WireGuard安装后断网的解决方案

前言

最近为了增加服务器的安全性,特地使用WireGuard搭建隧道访问VPS的内网,进行SSH远程控制。但是使用脚本安装完WireGuard后Debian服务器提示DNS解析错误

问题描述

咱使用了较为流行的Linux WireGuard安装脚本wireguard-install后发现无法使用apt update&apt upguard进行更新提示错误为

1
2
3
4
5
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian-security/dists/bullseye-security/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-updates/InRelease  Temporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye-backports/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.

起初还以为是访问速度太慢之类的问题,随后又试了ping google.com但是也提示

1
ping: google.com: Temporary failure in name resolution

然后使用cat /etc/resolv.conf查询系统解析配置发现空无一物
再查询cat /etc/resolvconf/resolv.conf.d/head发现

1
2
nameserver 8.8.8.8
nameserver 8.8.4.4

说明head中的配置没有被正确的写入到/etc/resolv.conf中

系统环境

  • 系统:Debian 11(Bullseye)
  • wireguard-install:commit 39caf2f
  • wireguard-tools v1.0.20210223
  • UFW:0.36
  • 网卡:[1]
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Local Loopback)

    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 110.x.x.x  netmask 255.255.255.0  broadcast 110.x.x.255
    inet6 fe80::b209:c0ff:fe00:e0a  prefixlen 64  scopeid 0x20<link>
    ether b0:09:c0:00:0e:0a  txqueuelen 1000  (Ethernet)

    wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
    inet 10.22.33.1  netmask 255.255.255.0  destination 10.22.33.1
    inet6 fd42:42:42::1  prefixlen 64  scopeid 0x0<global>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)

解决方案

根据网卡信息查看,可知网络是直接接入互联网的。即在VPS网络架构中是经典网络架构[2],而不是VPC网络架构[2]

  • 临时解决方案通过sudo resolvconf -u即可恢复
  • 永久解决方案是改写网卡配置
    1. debian网卡位于/etc/network/interfaces,因此执行sudo nano /etc/network/interfaces
    2. 显示 
      1
      2
      3
      4
      5
      6
      7
      8
      auto lo
      iface lo inet loopback

      auto eth0
      iface eth0 inet static
      address 110.x.x.x
      netmask 255.255.255.0
      gateway 110.x.x.254
    3. 再eth0底部添加dns-nameservers dnsserverip即可 
      1
      2
      3
      4
      5
      6
      7
      8
      9
      auto lo
      iface lo inet loopback

      auto eth0
      iface eth0 inet static
      address 110.x.x.x
      netmask 255.255.255.0
      gateway 110.x.x.x
      dns-nameservers dnsserverip
    4. 重启网络服务sudo service networking restart
    5. ping google.com 
      1
      2
      3
      4
      PING google.com (172.217.31.142) 56(84) bytes of data.
      64 bytes from nrt20s08-in-f14.1e100.net (172.217.31.142): icmp_seq=1 ttl=116 time=1.48 ms
      64 bytes from nrt20s08-in-f14.1e100.net (172.217.31.142): icmp_seq=2 ttl=116 time=1.54 ms
      64 bytes from nrt20s08-in-f14.1e100.net (172.217.31.142): icmp_seq=3 ttl=116 time=1.53 ms
    6. ping成功,DNS解析恢复

反思

  • 经典网络配置为什么逐渐被VPC网络配置取代?

脚注

  1. IP中的“X”仅为一种“打码操作”,实际上阿拉伯数字组成。本文解决方案处也用相同处理方式
  2. 经典网络和VPC网络架构
博客维护 > 网络配置
#VPS #Linux #WireGuard #DNS
WireGuard安装后断网的解决方案
http://mimo.moe/2023/04/04/WireGuard安装后断网的解决方案/
作者
秋未萌
发布于
2023年4月4日
许可协议