启动 WireGuard 如下异常 则是linux内核需要升级
$ wg-quick down wg0
$ wg-quick up wg0
Error: WireGuard exited with the error: Cannot find device "wg0"
This usually means that your host's kernel does not support WireGuard!
at /app/lib/WireGuard.js:65:19
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async /app/lib/WireGuard.js:63:9
1. linux升级内核
① 载入公钥
$ rpm --import http://www.elrepo.org/RPM-GPG-KEY-elrepo.org
② 升级安装 elrepo
$ rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
③ 载入 elrepo-kernel 元数据
$ yum --disablerepo=\* --enablerepo=elrepo-kernel repolist
④ 安装最新版本的内核
$ yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml.x86_64 -y
⑤ 删除旧版本工具包
$ yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y
⑥ 安装新版本工具包
$ yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml-tools kernel-ml-devel kernel-ml-headers -y
⑦ 查看内核插入顺序
$ grep "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2
CentOS Linux (3.10.0-1127.10.1.el7.x86_64) 7 (Core)
CentOS Linux (5.7.2-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (0-rescue-96820b9851c24560b5f942f2496b9aeb) 7 (Core)
默认新内核是从头插入,默认启动顺序也是从 0 开始。
⑧ 查看当前实际启动顺序
$ grub2-editenv list
saved_entry=CentOS Linux (3.10.0-1127.10.1.el7.x86_64) 7 (Core)
⑨ 设置默认启动
$ grub2-set-default 'CentOS Linux (5.7.2-1.el7.elrepo.x86_64) 7 (Core)'
最后重启检查:
$ reboot
查看当前实际启动顺序
$ grub2-editenv list
2. docker驱动WireGuard
serverName=wg-easy
docker stop ${serverName}
docker rm ${serverName}
docker run -d \
--name=${serverName} \
-e WG_HOST=yjx.xxx.com \
-e PASSWORD=wg-123456 \
-e WG_DEFAULT_ADDRESS=192.168.47.x \
-e WG_DEFAULT_DNS=114.114.114.114 \
-e WG_PERSISTENT_KEEPALIVE=30 \
-e WG_ALLOWED_IPS=192.168.47.0/24 \
-v $PWD/wg-easy:/etc/wireguard \
-p 21820:51820/udp \
-p 21821:51821/tcp \
--cap-add=NET_ADMIN \
--cap-add=SYS_MODULE \
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \
--sysctl="net.ipv4.ip_forward=1" \
--restart=always \
weejewel/wg-easy
下载wireGuard客户端
https://www.wireguard.com/install/
centos配置客户端
一、官网安装wireguard的三种方式
1、a signed module is available as built-in to CentOS's kernel-plus:
$ sudo yum install yum-utils epel-release
$ sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
$ sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
$ sudo yum install kernel-plus wireguard-tools
$ sudo reboot
2、 users wishing to stick with the standard kernel may use ELRepo's pre-built module:
$ sudo yum install epel-release elrepo-release
$ sudo yum install yum-plugin-elrepo
$ sudo yum install kmod-wireguard wireguard-tools
3、 users running non-standard kernels may wish to use the DKMS package instead:
$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install wireguard-dkms wireguard-tools
生成客户端key
centos客户端
下载的conf改名成wg0.conf。写入到centos服务器路径 vim /etc/wireguard/wg0.conf
下图是例子 wg0.conf
[Interface]
Address = 10.0.0.2/24 #配置客户端IP
PrivateKey = <client.key中的私钥>
[Peer]
PublicKey = <服务器端的公钥>
Endpoint = <服务器IP>:51820
AllowedIPs = 0.0.0.0/0,::/0 #允许经过的流量
启动客户端
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
检查连接状态
sudo wg show
重新启动网卡
sudo wg-quick down wg0
sudo wg-quick up wg0