Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't connect with anything after spinning up new version of Wirehole #123

Open
airdogvan opened this issue Feb 21, 2024 · 2 comments
Open

Can't connect with anything after spinning up new version of Wirehole #123

airdogvan opened this issue Feb 21, 2024 · 2 comments

Comments

@airdogvan
Copy link
Sponsor

airdogvan commented Feb 21, 2024
edited

On my Ubuntu 22 machine no error.
After wg-quick up:

#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.8.0.2/24 dev wg0
[#] ip link set mtu 1300 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] nft -f /dev/fd/63
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63

But I cannot connect to anything from my linux client and if I try to ping an external address:

ping 209.91.128.141                                                                                                                                                     ✔  2286  11:23:51
PING 209.91.128.141 (209.91.128.141) 56(84) bytes of data.
From 10.8.0.2 icmp_seq=1 Destination Port Unreachable
ping: sendmsg: Operation not permitted
From 10.8.0.2 icmp_seq=2 Destination Port Unreachable
ping: sendmsg: Operation not permitted

Tried on my phone (Android) and it said "connecting" without ever being connected. But the admin interface on the server (status) listed my phone as connected.

The previous version (with wg-easy) was working fine.

Thanks for looking into it.
@airdogvan
Copy link
Sponsor Author

Maybe providing the server logs might help:

wireguard-ui    | wg-quick: `wg0' is not a WireGuard interface
wireguard-ui    | [#] ip link add wg0 type wireguard
wireguard-ui    | [#] wg setconf wg0 /dev/fd/63
wireguard-ui    | [#] ip -4 address add 10.252.1.0/24 dev wg0
wireguard-ui    | [#] ip link set mtu 1450 up dev wg0
wireguard-ui    | [#]
wireguard       | [migrations] started
wireguard       | [migrations] no migrations found
wireguard       | ───────────────────────────────────────
wireguard       |
wireguard       |       ██╗     ███████╗██╗ ██████╗
wireguard       |       ██║     ██╔════╝██║██╔═══██╗
wireguard       |       ██║     ███████╗██║██║   ██║
wireguard       |       ██║     ╚════██║██║██║   ██║
wireguard       |       ███████╗███████║██║╚██████╔╝
wireguard       |       ╚══════╝╚══════╝╚═╝ ╚═════╝
wireguard       |
wireguard       |    Brought to you by linuxserver.io
wireguard       | ───────────────────────────────────────
wireguard       |
wireguard       | To support the app dev(s) visit:
wireguard       | WireGuard: https://www.wireguard.com/donations/
wireguard       |
wireguard       | To support LSIO projects visit:
wireguard       | https://www.linuxserver.io/donate/
wireguard       |
wireguard       | ───────────────────────────────────────
wireguard       | GID/UID
wireguard       | ───────────────────────────────────────
wireguard       |
wireguard       | User UID:    1000
wireguard       | User GID:    1000
wireguard       | ───────────────────────────────────────
wireguard       |
wireguard       | Uname info: Linux aa7e47965f86 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:25:40 UTC 2024 x86_64 GNU/Linux
wireguard       | **** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
wireguard       | **** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****
wireguard       | **** Client mode selected. ****
wireguard       | **** No client conf found. Provide your own client conf as "/config/wg0.conf" and restart the container. ****

@airdogvan
Copy link
Sponsor Author

Inside the wireguard container:

wg show
interface: wg0
  public key: dSqUpHft7RBHnEbCC+FR70HQmNhF892o9upk16QNnzs=
  private key: (hidden)
  listening port: 51820

peer: E+InEtlznjTBoYtaYHcYNLiL4uhz7BMGpch2zcc3mWI=
  preshared key: (hidden)
  endpoint: xxx.xxx.xxx.xxx:53454
  allowed ips: 10.252.1.2/32
  latest handshake: 53 seconds ago
  transfer: 249.68 KiB received, 3.00 MiB sent
  persistent keepalive: every 15 seconds

peer: zc6t+vBUuUtCti9ldHO2xuTjAg7CjayPETEQzEos014=
  preshared key: (hidden)
  allowed ips: 10.252.1.1/32
  persistent keepalive: every 15 seconds

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@airdogvan