search

angristan / wireguard-install

WireGuard VPN installer for Linux servers
https://stanislas.blog/2019/01/how-to-setup-vpn-server-wireguard-nat-ipv6/
MIT License
7.96k stars 1.3k forks source link

Another app is currently holding the xtables lock. #261

Closed squidds closed 2 years ago

squidds commented 3 years ago

Trying this script on Arch as an alternative to PiVPN. It works fine for my server config, but if I want to connect the server to mullvad and enable bother interfaces on boot, I get this error on my mullvad interface. If I disable wg0, my mullvad interface comes up just fine

`wg-quick@mullvad-us241.service - WireGuard via wg-quick(8) for mullvad/us241 Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sun 2021-08-15 19:23:10 EDT; 39s ago Docs: man:wg-quick(8) man:wg(8) https://www.wireguard.com/ https://www.wireguard.com/quickstart/ https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8 https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8 Process: 397 ExecStart=/usr/bin/wg-quick up mullvad-us241 (code=exited, status=4) Main PID: 397 (code=exited, status=4) CPU: 96ms

Aug 15 19:23:10 agbu wg-quick[397]: [#] ip -6 rule add table main suppress_prefixlength 0 Aug 15 19:23:10 agbu wg-quick[567]: [#] ip6tables-restore -n Aug 15 19:23:10 agbu wg-quick[568]: Another app is currently holding the xtables lock. Perhaps you want to use the -> Aug 15 19:23:10 agbu wg-quick[397]: [#] resolvconf -d mullvad-us241 -f Aug 15 19:23:10 agbu wg-quick[397]: [#] ip -6 rule delete table 51820 Aug 15 19:23:10 agbu wg-quick[397]: [#] ip -6 rule delete table main suppress_prefixlength 0 Aug 15 19:23:10 agbu wg-quick[397]: [#] ip link delete dev mullvad-us241 Aug 15 19:23:10 agbu systemd[1]: wg-quick@mullvad-us241.service: Main process exited, code=exited, status=4/NOPERMIS> Aug 15 19:23:10 agbu systemd[1]: wg-quick@mullvad-us241.service: Failed with result 'exit-code'. Aug 15 19:23:10 agbu systemd[1]: Failed to start WireGuard via wg-quick(8) for mullvad/us241. lines 1-23/23 (END)`

My Mullvad Config

`[Interface] PrivateKey = Address = 10.66.123.30/32,fc00:bbbb:bbbb:bb01::3:7b1d/128 DNS = 

            # Creates a new entry in the NAT table | For all packets that traverse through the out-interface mul>
            PostUp = iptables --table nat --append POSTROUTING --out-interface mullvad-us241 --source 0.0.0.0/0 >

            # Add a default route via the gateway on wlan0 interface for a routing table pivpn | All packets aga>
            PostUp = ip route add default via 192.168.1.1 dev enp1s0 table pivpn

            # All packets with FwMark 51820 to be routed against table pivpn | This is an important step because>
            PostUp = ip rule add fwmark 51820 table pivpn

            # OPTIONAL : If you need any ports open only from the Mullvad interface but not on wlan0, open a ran>
            PostUp = iptables --table filter -A INPUT --in-interface mullvad-us241 -p udp --dport 2836 -j ACCEPT

            # This section is executed when the wireguard interface is shutting down

            # All PreDown steps are inverse of PostUp statements so as to logically close the temporary setup wh>

            PreDown = iptables --table nat -D POSTROUTING --out-interface mullvad-us241 --source 0.0.0.0/0 --des>
            PreDown = ip route delete default via 192.168.1.1 dev enp1s0 table pivpn
            PreDown = ip rule delete fwmark 51820 table pivpn
            PreDown = iptables --table filter -D INPUT --in-interface mullvad-us241 -p udp --dport 2836 -j ACCEPT

[Peer] PublicKey = Endpoint = :51820 AllowedIPs = 0.0.0.0/0, ::/0 `

I can provide any other info if needed.