Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

centos7 host based debian docker image failed to implement boringtun in usersapce #394

Open
Mon-ius opened this issue Feb 15, 2024 · 0 comments
Open

centos7 host based debian docker image failed to implement boringtun in usersapce #394

Mon-ius opened this issue Feb 15, 2024 · 0 comments

Comments

@Mon-ius
Copy link

Mon-ius commented Feb 15, 2024
edited

For Host info:

OS: CentoS Linux 7 (Core) x86_64
Host: Google Compute Engine_64
Kernel: 3.10.0-1160.105.1.el7.x86_64
Uptime: 30 mins
Packages: 356 (rpm)
Shell: bash 4.2.46
Terminal: /dev/pts/0
CPU: Intel Xeon (1) @ 2.199GHz
Memory: 337M1B / 3534MiB

Run docker command:

sudo docker run --privileged --restart=always -itd \
    --name warp \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --sysctl net.ipv4.conf.all.src_valid_mark=1 \
    --cap-add NET_ADMIN --cap-add SYS_MODULE \
    -p 9091:9091 \
    -v /lib/modules:/lib/modules \
    debian:bookworm

Inside container commands:

apt-get -qq update \
&& apt-get -qq install curl net-tools \
&& apt-get -qq install --no-install-recommends dante-server iproute2 procps iptables openresolv kmod wireguard \
&& apt-get -qq autoremove --purge && apt-get clean

IFACE=$(ip route show default | grep default | awk '{print $5}')
IPv4=$(ifconfig "$IFACE" | awk '/inet /{print $2}' | cut -d' ' -f2)
IPv6=$(ifconfig "$IFACE" | awk '/inet6 /{print $2}' | cut -d' ' -f2)

sed -i "/\[Interface\]/a PostDown = ip -6 rule delete from ${IPv6} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostUp = ip -6 rule add from ${IPv6} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from ${IPv4} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostUp = ip -4 rule add from ${IPv4} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from 127.0.0.1 lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostUp = ip -4 rule add from 127.0.0.1 lookup main" wgcf-profile.conf

userspace_wg="https://github.com/Mon-ius/boringtun/releases/download/v0.6.0/boringtun-cli-x86_64-unknown-linux-musl.tar.gz"
curl -fsSL "${userspace_wg}" | tar -xz -C /usr/bin
WG_QUICK_USERSPACE_IMPLEMENTATION=/usr/bin/boringtun-cli WG_SUDO=1 wg-quick up warp

Inside container error:

WG_QUICK_USERSPACE_IMPLEMENTATION=/usr/bin/boringtun-cli WG_SUDO=1 wg-quick up warp
[#] ip link add warp type wireguard
RTNETLINK answers: Operation not supported
[!] Missing WireGuard kernel module. Falling back to slow userspace implementation.
[#] /usr/bin/boringtun-cli warp
BoringTun started successfully
[#] wg setconf warp /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev warp
[#] ip -6 address add 2606:4700:110:8275:f99:f7ee:1969:ab37/128 dev warp
[#] ip link set mtu 1280 up dev warp
[#] resolvconf -a warp -m 0 -x
[#] wg set warp fwmark 51820
[#] ip -6 route add ::/0 dev warp table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
ip6tables-restore v1.8.9 (nf_tables):
line 3: TABLE_ADD failed (No such file or directory): table raw
[#] resolvconf -d warp -f
[#] ip -6 rule delete table 51820
[#] ip -6 rule delete table main suppress_prefixlength 0
[#] ip link delete dev warp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Mon-ius