docker安装WireGuard服务

启动 WireGuard 如下异常则是linux内核需要升级

$ wg-quick down wg0
$ wg-quick up wg0
Error: WireGuard exited with the error: Cannot find device "wg0"
This usually means that your host's kernel does not support WireGuard!at /app/lib/WireGuard.js:65:19at processTicksAndRejections (internal/process/task_queues.js:95:5)at async /app/lib/WireGuard.js:63:9

1. linux升级内核

① 载入公钥

$ rpm --import http://www.elrepo.org/RPM-GPG-KEY-elrepo.org

② 升级安装 elrepo

$ rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

③ 载入 elrepo-kernel 元数据

$ yum --disablerepo=\* --enablerepo=elrepo-kernel repolist

④ 安装最新版本的内核

$ yum --disablerepo=\* --enablerepo=elrepo-kernel install  kernel-ml.x86_64  -y

⑤ 删除旧版本工具包

$ yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64  -y

⑥ 安装新版本工具包

$ yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml-tools kernel-ml-devel kernel-ml-headers -y

⑦ 查看内核插入顺序

$ grep "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2

CentOS Linux (3.10.0-1127.10.1.el7.x86_64) 7 (Core)
CentOS Linux (5.7.2-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (0-rescue-96820b9851c24560b5f942f2496b9aeb) 7 (Core)
默认新内核是从头插入，默认启动顺序也是从 0 开始。
⑧ 查看当前实际启动顺序

$ grub2-editenv list

saved_entry=CentOS Linux (3.10.0-1127.10.1.el7.x86_64) 7 (Core)
⑨ 设置默认启动

$ grub2-set-default 'CentOS Linux (5.7.2-1.el7.elrepo.x86_64) 7 (Core)'

最后重启检查：

$ reboot

查看当前实际启动顺序

$ grub2-editenv list

2. docker驱动WireGuard

serverName=wg-easy
docker stop ${serverName}
docker rm ${serverName}docker run -d \--name=${serverName} \-e WG_HOST=yjx.xxx.com \-e PASSWORD=wg-123456  \-e WG_DEFAULT_ADDRESS=192.168.47.x \-e WG_DEFAULT_DNS=114.114.114.114 \-e WG_PERSISTENT_KEEPALIVE=30 \-e WG_ALLOWED_IPS=192.168.47.0/24 \-v $PWD/wg-easy:/etc/wireguard \-p 21820:51820/udp \-p 21821:51821/tcp \--cap-add=NET_ADMIN \--cap-add=SYS_MODULE \--sysctl="net.ipv4.conf.all.src_valid_mark=1" \--sysctl="net.ipv4.ip_forward=1" \--restart=always \weejewel/wg-easy

下载wireGuard客户端

https://www.wireguard.com/install/

centos配置客户端
一、官网安装wireguard的三种方式

1、a signed module is available as built-in to CentOS's kernel-plus:

$ sudo yum install yum-utils epel-release
$ sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save
$ sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel
$ sudo yum install kernel-plus wireguard-tools
$ sudo reboot

   2、 users wishing to stick with the standard kernel may use ELRepo's pre-built module:$ sudo yum install epel-release elrepo-release
$ sudo yum install yum-plugin-elrepo
$ sudo yum install kmod-wireguard wireguard-tools

3、 users running non-standard kernels may wish to use the DKMS package instead:

$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo
$ sudo yum install wireguard-dkms wireguard-tools

生成客户端key
在这里插入图片描述

centos客户端

下载的conf改名成wg0.conf。写入到centos服务器路径 vim /etc/wireguard/wg0.conf
下图是例子 wg0.conf

[Interface] 
Address = 10.0.0.2/24 #配置客户端IP 
PrivateKey = <client.key中的私钥>[Peer] 
PublicKey = <服务器端的公钥> 
Endpoint = <服务器IP>:51820 
AllowedIPs = 0.0.0.0/0,::/0 #允许经过的流量

启动客户端

systemctl enable wg-quick@wg0 
systemctl start wg-quick@wg0

检查连接状态

sudo wg show

在这里插入图片描述

重新启动网卡

sudo wg-quick down wg0
sudo wg-quick up wg0

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.rhkb.cn/news/285950.html

如若内容造成侵权/违法违规/事实不符，请联系长河编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！