https://www.zhangtaidong.cn/tag/Wireguard/ https://www.zhangtaidong.cn/archives/256/ 2023-05-24T20:12:00+08:00 实践环境：CentOS81.Docker无法启动问题docker logs -f 6b56126963dc21cdc515d6c758f1d949c55f203d36542b27e360ddbc556ae80a 2022-06-15T05:34:33.902Z Server Listening on http://0.0.0.0:51821 2022-06-15T05:34:33.903Z WireGuard Loading configuration... 2022-06-15T05:34:33.905Z WireGuard Configuration loaded. 2022-06-15T05:34:33.905Z WireGuard Config saving... 2022-06-15T05:34:33.906Z WireGuard Config saved. $ wg-quick down wg0 $ wg-quick up wg0 Error: Command failed: wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.8.0.1/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] iptables -t nat -A POSTROUTING -s 192.0.2.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; modprobe: can't change directory to '/lib/modules': No such file or directory modprobe: can't change directory to '/lib/modules': No such file or directory iptables v1.8.3 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. [#] ip link delete dev wg0 at ChildProcess.exithandler (child_process.js:383:12) at ChildProcess.emit (events.js:400:28) at maybeClose (internal/child_process.js:1058:16) at Process.ChildProcess._handle.onexit (internal/child_process.js:293:5) { killed: false, code: 3, signal: null, cmd: 'wg-quick up wg0' }解决方案modprobe ip_tables && modprobe iptable-nat2.Upgrade Linux Kernel of CentOS 8dnf -y updateuname -rdnf install -y https://www.elrepo.org/elrepo-release-8.el8.elrepo.noarch.rpmrpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org dnf makecachednf --disablerepo="*" --enablerepo="elrepo-kernel" list available | grep kernel-mldnf --enablerepo="elrepo-kernel" install -y kernel-mlreboot uname -r https://www.zhangtaidong.cn/archives/153/ 2022-10-11T19:16:00+08:00 作为组建虚拟内网工具的天花板，内网穿透的神器Wireguard。windows中正常安装后，打开程序运行后会在系统托盘上留下图标。普通用户这么用完全ok，配置起来也挺方便。不过，有时候我们会在特定的机器下安装wireguard后，并不想被随意的更改（不被容易发现），就需要让wireguard以windows服务的形式去运行。基本步骤就是：正常安装wireguard windows版本，然后不要打开Wireguard UI。我们用命令行形式去安装通道服务。不过你得提前准备好配置文件，复制到磁盘上某个位置。安装Tunnel Service服务命令如下：wireguard /installtunnelservice C:\path\to\some\myconfname.conf卸载服务如下：wireguard /uninstalltunnelservice myconfname正常情况，执行上面安装服务语句下来，通道就已经生成。会在网络连接界面上生成通道。系统服务上也会生成对应的服务，随系统自动启动。在后台自动运行。 https://www.zhangtaidong.cn/archives/147/ 2022-08-29T21:34:00+08:00 手动安装Wireguard1.安装Wireguard（以ubuntu20.04为基础）#root权限 sudo -i #安装wireguard软件 apt install wireguard resolvconf -y #开启IP转发 echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p2.进入配置存储路径，调整目录权限cd /etc/wireguard/ chmod 0777 /etc/wireguard #调整目录默认权限 umask 0773.生成服务器秘钥#生成私钥 wg genkey > server.key #通过私钥生成公钥 wg pubkey < server.key > server.key.pub4.生成客户端(client1)秘钥#生成私钥 wg genkey > client1.key #通过私钥生成公钥 wg pubkey < client1.key > client1.key.pub5.显示所有生成的秘钥cat server.key && cat server.key.pub && cat client1.key && cat client1.key.pub6.自动创建服务器配置文件echo " [Interface] PrivateKey = $(cat server.key) # 填写本机的privatekey 内容 Address = 10.0.8.1 #本机虚拟局域网IP PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE #注意eth0需要为本机网卡名称 ListenPort = 50814 # 监听端口 DNS = 8.8.8.8 MTU = 1420 [Peer] PublicKey = $(cat client1.key.pub) #自动client1的公钥 AllowedIPs = 10.0.8.10/32 #客户端所使用的IP" > wg0.conf7.设置服务器开机自启动systemctl enable wg-quick@wg08.启动wireguard#启动wg0 wg-quick up wg0 #关闭wg0 wg-quick down wg09.手动创建服务器配置文件（待完成）nano /etc/wireguard/wg0.conf10.wireguard客户端下载地址https://www.wireguard.com/install/11.客户端配置（以client1为例）[Interface] PrivateKey = 6M8HEZioew+vR3i53sPc64Vg40YsuMzh4vI1Lkc88Xo= #此处为client1的私钥 Address = 10.0.8.10 #此处为peer规定的客户端IP MTU = 1500 [Peer] PublicKey = Tt5WEa0Vycf4F+TTjR2TAHDfa2onhh+tY8YOIT3cKjI= #此处为server的公钥 AllowedIPs = 10.0.8.0/24 #此处为允许的服务器IP Endpoint = 114.132.56.178:50814 #服务器对端IP+端口12.增加服务器客户端节点client2#生成私钥 wg genkey > client2.key #通过私钥生成公钥 wg pubkey < client2.key > client2.key.pub #将peer公钥加入wg0.conf配置 echo " [Peer] PublicKey = $(cat client2.key.pub) #自动client1的公钥 AllowedIPs = 10.0.8.11/32 #客户端Client2所使用的IP" >> wg0.confDocker安装Wireguarddocker run -d \ --name=wg-easy \ -e WG_HOST=139.180.xxx.xxx \ 服务器IP -e PASSWORD=1234567890 \ 密码 -e WG_DEFAULT_ADDRESS=10.0.8.x \ 默认IP -e WG_DEFAULT_DNS=114.114.114.114 \ 默认DNS -e WG_ALLOWED_IPS=10.0.8.0/24 \ 允许连接IP段 -e WG_PERSISTENT_KEEPALIVE=25 \ 重连间隔 -v ~/.wg-easy:/etc/wireguard \ -p 51820:51820/udp \ -p 51821:51821/tcp \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --sysctl="net.ipv4.ip_forward=1" \ --restart unless-stopped \ weejewel/wg-easysudo -i 权限下运行即可。CentOS 8/7docker run -d --name=wg-easy -e WG_HOST=27.102.***.*** -e PASSWORD=YourPasswordHere -e WG_DEFAULT_ADDRESS=10.0.8.x -e WG_DEFAULT_DNS=114.114.114.114 -e WG_ALLOWED_IPS=10.0.8.0/24 -e WG_PERSISTENT_KEEPALIVE=25 -v ~/.wg-easy:/etc/wireguard -p 54320:51820/udp -p 54321:51821/tcp --cap-add=NET_ADMIN --cap-add=SYS_MODULE --sysctl="net.ipv4.conf.all.src_valid_mark=1" --sysctl="net.ipv4.ip_forward=1" --restart unless-stopped weejewel/wg-easydoker stop wg-easydocker rm wg-easydocker pull weejewel/wg-easy