WireGuard安装后断网的解决方案 |
您所在的位置:网站首页 › wireguard go配置 › WireGuard安装后断网的解决方案 |
|
前言 最近为了增加服务器的安全性,特地使用WireGuard搭建隧道访问VPS的内网,进行SSH远程控制。但是使用脚本安装完WireGuard后Debian服务器提示DNS解析错误 问题描述咱使用了较为流行的Linux WireGuard安装脚本wireguard-install后发现无法使用apt update&apt upguard进行更新提示错误为 12345W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'deb.debian.org'W: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease Temporary failure resolving 'deb.debian.org'W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease Temporary failure resolving 'deb.debian.org'W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-backports/InRelease Temporary failure resolving 'deb.debian.org'W: Some index files failed to download. They have been ignored, or old ones used instead.起初还以为是访问速度太慢之类的问题,随后又试了ping google.com但是也提示 1ping: google.com: Temporary failure in name resolution然后使用cat /etc/resolv.conf查询系统解析配置发现空无一物再查询cat /etc/resolvconf/resolv.conf.d/head发现 12nameserver 8.8.8.8nameserver 8.8.4.4说明head中的配置没有被正确的写入到/etc/resolv.conf中 系统环境 系统:Debian 11(Bullseye) wireguard-install:commit 39caf2f wireguard-tools v1.0.20210223 UFW:0.36 网卡:[1]1234567891011121314lo: flags=73 mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10loop txqueuelen 1000 (Local Loopback)eth0: flags=4163 mtu 1500inet 110.x.x.x netmask 255.255.255.0 broadcast 110.x.x.255inet6 fe80::b209:c0ff:fe00:e0a prefixlen 64 scopeid 0x20ether b0:09:c0:00:0e:0a txqueuelen 1000 (Ethernet) wg0: flags=209 mtu 1420inet 10.22.33.1 netmask 255.255.255.0 destination 10.22.33.1inet6 fd42:42:42::1 prefixlen 64 scopeid 0x0unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) 解决方案根据网卡信息查看,可知网络是直接接入互联网的。即在VPS网络架构中是经典网络架构[2],而不是VPC网络架构[2] 临时解决方案通过sudo resolvconf -u即可恢复 永久解决方案是改写网卡配置 debian网卡位于/etc/network/interfaces,因此执行sudo nano /etc/network/interfaces 显示 12345678auto loiface lo inet loopbackauto eth0iface eth0 inet staticaddress 110.x.x.xnetmask 255.255.255.0gateway 110.x.x.254 再eth0底部添加dns-nameservers dnsserverip即可 123456789auto loiface lo inet loopbackauto eth0iface eth0 inet staticaddress 110.x.x.xnetmask 255.255.255.0gateway 110.x.x.xdns-nameservers dnsserverip 重启网络服务sudo service networking restart ping google.com 1234PING google.com (172.217.31.142) 56(84) bytes of data.64 bytes from nrt20s08-in-f14.1e100.net (172.217.31.142): icmp_seq=1 ttl=116 time=1.48 ms64 bytes from nrt20s08-in-f14.1e100.net (172.217.31.142): icmp_seq=2 ttl=116 time=1.54 ms64 bytes from nrt20s08-in-f14.1e100.net (172.217.31.142): icmp_seq=3 ttl=116 time=1.53 ms ping成功,DNS解析恢复 反思 经典网络配置为什么逐渐被VPC网络配置取代? 脚注IP中的“X”仅为一种“打码操作”,实际上阿拉伯数字组成。本文解决方案处也用相同处理方式 ↩经典网络和VPC网络架构 ↩ |
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |