Google Compute Engine VM 上的 Debian Buster 映像,并且我将此 systemd-networkd 配置放置在 /etc/systemd/network/wg0.netdev 以配置 Wireguard 设备:
[NetDev]
Name=wg0
Kind=wireguard
[WireGuard]
PrivateKey = XXXXX
ListenPort = 51820
[WireGuardPeer]
Endpoint = XXXXX:51820
PublicKey = XXXXX
AllowedIPs = XXXXX/32
AllowedIPs = XXXXX/24
启动 systemd-networkd 服务时,出现此错误:
Starting Network Service...
Failed to generate predictable MAC address for wg0: No such file or directory
Could not load configuration files: No such file or directory
systemd-networkd.service: Main process exited, code=exited, status=1/FAILURE
奇怪的是:
- 我可以通过手动配置(而不是通过 systemd)在 GCP 服务器上成功启动 wg0 接口
- 我可以在其他提供商虚拟机(已测试 Vultr 和本地 Vagrant)上成功使用上述 systemd-networkd 配置
因此,仅在 GCP 服务器上使用 systemd-networkd 配置的特定组合时才会发生错误。
我在所有服务器上使用完全相同的 Linux 内核和 Wireguard 版本。如果这是特定于 GCP 的配置,我似乎找不到任何相关文档。
答案1
我已经使用 Ubuntu 18.04 检查了 GCE VM 上的 Wireguard,它运行没有任何问题。
请参阅以下我的步骤:
- 基于 Ubuntu 18.04 创建虚拟机实例
$ gcloud compute instances create instance-1 --machine-type=e2-medium --can-ip-forward --tags=vpn --image=ubuntu-1804-bionic-v20201111 --image-project
=ubuntu-os-cloud
- 创建防火墙规则:
$ gcloud compute firewall-rules create to-vpn --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=udp:51820 --source-ranges=0.0.0.0/0 --target-tags=vpn
- 安装
wireguard-tools
:
$ gcloud compute ssh instance-1
instance-1:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
instance-1:~$ sudo apt update
instance-1:~$ sudo apt upgrade
instance-1:~$ sudo apt install wireguard-tools
- 生成服务器密钥:
instance-1:~$ umask 077; wg genkey | tee privatekey | wg pubkey > publickey
instance-1:~$ sudo cat privatekey
2PSZW0mLV5YYE0oPBTKtOuZoQHYCIsoEg8KBcLdL+FY=
- 生成服务器配置:
instance-1:~$ sudo cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.156.0.17
MTU = 1440
ListenPort = 51820
PrivateKey = 2PSZW0mLV5YYE0oPBTKtOuZoQHYCIsoEg8KBcLdL+FY=
- 启用并启动服务:
instance-1:~$ sudo systemctl enable wg-quick@wg0
instance-1:~$ sudo systemctl start wg-quick@wg0
instance-1:~$ sudo systemctl status wg-quick@wg0
● [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
Active: active (exited) since Mon 2020-11-16 16:42:07 UTC; 10s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 4937 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 4937 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4671)
CGroup: /system.slice/system-wg\x2dquick.slice/[email protected]
Nov 16 16:42:07 instance-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip link add wg0 type wireguard
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] wg setconf wg0 /dev/fd/63
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip -4 address add 10.156.0.17 dev wg0
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip link set mtu 1440 up dev wg0
Nov 16 16:42:07 instance-1 systemd[1]: Started WireGuard via wg-quick(8) for wg0.
- 检查服务状态:
instance-1:~$ sudo wg
interface: wg0
public key: 4sLXXmfK8Llr84wzoy8vfV3B0lV0w/RlR94YPnAbYS4=
private key: (hidden)
listening port: 51820
instance-1:~$ sudo ip a show wg0
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.156.0.17/32 scope global wg0
valid_lft forever preferred_lft forever
- 重置虚拟机实例并检查状态:
instance-1:~$ sudo systemctl status systemd-networkd
● systemd-networkd.service - Network Service
Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-11-16 16:54:52 UTC; 7min ago
Docs: man:systemd-networkd.service(8)
Main PID: 751 (systemd-network)
Status: "Processing requests..."
Tasks: 1 (limit: 4671)
CGroup: /system.slice/systemd-networkd.service
└─751 /lib/systemd/systemd-networkd
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: IPv6 successfully enabled
Nov 16 16:54:52 instance-1 systemd-networkd[751]: lo: Link is not managed by us
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: Link UP
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: Gained carrier
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: DHCPv4 address 10.156.0.17/32 via 10.156.0.1
Nov 16 16:54:52 instance-1 systemd-networkd[751]: Not connected to system bus, not setting hostname.
Nov 16 16:54:53 instance-1 systemd-networkd[751]: ens4: Gained IPv6LL
Nov 16 16:54:53 instance-1 systemd-networkd[751]: ens4: Configured
Nov 16 16:55:01 instance-1 systemd-networkd[751]: wg0: Link UP
Nov 16 16:55:01 instance-1 systemd-networkd[751]: wg0: Gained carrier
$ sudo systemctl status wg-quick@wg0
● [email protected] - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
Active: active (exited) since Mon 2020-11-16 16:55:01 UTC; 8min ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 1115 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
Main PID: 1115 (code=exited, status=0/SUCCESS)
Nov 16 16:55:01 instance-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip link add wg0 type wireguard
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] wg setconf wg0 /dev/fd/63
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip -4 address add 10.156.0.17 dev wg0
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip link set mtu 1440 up dev wg0
Nov 16 16:55:01 instance-1 systemd[1]: Started WireGuard via wg-quick(8) for wg0.
instance-1:~$ sudo wg
interface: wg0
public key: 4sLXXmfK8Llr84wzoy8vfV3B0lV0w/RlR94YPnAbYS4=
private key: (hidden)
listening port: 51820
instance-1:~$ sudo ip a show wg0
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.156.0.17/32 scope global wg0
valid_lft forever preferred_lft forever
此外,请查看第三方指南以了解 Ubuntu 的新版本这里。
答案2
自从我最初报告以来,这个问题似乎已经得到解决,无论是在 GCP 的图像中,还是在 systemd 本身中。它现在运行良好。