(Raspberry Pi 4B)RTNETLINK answers: Operation not supported Unable to access interface: Protocol not supported

[osias10]

If you are new to Docker or this application our issue tracker is ONLY used for reporting bugs or requesting features. Please use our discord server for general support.

---

Expected Behavior

Docker container loads correctly

Current Behavior

Docker container errors during start

Steps to Reproduce

1.docker create \ --name=wireguard \ --cap-add=NET_ADMIN \ --cap-add=SYS_MODULE \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Asia/Seoul \ -e SERVERURL=jaeryurp.duckdns.org \ -e SERVERPORT=51820 \ -e PEERS=3 \ -e PEERDNS=8.8.8.8 \ -e INTERNAL_SUBNET=10.13.13.0 \ -p 51820:51820/udp \ -v /home/pi/docker/wireguard/config:/config \ -v /lib/modules:/lib/modules \ -v /usr/src:/usr/src \ --sysctl="net.ipv4.conf.all.src_valid_mark=1" \ --restart=on-failure:10 \ linuxserver/wireguard:arm32v7-latest

2. docker start wireguard
3. docker logs -f wireguard
4. then I can get this log

[cont-init.d] 30-config: exited 0. [cont-init.d] 99-custom-scripts: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-scripts: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. [#] ip link add wg0 type wireguard RTNETLINK answers: Operation not supported Unable to access interface: Protocol not supported [#] ip link delete dev wg0 Cannot find device "wg0" .:53 CoreDNS-1.6.9

Environment

Device: Raspberry Pi 4B (4GB) OS: Raspberry Pi OS (32-bit) (version: May 2020) CPU architecture: arm32
How docker service was installed:

Command used to create docker container (run/create/compose/screenshot)

Docker logs

https://pastebin.com/ybwWanpA

[osias10]

I did these steps upgrade the kernel (sudo apt-get dist-upgrade) reboot Recreate the container but same error

[grrygh]

I did these steps upgrade the kernel (sudo apt-get dist-upgrade) reboot Recreate the container but same error

I'm also facing the same issue recently, it happens on both my Raspberry PI OS 32-bit and 64-bit.

[mschuh]

First of all, thanks linuxserver.io for the project and all the docker images! Seems to me that issues #34, #36 and this one are all linked to the same problem.

After running into the same error as the OP I've shell logged into the running container. Issuing

sudo modprobe -vvv wireguard

told me that the dkms was searching for the wireguard kernel modules into host folders. In my case, with a raspbian buster kernel 4.19.118-v7l+ it was /lib/modules/4.19.118-v7l+/

Some research led me to this thread where installing wireguard-dkms in the host appeared to solve the problem. I am no docker expert and this seems to break the container principle, even though this article claims that this is necessary for wireguard. I proceeded with the installation following the initial steps of this guide and it worked!

These are the required commands (to be run on the host):

sudo su  
apt update && apt upgrade 
apt install raspberrypi-kernel-headers libelf-dev libmnl-dev build-essential git
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt install dirmngr
wget -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add -
apt update
apt install wireguard-dkms

This is just a workaround, I still have the problem with the flash-kernel saying that the platform is not supported. At least the wg0 device is now being properly initialized and the connection to the VPN works :smile:

[osias10]

Thankyou for your answer

I tried the commands you gave me but I get same error

this is my result when i command sudo modprobe -vvv wireguard

https://pastebin.com/TgShKdkY

[mschuh]

@osias10 did you run the last set of commands on the host or in the docker container? They are supposed to be run on the host. When you install the wireguard-dkms package the output should be similar to this https://pastebin.com/GVUqbRzp And then when you do a ls /sys/module/ you should see the wireguard module there

Looking at your logs, firstly the sudo modprobe -vvv wireguard should be run inside the container. To do that shell log into it using

sudo docker exec -it wireguard /bin/bash

Even though this was run on the host, the errors appear at lines 27 and 28

modprobe: DEBUG: ../libkmod/libkmod-module.c:1750 kmod_module_get_initstate() could not open '/sys/module/wireguard/initstate': No such file or directory

Also there is some ipv6 stuff in your log, try also to disable ipv6 when creating the container with

--sysctl="net.ipv6.conf.all.disable_ipv6=0"

[osias10]

I ran (sudo su ~~~~apt install wireguard-dkms) commands on the host https://pastebin.com/23XMZcra (when i ran apt install wireguard-dkms) but i can't see the wireguard module in /sys/module/

this is my docker logs(https://pastebin.com/eHnKcNEH)

and this is result when i ran sudo mdprobe -vvv wireguard in docker container (https://pastebin.com/Wskw3nK6)

[mschuh]

You should not need to install the wireguard package in the host, only wireguard-dkms. To manually remove the kernel module on the host:

sudo rmmod -vvv wireguard

And to manually insert it

sudo modprobe -vvv wireguard

You should get a line that says insmod /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko. Could you post the full log of the manual insertion again? And please, reboot your rpi4 before doing that for sanity purposes.

[osias10]

Thankyou

I tried it after reboot this is manually remove and insert on the host(https://pastebin.com/86916hts)

And this is insmod /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko

pi@raspberrypi:~ $ insmod /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko insmod: ERROR: could not load module /lib/modules/4.19.118-v7l+/kernel/net/wireg uard.ko: No such file or directory pi@raspberrypi:~ $ sudo su root@raspberrypi:/home/pi# insmod /lib/modules/4.19.118-v7l+/kernel/net/wireguar d.ko insmod: ERROR: could not load module /lib/modules/4.19.118-v7l+/kernel/net/wireg uard.ko: No such file or directory root@raspberrypi:/home/pi# ls -l /lib/modules/ 합계 20 drwxr-xr-x 3 root root 4096 6월 17 15:40 4.19.118+ drwxr-xr-x 3 root root 4096 6월 17 15:41 4.19.118-v7+ drwxr-xr-x 4 root root 4096 6월 17 15:41 4.19.118-v7l+ drwxr-xr-x 3 root root 4096 6월 16 14:25 4.19.118-v8+ drwxr-xr-x 4 root root 4096 6월 17 16:07 5.3.0-1027-raspi2

[mschuh]

Okay, the line 3 of the log is normal because the wireguard module was not loaded in the host kernel (again, you can verifiy that it is loaded with ls /sys/module/).

Looking at the rest of the log, modprobe searches for the module in /lib/modules/4.19.118-v7l+/extra/wireguard.ko instead of /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko

Firstly, verify that you do have the wireguard.ko module in the regular path with ls /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko. If it does exist, create a symlink to the path desired by modprobe

sudo mkdir -p /lib/modules/4.19.118-v7l+/extra/
sudo ln -s /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko /lib/modules/4.19.118-v7l+/extra/wireguard.ko

The insmod is not actually a command, just a line that should appear in your log (and it does appear at line 115).

[osias10]

I can't find wireguard module in (ls /sys/module)... pi@raspberrypi:~ $ ls -al /sys/module 합계 0 drwxr-xr-x 140 root root 0 6월 17 17:50 . dr-xr-xr-x 12 root root 0 1월 1 1970 .. drwxr-xr-x 5 root root 0 6월 17 17:49 8021q drwxr-xr-x 3 root root 0 2월 14 2019 8250 drwxr-xr-x 3 root root 0 2월 14 2019 auth_rpcgss drwxr-xr-x 3 root root 0 2월 14 2019 bcm2708_fb drwxr-xr-x 7 root root 0 6월 17 17:49 bcm2835_codec drwxr-xr-x 5 root root 0 6월 17 17:49 bcm2835_mmal_vchiq drwxr-xr-x 3 root root 0 2월 14 2019 bcm2835_mmc drwxr-xr-x 7 root root 0 6월 17 17:49 bcm2835_v4l2 drwxr-xr-x 3 root root 0 6월 17 17:49 blk_cgroup drwxr-xr-x 3 root root 0 6월 17 17:49 block drwxr-xr-x 6 root root 0 6월 17 17:49 bluetooth drwxr-xr-x 6 root root 0 6월 17 17:49 bnep drwxr-xr-x 5 root root 0 6월 17 17:49 br_netfilter drwxr-xr-x 7 root root 0 6월 17 17:49 brcmfmac drwxr-xr-x 5 root root 0 6월 17 17:49 brcmutil drwxr-xr-x 3 root root 0 2월 14 2019 brd drwxr-xr-x 5 root root 0 6월 17 17:49 bridge drwxr-xr-x 5 root root 0 6월 17 17:49 btbcm drwxr-xr-x 5 root root 0 6월 17 17:49 btintel drwxr-xr-x 5 root root 0 6월 17 17:49 btrtl drwxr-xr-x 7 root root 0 6월 17 17:49 btusb drwxr-xr-x 3 root root 0 2월 14 2019 cachefiles drwxr-xr-x 6 root root 0 6월 17 17:49 cfg80211 drwxr-xr-x 5 root root 0 6월 17 17:49 cmac drwxr-xr-x 2 root root 0 2월 14 2019 configfs drwxr-xr-x 3 root root 0 6월 17 17:49 cpufreq drwxr-xr-x 3 root root 0 6월 17 17:49 cryptomgr drwxr-xr-x 3 root root 0 6월 17 17:49 debug_core drwxr-xr-x 3 root root 0 2월 14 2019 dns_resolver drwxr-xr-x 6 root root 0 6월 17 17:49 drm drwxr-xr-x 6 root root 0 6월 17 17:49 drm_kms_helper drwxr-xr-x 5 root root 0 6월 17 17:49 drm_panel_orientation_quirks drwxr-xr-x 3 root root 0 2월 14 2019 dwc_otg drwxr-xr-x 5 root root 0 6월 17 17:49 ecdh_generic drwxr-xr-x 3 root root 0 2월 14 2019 fb drwxr-xr-x 5 root root 0 6월 17 17:49 fb_sys_fops drwxr-xr-x 3 root root 0 6월 17 17:49 firmware_class drwxr-xr-x 3 root root 0 2월 14 2019 fscache drwxr-xr-x 3 root root 0 2월 14 2019 fscrypto drwxr-xr-x 6 root root 0 6월 17 17:49 fuse drwxr-xr-x 6 root root 0 6월 17 17:49 garp drwxr-xr-x 3 root root 0 2월 14 2019 genet drwxr-xr-x 5 root root 0 6월 17 17:49 gpu_sched drwxr-xr-x 7 root root 0 6월 17 17:49 hci_uart drwxr-xr-x 3 root root 0 2월 14 2019 hid drwxr-xr-x 5 root root 0 6월 17 17:49 hwmon drwxr-xr-x 5 root root 0 6월 17 17:49 i2c_dev drwxr-xr-x 5 root root 0 2월 14 2019 ip_tables drwxr-xr-x 5 root root 0 6월 17 17:49 ipt_MASQUERADE drwxr-xr-x 6 root root 0 6월 17 17:49 ipv6 drwxr-xr-x 3 root root 0 6월 17 17:49 kdb drwxr-xr-x 3 root root 0 2월 14 2019 kernel drwxr-xr-x 3 root root 0 6월 17 17:49 keyboard drwxr-xr-x 3 root root 0 6월 17 17:49 kgdboc drwxr-xr-x 4 root root 0 2월 14 2019 lan78xx drwxr-xr-x 5 root root 0 6월 17 17:49 llc drwxr-xr-x 3 root root 0 6월 17 17:49 lockd drwxr-xr-x 3 root root 0 6월 17 17:49 loop drwxr-xr-x 5 root root 0 6월 17 17:49 media drwxr-xr-x 3 root root 0 2월 14 2019 mmcblk drwxr-xr-x 3 root root 0 6월 17 17:49 module drwxr-xr-x 3 root root 0 2월 14 2019 mousedev drwxr-xr-x 3 root root 0 2월 14 2019 netpoll drwxr-xr-x 6 root root 0 6월 17 17:49 nf_conntrack drwxr-xr-x 5 root root 0 6월 17 17:49 nf_conntrack_netlink drwxr-xr-x 5 root root 0 6월 17 17:49 nf_defrag_ipv4 drwxr-xr-x 5 root root 0 6월 17 17:49 nf_defrag_ipv6 drwxr-xr-x 5 root root 0 6월 17 17:49 nf_nat drwxr-xr-x 5 root root 0 6월 17 17:49 nf_nat_ipv4 drwxr-xr-x 5 root root 0 6월 17 17:49 nf_tables drwxr-xr-x 5 root root 0 6월 17 17:49 nfnetlink drwxr-xr-x 3 root root 0 6월 17 17:49 nfs drwxr-xr-x 3 root root 0 6월 17 17:49 nfs_layout_nfsv41_files drwxr-xr-x 3 root root 0 2월 14 2019 nfsv4 drwxr-xr-x 5 root root 0 6월 17 17:49 nft_chain_nat_ipv4 drwxr-xr-x 5 root root 0 6월 17 17:49 nft_compat drwxr-xr-x 5 root root 0 6월 17 17:49 nft_counter drwxr-xr-x 6 root root 0 6월 17 17:49 overlay drwxr-xr-x 3 root root 0 6월 17 17:49 pcie_brcmstb drwxr-xr-x 3 root root 0 6월 17 17:49 printk drwxr-xr-x 3 root root 0 6월 17 17:49 r8152 drwxr-xr-x 3 root root 0 6월 17 17:49 random drwxr-xr-x 6 root root 0 6월 17 17:49 raspberrypi_hwmon drwxr-xr-x 3 root root 0 2월 14 2019 rcupdate drwxr-xr-x 3 root root 0 6월 17 17:49 rcutree drwxr-xr-x 6 root root 0 6월 17 17:49 rfcomm drwxr-xr-x 6 root root 0 6월 17 17:49 rfkill drwxr-xr-x 3 root root 0 2월 14 2019 rng_core drwxr-xr-x 6 root root 0 6월 17 17:49 rpivid_mem drwxr-xr-x 3 root root 0 6월 17 17:49 scsi_mod drwxr-xr-x 3 root root 0 6월 17 17:49 scsi_transport_iscsi drwxr-xr-x 3 root root 0 2월 14 2019 sdhci drwxr-xr-x 5 root root 0 6월 17 17:49 serdev drwxr-xr-x 4 root root 0 6월 17 17:49 smsc95xx drwxr-xr-x 6 root root 0 6월 17 17:49 snd drwxr-xr-x 7 root root 0 6월 17 17:49 snd_bcm2835 drwxr-xr-x 5 root root 0 6월 17 17:49 snd_compress drwxr-xr-x 6 root root 0 6월 17 17:49 snd_pcm drwxr-xr-x 5 root root 0 6월 17 17:49 snd_pcm_dmaengine drwxr-xr-x 6 root root 0 6월 17 17:49 snd_soc_core drwxr-xr-x 6 root root 0 6월 17 17:49 snd_timer drwxr-xr-x 3 root root 0 6월 17 17:49 spurious drwxr-xr-x 3 root root 0 6월 17 17:49 srcutree drwxr-xr-x 5 root root 0 6월 17 17:49 stp drwxr-xr-x 3 root root 0 2월 14 2019 sunrpc drwxr-xr-x 5 root root 0 6월 17 17:49 syscopyarea drwxr-xr-x 5 root root 0 6월 17 17:49 sysfillrect drwxr-xr-x 5 root root 0 6월 17 17:49 sysimgblt drwxr-xr-x 3 root root 0 2월 14 2019 sysrq drwxr-xr-x 3 root root 0 6월 17 17:49 tcp_cubic drwxr-xr-x 5 root root 0 6월 17 17:49 uio drwxr-xr-x 6 root root 0 6월 17 17:49 uio_pdrv_genirq drwxr-xr-x 4 root root 0 2월 14 2019 usb_storage drwxr-xr-x 4 root root 0 6월 17 17:49 usbcore drwxr-xr-x 4 root root 0 2월 14 2019 usbhid drwxr-xr-x 6 root root 0 6월 17 17:49 v3d drwxr-xr-x 5 root root 0 6월 17 17:49 v4l2_common drwxr-xr-x 6 root root 0 6월 17 17:49 v4l2_mem2mem drwxr-xr-x 6 root root 0 6월 17 17:49 vc4 drwxr-xr-x 3 root root 0 6월 17 17:49 vc_mem drwxr-xr-x 6 root root 0 6월 17 17:49 vc_sm_cma drwxr-xr-x 5 root root 0 6월 17 17:50 veth drwxr-xr-x 6 root root 0 6월 17 17:49 videobuf2_common drwxr-xr-x 5 root root 0 6월 17 17:49 videobuf2_dma_contig drwxr-xr-x 5 root root 0 6월 17 17:49 videobuf2_memops drwxr-xr-x 6 root root 0 6월 17 17:49 videobuf2_v4l2 drwxr-xr-x 5 root root 0 6월 17 17:49 videobuf2_vmalloc drwxr-xr-x 5 root root 0 6월 17 17:49 videodev drwxr-xr-x 3 root root 0 2월 14 2019 vt drwxr-xr-x 3 root root 0 6월 17 17:49 watchdog drwxr-xr-x 3 root root 0 6월 17 17:49 workqueue drwxr-xr-x 5 root root 0 2월 14 2019 x_tables drwxr-xr-x 3 root root 0 6월 17 17:49 xhci_hcd drwxr-xr-x 5 root root 0 6월 17 17:49 xt_addrtype drwxr-xr-x 5 root root 0 6월 17 17:49 xt_conntrack drwxr-xr-x 5 root root 0 6월 17 17:49 xt_nat drwxr-xr-x 5 root root 0 6월 17 17:49 xt_tcpudp drwxr-xr-x 2 root root 0 6월 17 17:49 xz_dec

and i can't find wireguard.ko in /lib/modules/4.19.118-v7l+/kernel/net/wireguard.ko

root@raspberrypi:/home/pi# ls /lib/modules/4.19.118-v7l+/kernel/net/ 6lowpan atm can key mpls openvswitch sunrpc 802 ax25 core l2tp netfilter rfkill wimax 8021q batman-adv ieee802154 llc netrom rose wireless 9p bluetooth ipv4 mac80211 nfc sched xfrm appletalk bridge ipv6 mac802154 nsh sctp

[mschuh]

You will only have wireguard in /sys/module once it is correctly loaded by modprobe. Please edit your last message and remove the unreadable logs.

Go to /lib/modules and search for wireguard.ko with

find . -name 'wireguard.ko'

If nothing is there, it means that your wireguard-dkms installation did not work. Please purge it and reinstall it

sudo apt purge wireguard-dkms
sudo apt install wireguard-dkms

[grrygh]

apt update

Thank you, this solution works for me!!

[aptalca]

@mschuh you seem pretty knowledgeable on kernel modules. Mind a quick look at this PR? https://github.com/linuxserver/docker-wireguard/pull/39 It tries to determine if the module is installed, loaded and works fine before attempting to mess with headers and compile from source. We'd appreciate some feedback.

Thanks

[mschuh]

Done @aptalca! Seems to be a good approach for host systems that already have the wireguard kernel module installed. Should #39 solve this issue though? Originally the problem happens in a fresh raspbian buster host, with no wireguard or dkms packages installed. It's still not clear for me if something must be done on the host for this to work of it should work out of the box on raspbian as it does on ubuntu with the HWE.

I could test this on my rpi4 if the image corresponding to #39 is available somewhere (easier). Also doable if I have to build it myself, but I don't know what's your hurry on merging this.

[aptalca]

@mschuh Previously, we were taking the lazy approach of letting the wireguard ubuntu ppa package take care of building the module. We assumed that they would implement the necessary tests and such so we didn't have to reinvent the wheel. Unfortunately that wasn't the case. The latest version of the package does some funky things and broke the module build process in a lot of cases (even on plain ubuntu bionic with a 4.15 kernel).

In PR #39 we not only add the necessary tests, but we also compile the module from source (no more ppa package). We now have a lot more control over the process and can make it more verbose.

The hwe kernel fix above was just a band-aid to get around the issue the ppa package introduced. I was able to reproduce it on a digitalocean droplet with bionic and 4.15 kernel, with the same flash-kernel errors. The new method of compiling from source works just fine there.

This here is the new image (with typos fixed): lspipepr/wireguard:v1.0.20200513-pkg-9fe5b6c6-pr-39 and it's multi-arch so it should work on your rpi4

[aptalca]

You can try the latest build. If it doesn't work, you can open a new issue and fill out the template with full logs.

[mschuh]

Thanks a lot for the thorough explanation @aptalca

Indeed, a lot more painful to build it from source than using the ppa packages, but glad that it solves the problem and even more without requiring anything installed in the host OS.

Since last friday I am suffering from an ISP internet shortage so I am not able to test the image right now. As soon as this is solved I will test it in my rpi4 and come back if any problems appear.