KylinV10: Kernel4.19+arm64/aarch64安装WireGuard

Posted in麒麟(OS)

需求说明

1、麒麟v10SP2的自带内核是4.19,根据要求机器的内核不能升级5.10以上。
2、内核4.19、5.10的内核均没有自带wireguard模块

.

安装编译环境(可选)

yum install elfutils-libelf-devel kernel-devel pkgconfig "@Development Tools"

.

下载相关源代码

git clone https://git.zx2c4.com/wireguard-linux-compat
git clone https://git.zx2c4.com/wireguard-tools

或者:

wget https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-1.0.20210914.tar.xz
wget https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-1.0.20220627.tar.xz

.

编译与错误解决

编译:make -C wireguard-linux-compat/src -j$(nproc)

报错:
In file included from <command-line>:0:0:
/root/wireguard-linux-compat/src/socket.c: In function ‘send6’:
/root/wireguard-linux-compat/src/compat/compat.h:90:42: error: ‘const struct ipv6_stub’ has no member named ‘ipv6_dst_lookup’; did you mean ‘ipv6_dst_lookup_flow’?

解决:

vim wireguard-linux-compat/src/compat/compat.h
#注释掉第83、85,87-91行即可。

安装:make -C wireguard-linux-compat/src install

报错:(此处可解决,也可以不解决,取决于后续要不要用SSL加密,不解决就直接跳过,不影响wireguard的使用)

make: Entering directory ‘/root/wireguard-linux-compat/src’ INSTALL
/root/wireguard-linux-compat/src/wireguard.ko At main.c:160:
– SSL error:02001002:system library:fopen:No such file or directory: crypto/bio/bss_file.c:69
– SSL error:2006D080:BIO routines:BIO_new_file:no such file: crypto/bio/bss_file.c:76
sign-file: certs/signing_key.pem: No such file or directory DEPMOD

解决:

cd /lib/modules/$(uname -r)/build/certs
tee x509.genkey > /dev/null << EOF
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Modules
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF

openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem

.

加载模块与网络通讯依赖

depmod -a
modprobe udp_tunnel
modprobe ip6_udp_tunnel
modprobe wireguard

.

命令行工具安装

cd wireguard-tools-1.0.20210914/src
make && make install

输出如下表示成功,wg、wg-quick命令就可以使用了
‘wg’ -> ‘/usr/bin/wg’
‘man/wg.8’ -> ‘/usr/share/man/man8/wg.8’
‘completion/wg.bash-completion’ -> ‘/usr/share/bash-completion/completions/wg’
‘wg-quick/linux.bash’ -> ‘/usr/bin/wg-quick’
‘man/wg-quick.8’ -> ‘/usr/share/man/man8/wg-quick.8’
‘completion/wg-quick.bash-completion’ -> ‘/usr/share/bash-completion/completions/wg-quick’
‘systemd/wg-quick@.service’ -> ‘/usr/lib/systemd/system/wg-quick@.service’
‘systemd/wg-quick.target’ -> ‘/usr/lib/systemd/system/wg-quick.target’

.

.

.

本文参考:
1、https://blog.csdn.net/Ryankoko/article/details/131645329
2、https://support.huaweicloud.com/hce_faq/hce_03_0006.html

Comments

No comments yet. Why don’t you start the discussion?

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注