[WireGuard] Virtual Private Network

tituspijean · March 2, 2021, 4:57pm

Solution found, and first post updated. Thanks for your feedback!

(it was the port forwarding being disabled in sysctl.conf)

mabra70 · March 21, 2021, 6:04pm

I hope to be of help to someone:
on my Yunohost installation I also had to uncomment “net.ipv6.conf.all.forwarding = 1” to be able to access the internet via the VPN.

Thanks to all of you, with your comments I was able to create my own unlimited and private VPN on my VPS.

tituspijean · March 21, 2021, 11:14pm

Oh right, thanks! I have updated the instructions.

tituspijean · March 23, 2021, 4:12pm

Hello all,

Testing summary

A testing release is available for wireguard_ynh! Follow the instructions on the first post of the thread to know how to test it, feedback is most welcome.

Merging in 3 days if no critical error is reported.

2021-03-31: A new release for wireguard_ynh is available:

Adding the repository GPG key to ease the installation
Remove prompt for path, since it can only be installed at the root of a domain so far
Cleanup all the services installed by the app (now you should have one for the UI as before, and one for the VPN itself that should appear actually running).

Enjoy!

Mamie · April 4, 2021, 10:16am

Impossible to upgrade, due to backup failed (nothing to backup)

Here is the log : https://paste.yunohost.org/raw/eqovovuheb

(I’ll uninstall and reinstall)

dcba · April 5, 2021, 8:08am

Hello, I want to try wireguard on yunohost so I have to :

install the app with yh graphic interface
open the yunohost firewall on the port xxx(?)
enable port forwarding in /etc/sysctl.conf and postup script and postdown scripts

Is that it ?

tituspijean · April 5, 2021, 10:49am

Yes to all, except:

WireGuard’s port is automatically opened on YunoHost’s side. However if you are self-hosting at home, you will need to open and forward this same port to your server in your modem.

cousiyou · April 5, 2021, 11:01am

installation sans probleme.Merci

tituspijean · April 5, 2021, 11:03am

Thanks for the report! Had you tried a testing version, or a partial upgrade beforehand? This file no longer exists in the new version, but it should be here in the older ones.

If something similar happens to someone else, do not hesitate to report it.
Meanwhile, you can also add --not_mandatory after ynh_backup --src_path=/etc/systemd/system/wireguard.path and similar lines into /etc/yunohost/apps/wireguard/scripts/backup and restore.

dcba · April 5, 2021, 12:02pm

I’ve installed wiregard with yunohost but wg0 was missing and modprobe didnt found wireguard.

After ,

sudo apt-get install linux-headers-$(uname -r)
sudo wg-quick up wg0

It worked.

tituspijean · April 5, 2021, 7:43pm

Hello, thanks for the report! I was about to add this dependency manually in a previous version, but I thought the dependency was always added by WireGuard.

What is your system architecture?

dcba · April 11, 2021, 2:56pm

VPS debian

arkadi · April 15, 2021, 7:19am

Silly question, how do I get a Linux client to work with this. I tried this:

$ wg setconf wg0 wg0.conf      
Line unrecognized: `Address=10.10.10.1/32'
Configuration parsing error

But it didn’t like it.

I also tried using Wireguard on Android with the QR code, but I use LineageOS with no Google services so maybe something is causing it to not work there. It keeps trying to handshake.

Wireguard always makes me feel stupid

tituspijean · April 15, 2021, 7:28am

Me too… it is always trial and error with this app.

First can you check that your VPN server is actually running with sudo wg?
Then on you clients, copy the xg0.conf file in /etc/wireguard/, then you can use sudo wg-quick up wg0

Your lack of handshake makes me think the server is not running, hence the first check.

Mamie · April 15, 2021, 8:11am

Same env here too, this is not due to the lack of Google.
I had the same exact problem with handshake.
And it was solved, I do not remember how.
I recently re-installed the app and now I have the handshake problem again.

tituspijean · April 15, 2021, 8:18am

I will run some more tests, I think it is linked to the fact I want all commands to be run by the wireguard user, while some seem to require root.

arkadi · April 15, 2021, 8:49am

regarding the Android handshake issue:

[253888342,com.wireguard.android.activity.SettingsActivity,RESUME_ACTIVITY]
04-15 15:37:36.144 29478 29478 I wm_on_top_resumed_gained_called: [253888342,com.wireguard.android.activity.SettingsActivity,topStateChangedWhenResumed]
04-15 15:37:36.668 29478 29478 I wm_on_stop_called: [139448018,com.wireguard.android.activity.MainActivity,STOP_ACTIVITY_ITEM]
04-15 15:37:40.083 29478 29478 I wm_on_top_resumed_lost_called: [253888342,com.wireguard.android.activity.SettingsActivity,topStateChangedWhenResumed]
04-15 15:37:40.090 29478 29478 I wm_on_paused_called: [253888342,com.wireguard.android.activity.SettingsActivity,performPause]
04-15 15:37:40.123 29478 29478 I wm_on_create_called: [163269339,com.wireguard.android.activity.LogViewerActivity,performCreate]
04-15 15:37:40.125 29478 29478 I wm_on_start_called: [163269339,com.wireguard.android.activity.LogViewerActivity,handleStartActivity]
04-15 15:37:40.126 29478 29478 I wm_on_resume_called: [163269339,com.wireguard.android.activity.LogViewerActivity,RESUME_ACTIVITY]
04-15 15:37:40.130  1433  1433 I auditd  : type=1400 audit(0.0:2703): avc: denied { read } for comm="logcat" name="secd" dev="mmcblk0p43" ino=943 scontext=u:r:untrusted_app:s0:c208,c256,c512,c768 tcontext=u:object_r:secd_exec:s0 tclass=file permissive=0 app=com.wireguard.android
04-15 15:37:40.137 29478 29478 I wm_on_top_resumed_gained_called: [163269339,com.wireguard.android.activity.LogViewerActivity,topStateChangedWhenResumed]
04-15 15:37:40.656 29478 29478 I wm_on_stop_called:

This looks like some sort of permission problem maybe?

04-15 15:37:40.130 1433 1433 I auditd : type=1400 audit(0.0:2703): avc: denied { read } for comm="logcat" name="secd" dev="mmcblk0p43" ino=943 scontext=u:r:untrusted_app:s0:c208,c256,c512,c768 tcontext=u:object_r:secd_exec:s0 tclass=file permissive=0 app=com.wireguard.android

EDIT: It is working. Android/LineageOS all A-OK with Wireguard.

tituspijean · April 15, 2021, 9:51am

Can you run the command sudo wg on the server?

arkadi · April 15, 2021, 10:00am

Ah everything is working now! Even on my phone.

Didn’t know to put the wg0.conf file in /etc/wireguard. Thank you!

Also it was a rookie move to forget to open router port

Wow this app makes Wireguard so accessible! Thanks so much!

To test it was working, I just did ipleak.net before and after using wireguard. With wireguard i have the same address as my home internet/server internet. i can also web browse on my phone with no problems.

are there other tests we should be doing to ensure everything is working properly?

Mamie · April 15, 2021, 10:06am

Still not working on my side (phone only, so I did not try to use the wg0.conf file as it seems to be for client only)

sudo wg
  public key: TLApL5dllCQQN/+kFrSBxxPaYN1VG35uYygXDp7GMRY=
  private key: (hidden)
  listening port: 8095

I tried to restart the wg-quick@wg service, and yunohost-firewall, but still no handshake.

And I still have a wireguard service listed, unknown to the system, that was still here when my old installation was removed.
Failed to get status information via dbus for service wireguard, systemctl didn't recognize this service ('NoSuchUnit').