search

bubuntux / nordlynx

GNU General Public License v3.0
204 stars 43 forks source link

iptables-restore: unable to initialize table 'raw' #80

Closed mazzy89 closed 2 years ago

mazzy89 commented 2 years ago

Describe the bug

I've updated nordlynx container to the recent version. It was a while I was not update it. I believe for more than 6 month.

Now the interface does not come anymore up and I get the error:

iptables-restore v1.8.7 (legacy): iptables-restore: unable to initialize table 'raw'

To Reproduce using docker CLI

I'm using Podman so it's not relevant.

To Reproduce using docker-compose

I'm using Podman so it's not relevant.

Expected behavior

I would expect that the container would come up.

Logs

[2022-05-29T08:45:09+00:00] Connecting...
[#]
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.5.0.2/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables-restore -n
iptables-restore v1.8.7 (legacy): iptables-restore: unable to initialize table 'raw'

Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
[2022-05-29T08:45:10+00:00] Connected! \(ᵔᵕᵔ)/

It says connected but the container does not have a connection to the internet and wg show does not reveal any interface.

Additional context

It's running on UDM-PRO-SE as a podman container. It worked before the recent releases. The wireguard kernel and tools versions are

WireGuard Module Version: 1.0.20211208 WireGuard Tools Version: 1.0.20210914

mazzy89 commented 2 years ago

As suggested I've tried what recommended here https://github.com/linuxserver/docker-wireguard/issues/42#issuecomment-801420458 but w/o luck.

mazzy89 commented 2 years ago

So according to this https://github.com/linuxserver/docker-wireguard/issues/138#issuecomment-1003173623, I would need the iptables_raw kernel module but UDM Pro SE does not have it and it is not possible to load it anymore.

mazzy89 commented 2 years ago

I've fixed this by loding the kernel modules from here https://github.com/tusc/wireguard-kmod/blob/main/src/wireguard/setup_wireguard.sh#L63

Now it works. Closing.