search

bubuntux / nordlynx

GNU General Public License v3.0
204 stars 43 forks source link

PrivateKey not populated in /etc/wireguard/wg0.conf when using PRIVATE_KEY_FILE #91

Closed jtmackoy closed 1 year ago

jtmackoy commented 2 years ago

Describe the bug

When using PRIVATE_KEY_FILE environment variable in my docker compose yml, three things happen:

  1. I receive the following in the container's log: 
    [2022-08-10T01:36:09-05:00] Connecting...
[#] 
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
Line unrecognized: `PrivateKey='
Configuration parsing error
[#] ip link delete dev wg0
[2022-08-10T01:36:09-05:00] Connected! \(ᵔᵕᵔ)/
  2. the PrivateKey = line under [Interface] in /etc/wireguard/wg0.conf isn't populated.
  3. as shown above, the log reports the tunnel is established, but because thewg0 interface is gone after the connection is made, nothing reaches the Internet from that container.

To Reproduce using docker CLI

N/A - have only used Docker Compose at this point.

To Reproduce using docker-compose

Working

services:
  nordvpn:
    container_name: nordvpn
    image: bubuntux/nordlynx:latest
    cap_add:
      - NET_ADMIN                      # Required
    environment:                       # Review https://github.com/bubuntux/nordlynx#environment
      - NET_LOCAL=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 # So it can be accessed within the local network
      - PRIVATE_KEY=<censored>
      - PERSISTENT_KEEP_ALIVE=25
      - DNS=103.86.96.100,103.86.99.100 # NordVPN's DNS servers, to prevent DNS leaks
      - TZ=${TZ}
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1 # Disable IPv6

Not Working

services:
  nordvpn:
    container_name: nordvpn
    image: bubuntux/nordlynx:latest
    cap_add:
      - NET_ADMIN                      # Required
    environment:                       # Review https://github.com/bubuntux/nordlynx#environment
      - NET_LOCAL=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 # So it can be accessed within the local network
      - PRIVATE_KEY_FILE=/run/secrets/nordvpn #make sure this is owned by the context docker runs under
      - PERSISTENT_KEEP_ALIVE=25
      - DNS=103.86.96.100,103.86.99.100 # NordVPN's DNS servers, to prevent DNS leaks
      - TZ=${TZ}
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1 # Disable IPv6

Expected behavior

Use of the PRIVATE_KEY_FILE environment variable should result in the same behavior as PRIVATE_KEY.

Logs

See above.

Additional context

N/A - but happy to provide additional detail if needed.

tanty commented 2 years ago

Aren't you missing all the part defining the secrets in the composer file?

services:
  nordvpn:
    container_name: nordvpn
    image: bubuntux/nordlynx:latest
    cap_add:
      - NET_ADMIN                      # Required
    environment:                       # Review https://github.com/bubuntux/nordlynx#environment
      - NET_LOCAL=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 # So it can be accessed within the local network
      - PRIVATE_KEY_FILE=/run/secrets/nordvpn #make sure this is owned by the context docker runs under
      - PERSISTENT_KEEP_ALIVE=25
      - DNS=103.86.96.100,103.86.99.100 # NordVPN's DNS servers, to prevent DNS leaks
      - TZ=${TZ}
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1 # Disable IPv6

Like:

    secrets:
      - nordvpn 
secrets:
  nordvpn:
    file: ./privatekey.txt
github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.