Closed act28 closed 3 years ago
Same error for me when using wireguard and pia:
2020-12-08 16:23:11,506 DEBG 'start-script' stdout output: [info] Attempting to bring WireGuard interface 'up'...
2020-12-08 16:23:11,576 DEBG 'start-script' stderr output: Warning: `/config/wireguard/wg0.conf' is world accessible
2020-12-08 16:23:11,586 DEBG 'start-script' stderr output: [#] ip link add wg0 type wireguard
2020-12-08 16:23:11,589 DEBG 'start-script' stderr output: RTNETLINK answers: Operation not supported
2020-12-08 16:23:11,593 DEBG 'start-script' stderr output: Unable to access interface: Protocol not supported
2020-12-08 16:23:11,595 DEBG 'start-script' stderr output: [#] ip link delete dev wg0
2020-12-08 16:23:11,606 DEBG 'start-script' stderr output: Cannot find device "wg0"
2020-12-08 16:23:11,609 DEBG 'start-script' stdout output: [warn] WireGuard interface failed to come 'up', exit code is '1'
2020-12-08 16:23:13,202 DEBG fd 11 closed, stopped monitoring <POutputDispatcher at 140321434388656 for <Subprocess at 140321434387984 with name pyrocore-script in state RUNNING> (stdout)> 2020-12-08 16:23:13,202 DEBG fd 15 closed, stopped monitoring <POutputDispatcher at 140321434505808 for <Subprocess at 140321434387984 with name pyrocore-script in state RUNNING> (stderr)> 2020-12-08 16:23:13,202 INFO exited: pyrocore-script (exit status 0; expected) 2020-12-08 16:23:13,202 DEBG received SIGCHLD indicating a child quit
2020-12-08 16:23:11,589 DEBG 'start-script' stderr output:
RTNETLINK answers: Operation not supported
2020-12-08 16:23:11,593 DEBG 'start-script' stderr output:
Unable to access interface: Protocol not supported
this is indicative of old kernel, if you are running kernel older than 5.6 then you will need to load in the required modules to support wireguard.
Indeed, I'm trying to run the container on Synology and the kernel is 4.4.59. I managed to load the module using https://github.com/runfalk/synology-wireguard. However there seems to be another problem (sorry for hijacking the thread, I'm not sure if it's related). The version of iptables on my nas is 1.6.0
2020-12-08 17:55:20,039 DEBG 'start-script' stdout output: [info] Attempting to bring WireGuard interface 'up'...
2020-12-08 17:55:20,106 DEBG 'start-script' stderr output: Warning: `/config/wireguard/wg0.conf' is world accessible
2020-12-08 17:55:20,118 DEBG 'start-script' stderr output: [#] ip link add wg0 type wireguard
2020-12-08 17:55:20,123 DEBG 'start-script' stderr output: [#] wg setconf wg0 /dev/fd/63
2020-12-08 17:55:20,131 DEBG 'start-script' stderr output: [#] ip -4 address add 10.11.134.106 dev wg0
2020-12-08 17:55:20,152 DEBG 'start-script' stderr output: [#] ip link set mtu 1420 up dev wg0
2020-12-08 17:55:20,217 DEBG 'start-script' stderr output: [#] wg set wg0 fwmark 51820
2020-12-08 17:55:20,223 DEBG 'start-script' stderr output: [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
2020-12-08 17:55:20,225 DEBG 'start-script' stderr output: [#] ip -4 rule add not fwmark 51820 table 51820
2020-12-08 17:55:20,229 DEBG 'start-script' stderr output: [#] ip -4 rule add table main suppress_prefixlength 0
2020-12-08 17:55:20,236 DEBG 'start-script' stderr output: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
2020-12-08 17:55:20,273 DEBG 'start-script' stderr output: [#] iptables-restore -n
2020-12-08 17:55:20,277 DEBG 'start-script' stderr output: iptables-restore v1.8.5 (legacy): iptables-restore: unable to initialize table 'raw'
Error occurred at line: 1 Try `iptables-restore -h' or 'iptables-restore --help' for more information.
2020-12-08 17:55:20,288 DEBG 'start-script' stderr output: [#] ip -4 rule delete table 51820
2020-12-08 17:55:20,305 DEBG 'start-script' stderr output: [#] ip -4 rule delete table main suppress_prefixlength 0
2020-12-08 17:55:20,320 DEBG 'start-script' stderr output: [#] ip link delete dev wg0
2020-12-08 17:55:20,357 DEBG 'start-script' stdout output: [warn] WireGuard interface failed to come 'up', exit code is '1'
I have tried this on my 918+ as well. Had the same issue. I gave up on it eventually.
this is indicative of old kernel, if you are running kernel older than 5.6 then you will need to load in the required modules to support wireguard.
Well, that's disappointing that 5.4 LTS isn't supported... even though my distro does have wireguard-dkms
enabled...
# dkms install wireguard/1.0.20201112
Module wireguard/1.0.20201112 already installed on kernel 5.4.80-2-MANJARO/x86_64
@act28 There may be hope for you yet! I'm using the same distro and same kernel version on my PC, I'm having the same output for the command you mentioned and yet the container is running perfectly fine for me using wireguard !
@binhex if you don't have time, can you point us in a direction to look in the code for synology users? It seems that the script is running fine until one of the last steps, the iptables-restore command.. Thank you for your help. It's a real advantage using wireguard as the speeds are x3-4 faster. Also should we create another ticket as @act28 is trying to run the container on another OS ?
if you don't have time, can you point us in a direction to look in the code for synology users? It seems that the script is running fine until one of the last steps, the iptables-restore command..
is the iptables-restore command shown in your wireguard config file?, if so try removing it.
is the iptables-restore command shown in your wireguard config file?, if so try removing it.
If we are talking about the wg0.conf created from the container then no, for the interface there is only the address, private key, postUp and postDown (wireguardup.sh and wireguarddown.sh)
i see it occuring in my log (successfully) too, so it must be part of wireguard init, ok can you confirm you have set the container to privileged and added in the required flag to your docker run command:-
--sysctl="net.ipv4.conf.all.src_valid_mark=1"
Yes, I've added the required flags in the run command
--sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --privileged=true \
and inside Docker GUI in Synology it's correctly showing as executed using high privilege
im out of ideas for now then, i can confirm it works fine on the vast majority of people's systems, so this has to be something related to synology, perhaps you are still missing certain kernel modules, see here:- https://forums.gentoo.org/viewtopic-t-658895-start-0.html
similar issue for LSIO docker image running wireguard for Synology user:- https://github.com/linuxserver/docker-wireguard/issues/60
Ok, thank you! It's really annoying, fingers crossed with DSM 7 there will be some improvements...
Wireguard interface did not come up. Device not found.