Início / server / Perguntas / 1005368
Accepted
hunmonk
Asked: 2020-03-03 21:47:48 +0800 CST

Falha ao configurar o dispositivo Wireguard via systemd-networkd na VM do Google Compute Engine

  • 772

Imagem do Debian Buster em uma VM do Google Compute Engine, e eu tenho esta configuração systemd-networkd colocada em /etc/systemd/network/wg0.netdev para configurar um dispositivo Wireguard:

[NetDev]
Name=wg0
Kind=wireguard

[WireGuard]
PrivateKey = XXXXX
ListenPort = 51820

[WireGuardPeer]
Endpoint = XXXXX:51820
PublicKey = XXXXX
AllowedIPs = XXXXX/32
AllowedIPs = XXXXX/24

Ao iniciar o serviço systemd-networkd, recebo este erro:

Starting Network Service...
Failed to generate predictable MAC address for wg0: No such file or directory
Could not load configuration files: No such file or directory
systemd-networkd.service: Main process exited, code=exited, status=1/FAILURE

O que é estranho é:

  1. Posso abrir a interface wg0 com sucesso no servidor GCP configurando-a manualmente em vez de via systemd
  2. Posso usar a configuração systemd-networkd acima em outras VMs de provedor (testado Vultr e Vagrant local) com sucesso

Portanto, o erro ocorre apenas com a combinação específica de usar a configuração systemd-networkd em um servidor GCP.

Estou usando exatamente as mesmas versões do kernel Linux e do Wireguard em todos os servidores. Se for uma configuração específica do GCP, não consigo encontrar nenhuma documentação relacionada a ela.

google-compute-engine wireguard systemd-networkd

2 respostas

  1. Verifiquei o Wireguard no GCE VM com o Ubuntu 18.04 e ele é executado sem problemas.

    Por favor, encontre meus passos abaixo:

    1. criar instância de VM com base no Ubuntu 18.04
    $ gcloud compute instances create instance-1 --machine-type=e2-medium --can-ip-forward --tags=vpn --image=ubuntu-1804-bionic-v20201111 --image-project
=ubuntu-os-cloud
    1. criar regra de firewall:
    $ gcloud compute firewall-rules create to-vpn --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=udp:51820 --source-ranges=0.0.0.0/0 --target-tags=vpn
    1. instalar wireguard-tools:
    $ gcloud compute ssh instance-1
instance-1:~$ cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"
instance-1:~$ sudo apt update
instance-1:~$ sudo apt upgrade
instance-1:~$ sudo apt install wireguard-tools
    1. gerar chaves do servidor:
    instance-1:~$ umask 077; wg genkey | tee privatekey | wg pubkey > publickey
instance-1:~$ sudo cat privatekey 
2PSZW0mLV5YYE0oPBTKtOuZoQHYCIsoEg8KBcLdL+FY=
    1. gerar configuração do servidor:
    instance-1:~$ sudo cat /etc/wireguard/wg0.conf
[Interface]
Address = 10.156.0.17
MTU = 1440
ListenPort = 51820
PrivateKey = 2PSZW0mLV5YYE0oPBTKtOuZoQHYCIsoEg8KBcLdL+FY=
    1. habilite e inicie o serviço:
    instance-1:~$ sudo systemctl enable wg-quick@wg0
instance-1:~$ sudo systemctl start wg-quick@wg0
instance-1:~$ sudo systemctl status wg-quick@wg0
● [email protected] - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
   Active: active (exited) since Mon 2020-11-16 16:42:07 UTC; 10s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 4937 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 4937 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4671)
   CGroup: /system.slice/system-wg\x2dquick.slice/[email protected]

Nov 16 16:42:07 instance-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip link add wg0 type wireguard
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] wg setconf wg0 /dev/fd/63
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip -4 address add 10.156.0.17 dev wg0
Nov 16 16:42:07 instance-1 wg-quick[4937]: [#] ip link set mtu 1440 up dev wg0
Nov 16 16:42:07 instance-1 systemd[1]: Started WireGuard via wg-quick(8) for wg0.
    1. verifique o status do serviço:
    instance-1:~$ sudo wg
interface: wg0
  public key: 4sLXXmfK8Llr84wzoy8vfV3B0lV0w/RlR94YPnAbYS4=
  private key: (hidden)
  listening port: 51820
instance-1:~$ sudo ip a show wg0
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.156.0.17/32 scope global wg0
       valid_lft forever preferred_lft forever
    1. redefina a instância de VM e verifique o status:
    instance-1:~$ sudo systemctl status systemd-networkd
● systemd-networkd.service - Network Service
   Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2020-11-16 16:54:52 UTC; 7min ago
     Docs: man:systemd-networkd.service(8)
 Main PID: 751 (systemd-network)
   Status: "Processing requests..."
    Tasks: 1 (limit: 4671)
   CGroup: /system.slice/systemd-networkd.service
           └─751 /lib/systemd/systemd-networkd

Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: IPv6 successfully enabled
Nov 16 16:54:52 instance-1 systemd-networkd[751]: lo: Link is not managed by us
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: Link UP
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: Gained carrier
Nov 16 16:54:52 instance-1 systemd-networkd[751]: ens4: DHCPv4 address 10.156.0.17/32 via 10.156.0.1
Nov 16 16:54:52 instance-1 systemd-networkd[751]: Not connected to system bus, not setting hostname.
Nov 16 16:54:53 instance-1 systemd-networkd[751]: ens4: Gained IPv6LL
Nov 16 16:54:53 instance-1 systemd-networkd[751]: ens4: Configured
Nov 16 16:55:01 instance-1 systemd-networkd[751]: wg0: Link UP
Nov 16 16:55:01 instance-1 systemd-networkd[751]: wg0: Gained carrier
$ sudo systemctl status wg-quick@wg0
● [email protected] - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
   Active: active (exited) since Mon 2020-11-16 16:55:01 UTC; 8min ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 1115 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 1115 (code=exited, status=0/SUCCESS)

Nov 16 16:55:01 instance-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip link add wg0 type wireguard
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] wg setconf wg0 /dev/fd/63
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip -4 address add 10.156.0.17 dev wg0
Nov 16 16:55:01 instance-1 wg-quick[1115]: [#] ip link set mtu 1440 up dev wg0
Nov 16 16:55:01 instance-1 systemd[1]: Started WireGuard via wg-quick(8) for wg0.
instance-1:~$ sudo wg
interface: wg0
  public key: 4sLXXmfK8Llr84wzoy8vfV3B0lV0w/RlR94YPnAbYS4=
  private key: (hidden)
  listening port: 51820
instance-1:~$ sudo ip a show wg0
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.156.0.17/32 scope global wg0
       valid_lft forever preferred_lft forever

    Além disso, dê uma olhada no guia de terceiros para versões mais recentes do Ubuntu aqui .

    • 1
  2. Best Answer

    Desde meu relatório original, parece que o problema foi resolvido, seja nas imagens do GCP ou no próprio systemd. Está funcionando bem agora.

    • 1

relate perguntas