Unable to start wireguard

cjinh · January 31, 2023, 9:48pm

My YunoHost server

Hardware: Personnal server
YunoHost version:
yunohost:
repo: testing
version: 11.1.4
yunohost-admin:
repo: testing
version: 11.1.3.1
moulinette:
repo: testing
version: 11.1.2.1
ssowat:
repo: testing
version: 11.1.3

I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : yes switch to testing some week ago about SSO issue with nextcloud

Description of my issue

I just installed Wireguard and did the first apply config
but service won’t start
I reboot the server too
Seems dkms module not loaded

uptime -s
2023-01-31 22:17:03

sudo dkms status
sudo: dkms : commande introuvable

lsmod | grep dkms
zsh: done       lsmod | 
zsh: exit 1     grep --color dkms


sudo dpkg -l "wireguard*" | grep ^ii
ii  wireguard          1.0.20210223-1 all          fast, modern, secure kernel VPN tunnel (metapackage)
ii  wireguard-tools    1.0.20210223-1 amd64        fast, modern, secure kernel VPN tunnel (userland utilities)
ii  wireguard-ynh-deps 0.4.0~ynh1     all          Fake package for wireguard (YunoHost app) dependencies


sudo iptables -L -vn | grep 8095
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:8095


sudo cat /etc/wireguard/wg0.conf
# This file was generated using wireguard-ui (https://github.com/ngoduykhanh/wireguard-ui)
# Please don't modify it manually, otherwise your change might get replaced.
blabla my config

The log during start jftr

janv. 31 22:38:06 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
janv. 31 22:38:06 wg-quick[3951]: [#] ip link add wg0 type wireguard
janv. 31 22:38:06 wg-quick[3951]: [#] wg setconf wg0 /dev/fd/63
janv. 31 22:38:06 wg-quick[3951]: [#] ip -4 address add 10.10.10.0/24 dev wg0
janv. 31 22:38:06 wg-quick[3951]: [#] ip -6 address add fd42::/112 dev wg0
janv. 31 22:38:06 wg-quick[3970]: RTNETLINK answers: Permission denied
janv. 31 22:38:06 wg-quick[3951]: [#] ip link delete dev wg0
janv. 31 22:38:06 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
janv. 31 22:38:06 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
janv. 31 22:38:06 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
janv. 31 22:38:56 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
janv. 31 22:38:56 wg-quick[4036]: [#] ip link add wg0 type wireguard
janv. 31 22:38:56 wg-quick[4036]: [#] wg setconf wg0 /dev/fd/63
janv. 31 22:38:56 wg-quick[4036]: [#] ip -4 address add 10.10.10.0/24 dev wg0
janv. 31 22:38:56 wg-quick[4036]: [#] ip -6 address add fd42::/112 dev wg0
janv. 31 22:38:56 wg-quick[4056]: RTNETLINK answers: Permission denied
janv. 31 22:38:56 wg-quick[4036]: [#] ip link delete dev wg0
janv. 31 22:38:56 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
janv. 31 22:38:56 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
janv. 31 22:38:56 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

Cheers

cjinh · February 1, 2023, 1:37pm

Si je regarde la doc sa parle de passer par les depots backport

J’imagine qu’ajouter le dépot sur yunohost n’est pas une idée …
Si on regarde la version fournit par le depot debian on est sur 1.0.20210223-1
alors que sur la doc 1.0.20210914

tituspijean · February 1, 2023, 1:39pm

DKMS and backports are not needed YunoHost 11.

This happens while IPv6 rules are set.
Can you have a look to this? Wireguard ipv6 RTNETLINK answers: Permission denied [SOLVED] | Bodhi Linux Forums (boards.net) Does your server have a public IPv6?

cjinh · February 1, 2023, 1:41pm

No IPv6 I’ll give a try thanks you

tituspijean · February 1, 2023, 1:45pm

OK let me know. We might need to disable WireGuard IPv6 rules if the server does not handle it.

cjinh · February 1, 2023, 1:46pm

it’s worked thanks a lot

sudo sysctl -p /etc/sysctl.d/wireguard-custom.conf
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

sudo systemctl start wg-quick@wg0.service        

sudo systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor preset: enabled)
     Active: active (exited) since Wed 2023-02-01 14:45:03 CET; 13s ago

I create custom file because we already have /etc/sysctl.d/wireguard.conf

system · February 16, 2023, 1:47pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.