search

binhex / arch-qbittorrentvpn

Docker build script for Arch Linux base with qBittorrent, Privoxy and OpenVPN
GNU General Public License v3.0
444 stars 47 forks source link

Error: WireGuard interface failed to come 'up', exit code is '1' #127

Open brazyptian96 opened 2 years ago

brazyptian96 commented 2 years ago

I'm using binhex/arch-qbittorrentvpn using the latest tag.

Machine Specs: Ubuntu 18.04.6 LTS and kernel Linux 5.4.0-97-generic

Here is link to the supervisord.log as requested: https://pastebin.com/h9KY61Ac

Thank you!

s3rverro0m commented 2 years ago

So I think you have a few problems here.

I see:

2022-02-08 15:32:48,082 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2022-02-08 15:32:48,083 DEBG 'start-script' stderr output:
sysctl: permission denied on key "net.ipv4.conf.all.src_valid_mark"

and then the lib/modules issue.

To fix the /lib/modules issue I had to specify where /lib/modules was located. So under volumes I added - /lib/modules:/lib/modules.

Can you paste your docker-compose or docker run?

brazyptian96 commented 2 years ago

First, thanks for the quick response.

So I think you have a few problems here.

I see:

2022-02-08 15:32:48,082 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2022-02-08 15:32:48,083 DEBG 'start-script' stderr output:
sysctl: permission denied on key "net.ipv4.conf.all.src_valid_mark"

I tried running the docker container as privileged and still ran into this error.

and then the lib/modules issue.

To fix the /lib/modules issue I had to specify where /lib/modules was located. So under volumes I added - /lib/modules:/lib/modules.

Would I place this under volumes? I'm using Portainer to manage the docker container.

Can you paste your docker-compose or docker run?

Here is my yaml file: https://pastebin.com/HGzzTRbp

I'm using PlexGuide for my setup.

brazyptian96 commented 2 years ago

Wow, my reading skills are failing me. I'm adding it to volumes now.....

Edit 1: Fixed my lib/module errors I believe. Here is an updated log link: https://pastebin.com/TberQ1xQ

s3rverro0m commented 2 years ago

Wow, my reading skills are failing me. I'm adding it to volumes now.....

Heh, all good.

I'm not too sure about pertainer since I've used it once way in the beginning but, this is my docker-compose so you can base it off of that:

version: "3.7"

services:
  qbittorrentvpn:
    image: binhex/arch-qbittorrentvpn:4.3.9-2-01
    #image: binhex/arch-qbittorrentvpn:latest
    container_name: qbittorrentvpn
    restart: unless-stopped
    privileged: true
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv4.ip_forward=1
    networks:
      - traefik
    ports:
      - 8383:8383
    volumes:
      - ${USERDIR}/assets/qbittorrentvpn/config:/config
      - /mnt/downloads:/data
      - /mnt/media:/media
      - /etc/localtime:/etc/localtime:ro
      - /lib/modules:/lib/modules
    env_file: ${USERDIR}/assets/qbittorrentvpn/qbittorrentvpn.env
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.qbittorrentvpn-rtr.entrypoints=https"
      - "traefik.http.routers.qbittorrentvpn-rtr.rule=Host(`qbit.${DOMAINNAME}`)"
      - "traefik.http.routers.qbittorrentvpn-rtr.tls=true"
      - "traefik.http.routers.qbittorrentvpn-rtr.tls.certresolver=dns-cloudflare"
      ## Middlewares
      - "traefik.http.routers.qbittorrentvpn-rtr.middlewares=secure-chain@file"
      ## HTTP Services
      - "traefik.http.routers.qbittorrentvpn-rtr.service=qbittorrentvpn-svc"
      - "traefik.http.services.qbittorrentvpn-svc.loadbalancer.server.port=8383"

networks:
  traefik:
    name: traefik
    external: true
brazyptian96 commented 2 years ago

Thanks for passing along your docker-compose.

I was able to get rid of the lib/module errors, but still run into the same overall Wireguard interface error. I can't find any major differences from your docker-compose and my current setup. I also specified pulling the binhex/arch-qbittorrentvpn:4.3.9-2-01 image.

Any other ideas as to what might be causing this issue?

s3rverro0m commented 2 years ago

Thanks for passing along your docker-compose.

I was able to get rid of the lib/module errors, but still run into the same overall Wireguard interface error. I can't find any major differences from your docker-compose and my current setup. I also specified pulling the binhex/arch-qbittorrentvpn:4.3.9-2-01 image.

Any other ideas as to what might be causing this issue?

Can you try creating the WireGuard interface manually on your server without having Qbit do it?

I think I know what might be breaking it, but I just want to make sure.

brazyptian96 commented 2 years ago

Can you try creating the WireGuard interface manually on your server without having Qbit do it?

I think I know what might be breaking it, but I just want to make sure.

Sure thing, could you point me to a tutorial on that or where I can find those commands? Thank you!

brazyptian96 commented 2 years ago

So I'm using the official Wireguard website quick start guide (found here: https://www.wireguard.com/quickstart/)

When I try to execute command wg setconf wg0 wg0.conf from command line in docker I am met with the following error:

Line unrecognized: `PostUp='/root/wireguardup.sh''
Configuration parsing error
brazyptian96 commented 2 years ago

Alright, after some Googling realized I need to be using wg-quick. Used that and came across this error.

https://pastebin.com/9wFpWGNw

s3rverro0m commented 2 years ago

Alright, after some Googling realized I need to be using wg-quick. Used that and came across this error.

https://pastebin.com/9wFpWGNw

Okay so it looks like you're having the same issue that Qbit is pointing out which is good.

Can you try sudo sysctl net.ipv4.conf.all.src_valid_mark=1 from CLI? Not in docker.

brazyptian96 commented 2 years ago

I executed this line of code on my host Ubuntu system. It ran fine and showed:

net.ipv4.conf.all.src_valid_mark=1

s3rverro0m commented 2 years ago

I executed this line of code on my host Ubuntu system. It ran fine and showed:

net.ipv4.conf.all.src_valid_mark=1

And now if you try to bring up qbit again it still doesn't work, right? Make sure to set privileged: true

brazyptian96 commented 2 years ago

And now if you try to bring up qbit again it still doesn't work, right? Make sure to set privileged: true

Correct, it’s a privileged container and still shows the same error. I also tried the manual wg-quick commands too.

s3rverro0m commented 2 years ago

And now if you try to bring up qbit again it still doesn't work, right? Make sure to set privileged: true

Correct, it’s a privileged container and still shows the same error. I also tried the manual wg-quick commands too.

Yeah I'm not 100% sure how else to fix this. The only other thing I can think of is giving the container a specific pid and gid to a user on the system.

nickgreen43 commented 2 years ago

Any progress on this? I am getting the same error myself now

' qbittorrent | 2022-07-29 21:17:34,558 DEBG 'start-script' stderr output: qbittorrent | modprobe: FATAL: Module iptable_mangle not found in directory /lib/modules/5.10.16.3-microsoft-standard-WSL2 qbittorrent | qbittorrent | 2022-07-29 21:17:34,558 DEBG 'start-script' stdout output: qbittorrent | [warn] Unable to load iptable_mangle module using modprobe, trying insmod... qbittorrent | qbittorrent | 2022-07-29 21:17:34,559 DEBG 'start-script' stderr output: qbittorrent | insmod: ERROR: could not load module /lib/modules/iptable_mangle.ko: No such file or directory qbittorrent | qbittorrent | 2022-07-29 21:17:34,559 DEBG 'start-script' stdout output: qbittorrent | [warn] Unable to load iptable_mangle module, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN qbittorrent | [info] unRAID/Ubuntu users: Please attempt to load the module by executing the following on your host: '/sbin/modprobe iptable_mangle' qbittorrent | [info] Synology users: Please attempt to load the module by executing the following on your host: 'insmod /lib/modules/iptable_mangle.ko' qbittorrent | qbittorrent | 2022-07-29 21:17:34,596 DEBG 'start-script' stdout output: qbittorrent | [info] Default route for container is 172.18.0.1 qbittorrent | qbittorrent | 2022-07-29 21:17:34,604 DEBG 'start-script' stdout output: qbittorrent | [info] Docker network defined as 172.18.0.0/16 qbittorrent | qbittorrent | 2022-07-29 21:17:34,606 DEBG 'start-script' stdout output: qbittorrent | [info] Adding 192.168.0.1/24 as route via docker eth0 qbittorrent | qbittorrent | 2022-07-29 21:17:34,607 DEBG 'start-script' stderr output: qbittorrent | Error: Invalid prefix for given prefix length. qbittorrent | qbittorrent | 2022-07-29 21:17:34,607 DEBG 'start-script' stdout output: qbittorrent | [info] ip route defined as follows... qbittorrent | -------------------- qbittorrent | qbittorrent | 2022-07-29 21:17:34,608 DEBG 'start-script' stdout output: qbittorrent | default via 172.18.0.1 dev eth0 qbittorrent | 172.18.0.0/16 dev eth0 proto kernel scope link src 172.18.0.3 qbittorrent | qbittorrent | 2022-07-29 21:17:34,608 DEBG 'start-script' stdout output: qbittorrent | broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 qbittorrent | local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 qbittorrent | local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 qbittorrent | broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 qbittorrent | broadcast 172.18.0.0 dev eth0 table local proto kernel scope link src 172.18.0.3 qbittorrent | local 172.18.0.3 dev eth0 table local proto kernel scope host src 172.18.0.3 qbittorrent | broadcast 172.18.255.255 dev eth0 table local proto kernel scope link src 172.18.0.3 qbittorrent | local ::1 dev lo proto kernel metric 0 pref medium qbittorrent | local fe80::42:acff:fe12:3 dev eth0 proto kernel metric 0 pref medium qbittorrent | fe80::/64 dev eth0 proto kernel metric 256 pref medium qbittorrent | multicast ff00::/8 dev eth0 proto kernel metric 256 pref medium qbittorrent | qbittorrent | 2022-07-29 21:17:34,608 DEBG 'start-script' stdout output: qbittorrent | -------------------- qbittorrent | qbittorrent | 2022-07-29 21:17:35,901 DEBG 'start-script' stdout output: qbittorrent | [info] iptables defined as follows... qbittorrent | -------------------- qbittorrent | qbittorrent | 2022-07-29 21:17:35,902 DEBG 'start-script' stdout output: qbittorrent | -P INPUT DROP qbittorrent | -P FORWARD DROP qbittorrent | -P OUTPUT DROP qbittorrent | -A INPUT -s 172.18.0.0/16 -d 172.18.0.0/16 -j ACCEPT qbittorrent | -A INPUT -s 68.235.43.82/32 -i eth0 -j ACCEPT qbittorrent | -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT qbittorrent | -A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT qbittorrent | -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT qbittorrent | -A INPUT -i lo -j ACCEPT qbittorrent | -A INPUT -i wg0 -j ACCEPT qbittorrent | -A OUTPUT -s 172.18.0.0/16 -d 172.18.0.0/16 -j ACCEPT qbittorrent | -A OUTPUT -d 68.235.43.82/32 -o eth0 -j ACCEPT qbittorrent | -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT qbittorrent | -A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT qbittorrent | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT qbittorrent | -A OUTPUT -o lo -j ACCEPT qbittorrent | -A OUTPUT -o wg0 -j ACCEPT qbittorrent | qbittorrent | 2022-07-29 21:17:35,903 DEBG 'start-script' stdout output: qbittorrent | -------------------- qbittorrent | qbittorrent | 2022-07-29 21:17:35,905 DEBG 'start-script' stdout output: qbittorrent | [info] Attempting to bring WireGuard interface 'up'... qbittorrent | qbittorrent | 2022-07-29 21:17:35,913 DEBG 'start-script' stderr output: qbittorrent | Warning: `/config/wireguard/wg0.conf' is world accessible qbittorrent | qbittorrent | 2022-07-29 21:17:35,921 DEBG 'start-script' stderr output: qbittorrent | [#] ip link add wg0 type wireguard qbittorrent | qbittorrent | 2022-07-29 21:17:35,923 DEBG 'start-script' stderr output: qbittorrent | [#] wg setconf wg0 /dev/fd/63 qbittorrent | qbittorrent | 2022-07-29 21:17:35,981 DEBG 'start-script' stderr output: qbittorrent | [#] ip -4 address add 10.65.208.232/32 dev wg0 qbittorrent | qbittorrent | 2022-07-29 21:17:35,984 DEBG 'start-script' stderr output: qbittorrent | [#] ip link set mtu 1420 up dev wg0 qbittorrent | qbittorrent | 2022-07-29 21:17:36,052 DEBG 'start-script' stderr output: qbittorrent | [#] resolvconf -a wg0 -m 0 -x qbittorrent | qbittorrent | 2022-07-29 21:17:36,058 DEBG 'start-script' stderr output: qbittorrent | could not detect a useable init system qbittorrent | qbittorrent | 2022-07-29 21:17:36,077 DEBG 'start-script' stderr output: qbittorrent | [#] wg set wg0 fwmark 51820 qbittorrent | qbittorrent | 2022-07-29 21:17:36,078 DEBG 'start-script' stderr output: qbittorrent | [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 qbittorrent | qbittorrent | 2022-07-29 21:17:36,078 DEBG 'start-script' stderr output: qbittorrent | [#] ip -4 rule add not fwmark 51820 table 51820 qbittorrent | qbittorrent | 2022-07-29 21:17:36,079 DEBG 'start-script' stderr output: qbittorrent | [#] ip -4 rule add table main suppress_prefixlength 0 qbittorrent | qbittorrent | 2022-07-29 21:17:36,081 DEBG 'start-script' stderr output: qbittorrent | [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 qbittorrent | qbittorrent | 2022-07-29 21:17:36,082 DEBG 'start-script' stderr output: qbittorrent | [#] iptables-restore -n qbittorrent | qbittorrent | 2022-07-29 21:17:36,301 DEBG 'start-script' stderr output: qbittorrent | Warning: Extension CONNMARK revision 0 not supported, missing kernel module? qbittorrent | qbittorrent | 2022-07-29 21:17:36,302 DEBG 'start-script' stderr output: qbittorrent | iptables-restore: line 7 failed qbittorrent | qbittorrent | 2022-07-29 21:17:36,303 DEBG 'start-script' stderr output: qbittorrent | [#] resolvconf -d wg0 -f qbittorrent | qbittorrent | 2022-07-29 21:17:36,307 DEBG 'start-script' stderr output: qbittorrent | could not detect a useable init system qbittorrent | qbittorrent | 2022-07-29 21:17:36,324 DEBG 'start-script' stderr output: qbittorrent | [#] ip -4 rule delete table 51820 qbittorrent | qbittorrent | 2022-07-29 21:17:36,326 DEBG 'start-script' stderr output: qbittorrent | [#] ip -4 rule delete table main suppress_prefixlength 0 qbittorrent | qbittorrent | 2022-07-29 21:17:36,330 DEBG 'start-script' stderr output: qbittorrent | [#] ip link delete dev wg0 qbittorrent | qbittorrent | 2022-07-29 21:17:36,701 DEBG 'start-script' stdout output: qbittorrent | [warn] WireGuard interface failed to come 'up', exit code is '1' '

brazyptian96 commented 2 years ago

Hey, unfortunately no progress was made on this error. I abandoned use because of it. If you are able to find a solution, please post and let us know.

s3rverro0m commented 1 year ago

I just had this issue when I didn't specify where my /lib/modules were located (I commented it out). Make sure under volumes that you have - <your lib modules here>:/lib/modules. In my case it was - /lib/modules:/lib/modules. Double check that.