Unable to connect the Wireguard docker client to the Wireguard docker server about docker-wireguard HOT 5 CLOSED

Error: IPv6 is disabled on nexthop device., [#] ip link delete dev wg0,

from docker-wireguard.

I just changed the wg config so to avoid the ipvs error like this:

[Interface]
Address = 10.13.12.3/32
PrivateKey = @@@@@@@@@@@@@@@@
ListenPort = 51820

[Peer]
PublicKey = ###########################
Endpoint = ]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1

Also i had to add --privileged to the container because in the log i saw that when execute "--sysctl="net.ipv4.conf.all.src_valid_mark=1" the filesystem was readonly ;

Now the docker's client log file is this (but nothing has changed, no handshake into the server, it happen and i can connect only when i use the Windows and/or Android clients...) :

Building dependency tree...,
Reading state information...,
linux-headers-5.5.0-0.bpo.2-amd64 is already the newest version (5.5.17-1bpo10+1).,
wireguard is already the newest version (1.0.20200510-118.04).,
0 upgraded, 0 newly installed, 0 to remove and 197 not upgraded.,
Client mode selected.,
[cont-init.d] 30-config: exited 0.,
[cont-init.d] 99-custom-scripts: executing... ,
[custom-init] no custom files found exiting...,
[cont-init.d] 99-custom-scripts: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
Warning: /config/wg0.conf' is world accessible, [services.d] done., [#] ip link add wg0 type wireguard, [#] wg setconf wg0 /dev/fd/63, .:53, CoreDNS-1.6.9, linux/amd64, go1.14.1, 1766568, [#] ip -4 address add 10.13.12.3/32 dev wg0, [#] ip link set mtu 1420 up dev wg0, [#] ip -4 route add 128.0.0.0/1 dev wg0, [#] ip -4 route add 0.0.0.0/1 dev wg0, [INFO] SIGTERM: Shutting down servers then terminating, Caught SIGTERM signal!, [cont-finish.d] executing container finish scripts..., [cont-finish.d] done., [s6-finish] waiting for services., Warning: /config/wg0.conf' is world accessible,
[#] ip link delete dev wg0,
s6-svwait: fatal: supervisor died,
[s6-finish] sending all processes the TERM signal.,
[s6-finish] sending all processes the KILL signal and exiting.,
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 01-envfile: executing... ,
[cont-init.d] 01-envfile: exited 0.,
[cont-init.d] 10-adduser: executing... ,
usermod: no changes,
,
-------------------------------------,
_ (),
| | ___ _ _,
| | / | | | / \ ,
| | _ \ | | | () |,
|| |/ || _/,
,
,
Brought to you by linuxserver.io,
-------------------------------------,
,
To support the app dev(s) visit:,
WireGuard: https://www.wireguard.com/donations/,
,
To support LSIO projects visit:,
https://www.linuxserver.io/donate/,
-------------------------------------,
GID/UID,
-------------------------------------,
,
User uid: 1000,
User gid: 100,
-------------------------------------,
,
[cont-init.d] 10-adduser: exited 0.,
[cont-init.d] 30-config: executing... ,
Hit:1 http://deb.debian.org/debian buster InRelease,
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease,
Hit:3 http://deb.debian.org/debian buster-backports InRelease,
Hit:4 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic InRelease,
Hit:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease,
Hit:6 http://archive.ubuntu.com/ubuntu bionic-security InRelease,
Reading package lists...,
Reading package lists...,
Building dependency tree...,
Reading state information...,
linux-headers-5.5.0-0.bpo.2-amd64 is already the newest version (5.5.17-1bpo10+1).,
wireguard is already the newest version (1.0.20200510-118.04).,
0 upgraded, 0 newly installed, 0 to remove and 197 not upgraded.,
Client mode selected.,
[cont-init.d] 30-config: exited 0.,
[cont-init.d] 99-custom-scripts: executing... ,
[custom-init] no custom files found exiting...,
[cont-init.d] 99-custom-scripts: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
Warning: `/config/wg0.conf' is world accessible,
.:53,
CoreDNS-1.6.9,
linux/amd64, go1.14.1, 1766568,
[#] ip link add wg0 type wireguard,
[#] wg setconf wg0 /dev/fd/63,
[#] ip -4 address add 10.13.12.3/32 dev wg0,
[#] ip link set mtu 1420 up dev wg0,
[#] ip -4 route add 128.0.0.0/1 dev wg0,
[#] ip -4 route add 0.0.0.0/1 dev wg0,

from docker-wireguard.

If you're not seeing a handshake on the server, then the client is not able to reach the server. Depending on the redacted info, it could be dns or general networking issue. Hard for us to say.

Also, how are you testing the connection? Try exec'ing into the container and pinging IPs and addresses.

You also didn't set a dns address in your config.

Given this is a client set up and you're providing all the client and server configs, and a lot of things are redacted and unknown to us, I'm not sure how we can help you troubleshoot to be honest.

from docker-wireguard.

Yes, as you suggested the client was not able to ping, i then added to the wg0 config a dns like 1.1.1.1 and rebuilded the container, but it can't still ping outside and the log expose a couple of errors:

Unpacking wireguard (1.0.20200510-1~18.04) ...

[#] ip -4 route add 0.0.0.0/1 dev wg0,
Setting up wireguard (1.0.20200510-1~18.04) ...

Client mode selected.,
[cont-init.d] 30-config: exited 0.,
[cont-init.d] 99-custom-scripts: executing... ,
Setting up wireguard-dkms (1.0.20200429-2~18.04) ...

Loading new wireguard-1.0.20200429 DKMS files...

It is likely that 5.5.0-0.bpo.2-amd64 belongs to a chroot's host

Building for 4.19.0-8-amd64, 4.9.0-12-amd64 and 5.5.0-0.bpo.2-amd64

Module build for kernel 4.19.0-8-amd64 was skipped since the

kernel headers for this kernel does not seem to be installed.

Module build for kernel 4.9.0-12-amd64 was skipped since the

Building initial module for 5.5.0-0.bpo.2-amd64

Error! The dkms.conf for this module includes a BUILD_EXCLUSIVE directive which

does not match this kernel/arch. This indicates that it should not be built.

Setting up wireguard-tools (1.0.20200510-1~18.04) ...

[custom-init] no custom files found exiting...,
[cont-init.d] 99-custom-scripts: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
Warning: `/config/wg0.conf' is world accessible,
[#] ip link add wg0 type wireguard,
.:53,
CoreDNS-1.6.9,
linux/amd64, go1.14.1, 1766568,
[#] wg setconf wg0 /dev/fd/63,
[#] ip -4 address add 10.13.12.3/32 dev wg0,
[#] ip link set mtu 1420 up dev wg0,
[#] resolvconf -a tun.wg0 -m 0 -x,
[#] ip -4 route add 128.0.0.0/1 dev wg0

If i just restart the container the log show no errors but can't still ping outside:

Reading package lists...,
Building dependency tree...,
Reading state information...,
linux-headers-5.5.0-0.bpo.2-amd64 is already the newest version (5.5.17-1~ bpo10+1)
wireguard is already the newest version (1.0.20200510-1~18.04).
0 upgraded, 0 newly installed, 0 to remove and 197 not upgraded
Client mode selected.
[cont-init.d] 30-config: exited 0.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
Warning: `/config/wg0.conf' is world accessible
[services.d] done.
.:53
CoreDNS-1.6.9
linux/amd64, go1.14.1, 1766568
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.13.12.3/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a tun.wg0 -m 0 -x
[#] ip -4 route add 128.0.0.0/1 dev wg0
[#] ip -4 route add 0.0.0.0/1 dev wg0

Something to add is that the machine it is a VPS, i tried to setup the server instead of the client and it works, i can connect to it from both Win and Android clients, i then builded a container wich is made to connect as client to NordVPN via Wireguard and it works, i can connect that container to a choosen wireguard server, container's image is here https://github.com/bubuntux/nordvpn

Sudo hostnamectl returns:

Static hostname: xxxx
Icon name: computer-vm
Chassis: vm
Machine ID: xxxxxxxx
Boot ID: xxxxxxx
Virtualization: kvm
Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 5.5.0-0.bpo.2-amd64
Architecture: x86-64

sudo lsb_release -a returns:

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster

from docker-wireguard.

You can try the latest build. If it doesn't work, you can open a new issue and fill out the template with full logs.

from docker-wireguard.