Open sirLeone opened 2 years ago
Hi @sirLeone,
Please see the troubleshooting section in the Wiki. Specifically the question: wg-quick up returns error "unable to initialize table 'raw'
Your kernel does not have the iptables raw module. The raw module is only required if you use 0.0.0.0/0 or ::/0 in your wireguard config's AllowedIPs. A workaround is to instead set AllowedIPs to 0.0.0.0/1,128.0.0.0/1 for IPv4 or ::/1,8000::/1 for IPv6. These subnets cover the same range but do not invoke wg-quick's use of the iptables raw module.
If you do not want to use that workaround, you can also load the external module instead of using Ubiquiti's built-in wireguard module by setting LOAD_BUILTIN=0
in the setup_wireguard.sh
script. Loading the external module will also load the raw module if the module is compiled for your kernel in this package.
One question though, are you using wireguard as a server or client on the UXG? If using as a server, why are you using 0.0.0.0/0 and ::/0 for client peers? Shouldn't you be setting the correct subnets for each peer instead, or how will WireGuard know how to route which subnet to which Peer if all subnets go to both peers?
Hi @peacey Thank you for answer. Tried with 0.0.0.0/1 and it works :)
UXG is my home router and i would like to connect to my home lab from the internet. Second peer is for my wife' phone. I would like to have access to my lab and use my home internet connection while i am on vacations. Assuming this scenario am I wrong with provided config using 0.0.0.0/1 ?
@sirLeone, your configuration is not right for your use case. You should be using the /32 wireguard client IP for each client in the AllowedIPs section for that peer on your router's wireguard config.
You have two peers, each of them have their own unique IP assigned in their wireguard config Address section, right?
Say Peer 1 has IP 10.0.3.2/32 and Peer 2 has IP 10.0.3.3/32. Your router's wireguard config peer section should be like this
[Peer]
PublicKey = PUB_KEY1
AllowedIPs = 10.0.3.2/32
[Peer]
PublicKey = PUB_KEY2
AllowedIPs = 10.0.3.3/32
If you also assigned IPv6 addresses to your peer, you should also add them of course (as /128).
Package version
1.0.20211208
Firmware version
Device
UniFi UXG-PRO
Issue description
I cannot start wireguard with following command :
wg-quick up /etc/wireguard/wg0.conf
My wg0.conf file is like here :
Configuration and log output