Google-Compute-Engine
無法通過 Google Compute Engine VM 上的 systemd-networkd 配置 Wireguard 設備
Google Compute Engine VM 上的 Debian Buster 映像,我將這個 systemd-networkd 配置放置在 /etc/systemd/network/wg0.netdev 以配置 Wireguard 設備:
[NetDev] Name=wg0 Kind=wireguard [WireGuard] PrivateKey = XXXXX ListenPort = 51820 [WireGuardPeer] Endpoint = XXXXX:51820 PublicKey = XXXXX AllowedIPs = XXXXX/32 AllowedIPs = XXXXX/24啟動 systemd-networkd 服務時,出現此錯誤:
Starting Network Service... Failed to generate predictable MAC address for wg0: No such file or directory Could not load configuration files: No such file or directory systemd-networkd.service: Main process exited, code=exited, status=1/FAILURE奇怪的是:
- 我可以通過手動配置而不是通過 systemd 在 GCP 伺服器上成功啟動 wg0 介面
- 我可以在其他提供商虛擬機(測試 Vultr 和本地 Vagrant)上成功使用上述 systemd-networkd 配置
因此,該錯誤僅發生在 GCP 伺服器上使用 systemd-networkd 配置的特定組合中。
我在所有伺服器上使用完全相同的 Linux 核心和 Wireguard 版本。如果它是特定於 GCP 的配置,我似乎找不到任何相關文件。
自從我的原始報告以來,問題似乎已經解決,無論是在 GCP 的圖像中,還是在 systemd 本身中。現在工作正常。
我已經使用 Ubuntu 18.04 檢查了 GCE VM 上的 Wireguard,它執行時沒有任何問題。
請在下面找到我的步驟:
- 基於 Ubuntu 18.04 創建虛擬機實例
$ gcloud compute instances create instance-1 --machine-type=e2-medium --can-ip-forward --tags=vpn --image=ubuntu-1804-bionic-v20201111 --image-project =ubuntu-os-cloud
- 創建防火牆規則:
$ gcloud compute firewall-rules create to-vpn --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=udp:51820 --source-ranges=0.0.0.0/0 --target-tags=vpn
- 安裝
wireguard-tools:$ gcloud compute ssh instance-1 instance-1:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS" instance-1:~$ sudo apt update instance-1:~$ sudo apt upgrade instance-1:~$ sudo apt install wireguard-tools
- 生成伺服器密鑰:
instance-1:~$ umask 077; wg genkey | tee privatekey | wg pubkey > publickey instance-1:~$ sudo cat privatekey 2PSZW0mLV5YYE0oPBTKtOuZoQHYCIsoEg8KBcLdL+FY=
- 生成伺服器配置:
instance-1:~$ sudo cat /etc/wireguard/wg0.conf [Interface] Address = 10.156.0.17 MTU = 1440 ListenPort = 51820 PrivateKey = 2PSZW0mLV5YYE0oPBTKtOuZoQHYCIsoEg8KBcLdL+FY=
- 啟用並啟動服務:
instance-1:~$ sudo systemctl enable wg-quick@wg0 instance-1:~$ sudo systemctl start wg-quick@wg0 instance-1:~$ sudo systemctl status wg-quick@wg0 ● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0 Loaded: loaded (/lib/systemd/system/wg-quick@.service; indirect; vendor preset: enabled) Active: active (exited) since Mon 2020-11-16 16:42:07 UTC; 10s ago Docs: man:wg-quick(8) man:wg(8) https://www.wireguard.com/ https://www.wireguard.com/quickstart/ https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 Process: 4937 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS) Main PID: 4937 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4671) CGroup: /system.slice/system-wg\x2dquick.slice/wg-quick@wg0.service Nov 16 16:42:07 instance-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0... Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip link add wg0 type wireguard Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] wg setconf wg0 /dev/fd/63 Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip -4 address add 10.156.0.17 dev wg0 Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip link set mtu 1440 up dev wg0 Nov 16 16:42:07 instance-1 systemd[1]: Started WireGuard via wg-quick(8) for wg0.
- 檢查服務狀態:
instance-1:~$ sudo wg interface: wg0 public key: 4sLXXmfK8Llr84wzoy8vfV3B0lV0w/RlR94YPnAbYS4= private key: (hidden) listening port: 51820 instance-1:~$ sudo ip a show wg0 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.156.0.17/32 scope global wg0 valid_lft forever preferred_lft forever
- 重置 VM 實例並檢查狀態:
instance-1:~$ sudo systemctl status systemd-networkd ● systemd-networkd.service - Network Service Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-11-16 16:54:52 UTC; 7min ago Docs: man:systemd-networkd.service(8) Main PID: 751 (systemd-network) Status: "Processing requests..." Tasks: 1 (limit: 4671) CGroup: /system.slice/systemd-networkd.service └─751 /lib/systemd/systemd-networkd Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: IPv6 successfully enabled Nov 16 16:54:52 instance-1 systemd-networkd[751]: lo: Link is not managed by us Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: Link UP Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: Gained carrier Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: DHCPv4 address 10.156.0.17/32 via 10.156.0.1 Nov 16 16:54:52 instance-1 systemd-networkd[751]: Not connected to system bus, not setting hostname. Nov 16 16:54:53 instance-1 systemd-networkd[751]: ens4: Gained IPv6LL Nov 16 16:54:53 instance-1 systemd-networkd[751]: ens4: Configured Nov 16 16:55:01 instance-1 systemd-networkd[751]: wg0: Link UP Nov 16 16:55:01 instance-1 systemd-networkd[751]: wg0: Gained carrier $ sudo systemctl status wg-quick@wg0 ● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0 Loaded: loaded (/lib/systemd/system/wg-quick@.service; indirect; vendor preset: enabled) Active: active (exited) since Mon 2020-11-16 16:55:01 UTC; 8min ago Docs: man:wg-quick(8) man:wg(8) https://www.wireguard.com/ https://www.wireguard.com/quickstart/ https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 Process: 1115 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS) Main PID: 1115 (code=exited, status=0/SUCCESS) Nov 16 16:55:01 instance-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0... Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip link add wg0 type wireguard Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] wg setconf wg0 /dev/fd/63 Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip -4 address add 10.156.0.17 dev wg0 Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip link set mtu 1440 up dev wg0 Nov 16 16:55:01 instance-1 systemd[1]: Started WireGuard via wg-quick(8) for wg0. instance-1:~$ sudo wg interface: wg0 public key: 4sLXXmfK8Llr84wzoy8vfV3B0lV0w/RlR94YPnAbYS4= private key: (hidden) listening port: 51820 instance-1:~$ sudo ip a show wg0 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.156.0.17/32 scope global wg0 valid_lft forever preferred_lft forever此外,請在此處查看Ubuntu 較新版本的第 3 方指南。