安装bird2、Wireguard、配置系统
全程使用Centos7系统
首先我们要安装epel,直接安装bird2会找不到包
yum install epel* -y然后安装bird2
yum install bird2关闭防火墙和NetworkManager
systemctl disable NetworkManager
systemctl disable firewalld
service NetworkManager stop
service firewalld stop
关闭SELINUX
编辑/etc/selinux/config,把SELINUX字段改成disabled
打开rc.local服务
chmod 777 /etc/rc.local
开启转发
编辑/etc/sysctl.conf,添加以下内容:
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 2
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
升级内核
为了安装Wireguard,我们需要将内核升级为5.x版本,现在的ISO大部分都是3.10内核
载入公钥:rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
升级安装ELRepo:rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
载入elrepo-kernel元数据:yum --disablerepo=\* --enablerepo=elrepo-kernel repolist
安装最新版本的Kernel:yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml.x86_64 -y
删除旧版本工具包:yum remove kernel-tools-libs.x86_64 kernel-tools.x86_64 -y
安装新版本的工具包:yum --disablerepo=\* --enablerepo=elrepo-kernel install kernel-ml-tools.x86_64 -y
查看内核插入顺序:awk -F \' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
查看当前第一启动顺序:grub2-editenv list
如果第一启动顺序不是5.X的内核
使用grub2-set-default X来设置5.X的内核为第一启动顺序,X是5.X内核在内核插入顺序中的序号
重启系统
安装Wireguard
yum install epel-release elrepo-release -y
yum install yum-plugin-elrepo -y
yum install wireguard-tools -y
生成Wireguard密钥和公钥
cd /etc/wireguard
wg genkey > example.key
wg pubkey < example.key > example.key.pubexample.key.pub和example.key分别是你的公钥和私钥,用于以后连接其他节点使用
下一章介绍单点BGP的配置