github-actions[bot]
commented
2 months ago Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
Open puttyman opened 2 months ago
github-actions[bot]
commented
2 months ago Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.
fskaeh
commented
2 months ago Same issue here on a Mac Mini M1 running Orbstack 1.7.2, but in client mode. The initial tunnel setup seems to go fine, but then there's no way to reach any host from inside the container.
[mod-init] Running Docker Modification Logic
[mod-init] Adding gabe565/linuxserver-mod-vuetorrent to container
[mod-init] Downloading gabe565/linuxserver-mod-vuetorrent from ghcr.io
[mod-init] Installing gabe565/linuxserver-mod-vuetorrent
[mod-init] gabe565/linuxserver-mod-vuetorrent applied to container
[migrations] started
[migrations] no migrations found
───────────────────────────────────────
██╗ ███████╗██╗ ██████╗
██║ ██╔════╝██║██╔═══██╗
██║ ███████╗██║██║ ██║
██║ ╚════██║██║██║ ██║
███████╗███████║██║╚██████╔╝
╚══════╝╚══════╝╚═╝ ╚═════╝
Brought to you by linuxserver.io
───────────────────────────────────────
To support the app dev(s) visit:
WireGuard: https://www.wireguard.com/donations/
To support LSIO projects visit:
https://www.linuxserver.io/donate/
───────────────────────────────────────
GID/UID
───────────────────────────────────────
User UID: 501
User GID: 20
───────────────────────────────────────
Linuxserver.io version: 1.0.20210914-r4-ls51
Build-date: 2024-09-12T11:23:25+00:00
───────────────────────────────────────
Uname info: Linux 12c31b6beec7 6.10.7-orbstack-00280-gd3b7ec68d3d4 #4 SMP Mon Sep 2 03:51:24 UTC 2024 aarch64 GNU/Linux
**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****
**** If your host does not automatically load the iptables module, you may still need the SYS_MODULE capability. ****
**** Client mode selected. ****
[custom-init] No custom files found, skipping...
**** Disabling CoreDNS ****
**** Found WG conf /config/wg_confs/wg0.conf, adding to list ****
**** Activating tunnel /config/wg_confs/wg0.conf ****
Warning: `/config/wg_confs/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.70.36.162/32 dev wg0
[#] ip -6 address add fc00:bbbb:bbbb:bb01::7:24a1/128 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables-restore -n
**** All tunnels are now active ****
[ls.io-init] done.
j0nnymoe
commented
2 months ago Unfortunately MacOS isn't a platform we test our containers on. While for the most part most of our containers should work on different OS's using docker desktop/orbstack, it's not something we provide primary support for: https://docs.linuxserver.io/misc/support-policy/#reasonable-endeavours-support .
thespad
commented
2 months ago As an aside you both need to check the output of wg show in the server container and confirm that there are current handshakes for the client, otherwise it means that the traffic is never reaching the server.
fskaeh
commented
2 months ago @thespad There's one hanshake at the start of the container, and new handshakes seemingly around every 2-ish minutes:
interface: wg0
public key: ***=
private key: (hidden)
listening port: 32818
fwmark: 0xca6c
peer: ***=
endpoint: [***]:51820
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 1 minute, 24 seconds ago
transfer: 4.88 MiB received, 969.48 KiB senta couple minutes later:
interface: wg0
public key: ***=
private key: (hidden)
listening port: 32818
fwmark: 0xca6c
peer: ***=
endpoint: [***]:51820
allowed ips: 0.0.0.0/0, ::/0
latest handshake: 12 seconds ago
transfer: 5.02 MiB received, 1.13 MiB sentAt the moment of typing this, I'm even able to ping google.com from inside the container eventhough I made no change whatsoever either to the wg config or to my docker setup. I'm suspecting it may be a Mullvad issue because the connection loss seems to be intermittent. I'll keep an eye on it and report back.
EDIT: by the time I was done typing this, the issue happened again, I now cannot ping any host from inside the container 🤔
strk1204
commented
2 months ago Just wanted to chime in and add that I'm having the same issue with a similar setup, albeit this is impacting all VPN providers (public and self-hosted.) I get about 2-4 minutes of throughput if I'm lucky, then handshakes stop. Rolling back the container to an older version seems to fix this for now.
I don't see any errors, with the only sign found in wg show, with the last handshake ever increasing.
fskaeh
commented
2 months ago Just wanted to chime in and add that I'm having the same issue with a similar setup, albeit this is impacting all VPN providers (public and self-hosted.) I get about 2-4 minutes of throughput if I'm lucky, then handshakes stop. Rolling back the container to an older version seems to fix this for now.
I don't see any errors, with the only sign found in
wg show, with the last handshake ever increasing.
Could you let me know which tag you used to get it working please? I went back quite a few versions but had no such luck. 🫠
strk1204
commented
1 month ago Just wanted to chime in and add that I'm having the same issue with a similar setup, albeit this is impacting all VPN providers (public and self-hosted.) I get about 2-4 minutes of throughput if I'm lucky, then handshakes stop. Rolling back the container to an older version seems to fix this for now. I don't see any errors, with the only sign found in
wg show, with the last handshake ever increasing.Could you let me know which tag you used to get it working please? I went back quite a few versions but had no such luck. 🫠
I've tried a few now. Currently, I'm on version wireguard:v1.0.20210914-ls22, which has been ok. Some of the other old versions had the same issue. This version could still have that problem but I'm not sure yet.
fskaeh
commented
1 month ago @strk1204 gave it a try and it broke almost immediately, unfortunately. This makes me think it has more to do with the combination of Docker and MacOS.
strk1204
commented
1 month ago @strk1204 gave it a try and it broke almost immediately, unfortunately. This makes me think it has more to do with the combination of Docker and MacOS.
The same issue happened to me not long after you posted that.
If you're running Orbstack, it is a known issue and is worth downgrading.
LinuxServer-CI
commented
2 weeks ago This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.
Is there an existing issue for this?
Current Behavior
Expected Behavior
Steps To Reproduce
Environment
CPU architecture
x86-64
Docker creation
Container logs