Git Product home page Git Product logo

Comments (9)

jamesnyika avatar jamesnyika commented on August 17, 2024 10

Just adding a note for those who try to add
0.0.0.0/0 as an allowed IP.

This seems to result in this same exception but I am finding success using

0.0.0.0/1

Try that.. see if it solve the issue for you all

from docker-wireguard.

cdauth avatar cdauth commented on August 17, 2024 2

Won't that only enable the VPN for ip addresses 0.0.0.1 until 127.255.255.254?

Anyways, based on your suggestion I now set AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, and it seems to solve the problem for now.

from docker-wireguard.

aptalca avatar aptalca commented on August 17, 2024 1

Can you try this image? lsiodev/wireguard:v1.0.20200513-pkg-e7428e23-dev-eee89e028983ef22f18bfa2bdc17ee0c4a01df0c
I simplified the module test and it should no longer fail on iptables errors

from docker-wireguard.

aptalca avatar aptalca commented on August 17, 2024

Did you add the sysctl?

from docker-wireguard.

iyerusad avatar iyerusad commented on August 17, 2024

Did you add the sysctl?

No, I thought that was only for client mode. Is it needed for server mode?

Readme.md:
image

from docker-wireguard.

aptalca avatar aptalca commented on August 17, 2024

It was. But the new test for the module involves setting up a temporary wg client with the wireguard test/demo site, so it is now required. I'll update the readme. Please let us know if that solves it.

from docker-wireguard.

iyerusad avatar iyerusad commented on August 17, 2024

Attempted,

...however I have no idea if --sysctl net.ipv4.conf.all.src_valid_mark=1 is applied. Is there a way to check? The exported config does not show any sysctl settings.

Tested with new container:

docker create \
>   --cap-add=NET_ADMIN \
>   --cap-add=SYS_MODULE \
>   -e PEERS=1 \
>   -p 51820:51820/udp \
>   --network bridge \
>   --restart unless-stopped \
>   --sysctl net.ipv4.conf.all.src_valid_mark=1 \
>   --name=Wireguard \
>   linuxserver/wireguard:latest

390dcb0c7d7<snipped>

Running the container: docker start -ai Wireguard

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing... 
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
WireGuard: https://www.wireguard.com/donations/

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    911
User gid:    911
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing... 
**** It seems the wireguard module is already loaded, let's test to make sure it works. ****
[!] Warning: This server is for testing purposes only. You may not use this server for abusive or illegal purposes.
[+] Generating private key.
[+] Sending public key to server.
[+] Parsing server response.
[+] Writing config file.
[+] Success. Run `wg-quick up demo` to turn on the tunnel to the demo server and `wg-quick down demo` to turn it off.
[#] ip link add demo type wireguard
[#] wg setconf demo /dev/fd/63
[#] ip -4 address add 192.168.4.144/24 dev demo
[#] ip link set mtu 1420 up dev demo
[#] resolvconf -a tun.demo -m 0 -x
[#] wg set demo fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev demo table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
sysctl: setting key "net.ipv4.conf.all.src_valid_mark": Read-only file system
[#] iptables-restore -n
iptables-restore v1.6.1: iptables-restore: unable to initialize table 'raw'

Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[#] resolvconf -d tun.demo -f
[#] ip -4 rule delete table 51820
[#] ip link delete dev demo
**** The module is not functional, will attempt kernel header install and module compilation. ****
wg-quick: `demo' is not a WireGuard interface
**** Attempting kernel header install ****
Get:1 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic/multiverse Sources [216 kB]
Get:5 http://archive.ubuntu.com/ubuntu bionic/universe Sources [11.5 MB]
Get:6 http://archive.ubuntu.com/ubuntu bionic/restricted Sources [5,823 B]
Get:7 http://archive.ubuntu.com/ubuntu bionic/main Sources [1,063 kB]
Get:8 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1,344 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [186 kB]
Get:10 http://archive.ubuntu.com/ubuntu bionic/restricted amd64 Packages [13.5 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [11.3 MB]
Get:12 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse Sources [7,161 B]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/main Sources [411 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/universe Sources [372 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/restricted Sources [8,699 B]
Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [87.2 kB]
Get:17 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [1,270 kB]
Get:18 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [20.7 kB]
Get:19 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1,398 kB]
Get:20 http://archive.ubuntu.com/ubuntu bionic-security/main Sources [198 kB]
Get:21 http://archive.ubuntu.com/ubuntu bionic-security/restricted Sources [6,302 B]
Get:22 http://archive.ubuntu.com/ubuntu bionic-security/universe Sources [218 kB]
Get:23 http://archive.ubuntu.com/ubuntu bionic-security/multiverse Sources [3,233 B]
Get:24 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages [961 kB]
Get:25 http://archive.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [66.4 kB]
Get:26 http://archive.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [9,092 B]
Get:27 http://archive.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [861 kB]
Fetched 32.0 MB in 9s (3,719 kB/s)
Reading package lists...
**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****
**** Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****
^C[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

from docker-wireguard.

iyerusad avatar iyerusad commented on August 17, 2024

Can you try this image? lsiodev/wireguard:v1.0.20200513-pkg-e7428e23-dev-eee89e028983ef22f18bfa2bdc17ee0c4a01df0c
I simplified the module test and it should no longer fail on iptables errors

Looks like this one is working better:

docker pull lsiodev/wireguard:v1.0.20200513-pkg-e7428e23-dev-eee89e028983ef22f18bfa2bdc17ee0c4a01df0c

docker create \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PEERS=1 \
  -p 51820:51820/udp \
  --network bridge \
  --restart unless-stopped \
  --sysctl net.ipv4.conf.all.src_valid_mark=1 \
  --name=Wireguard \
  lsiodev/wireguard:v1.0.20200513-pkg-e7428e23-dev-eee89e028983ef22f18bfa2bdc17ee0c4a01df0c

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing... 
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \ 
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/


Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
WireGuard: https://www.wireguard.com/donations/

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    911
User gid:    911
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing... 
**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
**** Server mode is selected ****
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    14  100    14    0     0     35      0 --:--:-- --:--:-- --:--:--    35
**** SERVERURL var is either not set or is set to "auto", setting external IP to auto detected value of <snipped> ****
**** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container ****
**** Internal subnet is set to 10.13.13.0 ****
**** PEERDNS var is either not set or is set to "auto", setting peer DNS to 10.13.13.1 to use wireguard docker host's DNS. ****
**** No found wg0.conf found (maybe an initial install), generating 1 server and 1 peer/client confs ****
PEER 1 QR code: <snipped>
[cont-init.d] 30-config: exited 0.
[cont-init.d] 99-custom-scripts: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.13.13.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.13.13.2/32 dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
.:53
CoreDNS-1.7.0
linux/amd64, go1.14.4, f59c03d

from docker-wireguard.

aptalca avatar aptalca commented on August 17, 2024

Great, thanks. We'll merge it

from docker-wireguard.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.