WireGuard服务(wg0)启动异常求助
2026-4-21
WireGuard服务(wg0)启动异常求助
各位技术大佬们,我最近在启动WireGuard的wg0服务时碰到了棘手的问题,第一次启动直接失败,第二次启动看似成功,但整个过程里有报错,实在摸不着头绪,来求助大家帮忙分析下!
启动时的系统日志
第一次启动直接失败,第二次启动显示完成,但日志里有异常信息,完整日志如下:
systemd[1]: Starting WireGuard via wg-quick(8) for wg0... wg-quick[1139]: [#] ip link add wg0 type wireguard wg-quick[1139]: [#] wg setconf wg0 /dev/fd/63 wg-quick[1139]: [#] ip -4 address add 10.50.0.2/32 dev wg0 wg-quick[1139]: [#] ip link set mtu 1420 up dev wg0 wg-quick[1256]: [#] resolvconf -a tun.wg0 -m 0 -x wg-quick[1260]: resolvconf: Error: Run lock held by another process for longer than 10 seconds wg-quick[1139]: [#] ip link delete dev wg0 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'. systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0. systemd[1]: Starting WireGuard via wg-quick(8) for wg0... wg-quick[130477]: [#] ip link add wg0 type wireguard wg-quick[130477]: [#] wg setconf wg0 /dev/fd/63 wg-quick[130477]: [#] ip -4 address add 10.50.0.2/32 dev wg0 wg-quick[130477]: [#] ip link set mtu 1420 up dev wg0 wg-quick[130509]: [#] resolvconf -a tun.wg0 -m 0 -x wg-quick[130477]: [#] wg set wg0 fwmark 51820 wg-quick[130477]: [#] ip -6 route add ::/0 dev wg0 table 51820 wg-quick[130477]: [#] ip -6 rule add not fwmark 51820 table 51820 wg-quick[130477]: [#] ip -6 rule add table main suppress_prefixlength 0 wg-quick[130577]: [#] ip6tables-restore -n wg-quick[130477]: [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 wg-quick[130477]: [#] ip -4 rule add not fwmark 51820 table 51820 wg-quick[130477]: [#] ip -4 rule add table main suppress_prefixlength 0 wg-quick[130477]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 wg-quick[130596]: [#] iptables-restore -n systemd[1]: Finished WireGuard via wg-quick(8) for wg0
服务单元配置
我查看了wg-quick的服务单元文件,内容如下:
[Unit] Description=WireGuard via wg-quick(8) for %I After=network-online.target nss-lookup.target Wants=network-online.target nss-lookup.target PartOf=wg-quick.target Documentation=man:wg-quick(8) Documentation=man:wg(8) Documentation=https://www.wireguard.com/ Documentation=https://www.wireguard.com/quickstart/ Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 [Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/wg-quick up %i ExecStop=/usr/bin/wg-quick down %i Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity [Install] WantedBy=multi-user.target
WireGuard配置文件
我的wg0配置文件内容(密钥已替换为key):
[Interface] PrivateKey = key Address = 10.50.0.2/32 DNS = 1.1.1.1 [Peer] PublicKey = key PresharedKey = key AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = 132.132.132.132:48989 PersistentKeepalive=25
目前我能看出来第一次启动失败是因为resolvconf的运行锁被其他进程占用超过10秒,导致服务回滚删除了wg0接口。第二次启动虽然最后显示完成,但还是执行了resolvconf的命令,不确定是不是真的正常工作了。有没有大佬知道怎么解决这个resolvconf锁的问题,让WireGuard能稳定启动?
备注:内容来源于stack exchange,提问作者Alex
