :::28651                :::*                                1998/outline-ss-ser 
udp6       0      0 ::1:500                 :::*                                1983/pluto  

[Ssssix40]

in your config, ip-vps should be your ssh client's ip
is ip-vps your l2pt cilent too?
if not , this is the problem

[AnonymousWebHacker]

hahah, I think you didn't understand.

[Before], it wouldn't let me access ssh, when running wireguard client.
To let me access, I had to add that configuration

# Configuration allow ssh ip vps
PostUp = ip rule add table 200 from <ip-vps>
PostUp = ip route add table 200 default via <gw-vps>
PreDown = ip rule delete table 200 from <ip-vps>
PreDown = ip route delete table 200 default via  <gw-vps>

Already today I can run wireguard and access ssh without problems :)

I meant, that as I did that myself, there must be some configuration of the wireguard, so that it allows incoming traffic on ports 500 and 4500, (L2PT)