search

masipcat / wireguard-go-docker

Wireguard docker image
https://hub.docker.com/r/masipcat/wireguard-go
GNU General Public License v3.0
182 stars 42 forks source link

ip: invalid argument '51820' to 'table' #2

Closed exponentactivity closed 4 years ago

exponentactivity commented 4 years ago

First of all, thank you for a docker based userspace implementation! When i run the image i get the following in my docker logs and no Wireguard connection from my client:

...
DEBUG: (wg0) 2019/12/31 11:48:42 peer(Redacted-Pubkey-1) - Sending handshake initiation
DEBUG: (wg0) 2019/12/31 11:48:42 peer(Redacted-Pubkey-1) - Awaiting keypair
[#] ip link set mtu 1420 up dev wg0
ip: invalid argument '51820' to 'table'
ip: invalid argument '51820' to 'table'
[#] wg set wg0 fwmark 51820
DEBUG: (wg0) 2019/12/31 11:48:42 UAPI: Updating fwmark
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
ip: invalid argument '51820' to 'table'
[#] ip link delete dev wg0
INFO: (wg0) 2019/12/31 11:48:42 Interface set down
DEBUG: (wg0) 2019/12/31 11:48:42 Routine: receive incoming IPv6 - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 Routine: receive incoming IPv4 - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 peer(Redacted-Pubkey-1) - Stopping...
DEBUG: (wg0) 2019/12/31 11:48:42 peer(Redacted-Pubkey-1) - Routine: sequential receiver - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 peer(Redacted-Pubkey-1) - Routine: nonce worker - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 peer(Redacted-Pubkey-1) - Routine: sequential sender - stopped
ERROR: (wg0) 2019/12/31 11:48:42 Failed to read packet from TUN device: read : file descriptor in bad state
INFO: (wg0) 2019/12/31 11:48:42 Device closing
DEBUG: (wg0) 2019/12/31 11:48:42 Routine: encryption worker - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 Routine: handshake worker - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 Routine: decryption worker - stopped
DEBUG: (wg0) 2019/12/31 11:48:42 Routine: event worker - stopped
INFO: (wg0) 2019/12/31 11:48:42 Shutting down

My docker-compose.yml file:

version: '3.3'
services:
  wireguard:
    image: masipcat/wireguard-go:latest
    cap_add:
     - NET_ADMIN
    sysctls:
     - net.ipv4.ip_forward=1
    volumes:
     - /dev/net/tun:/dev/net/tun
     # Folder with 'publickey', 'privatekey' and 'wg0.conf'
     - ./wireguard:/etc/wireguard
    environment:
     - WG_COLOR_MODE=always
     - LOG_LEVEL=debug
    ports:
     - 51820:51820/udp
    restart: always

My wg0.conf file on the server:

[Interface]
# Assign you an IP (that's not in use) and add it to server configmap
Address = 10.100.100.2/32
# generate private key using `wg genkey`
PrivateKey = <Redacted-Private-Key-0>

[Peer]
# Wireguard server public key
PublicKey = <Redacted-Publiv-Key-0>
# LoadBalancer IP (replace with your LoadBalancer ip)
Endpoint = <my servers public IP>:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

EDIT: I'm running the container in RancherOS 1.5.3

masipcat commented 4 years ago

I haven't tried this in my local machine, but it looks that you used the client configuration (https://github.com/masipcat/wireguard-go-docker#client-config-examples) for your server.

The wg0.conf in your server should be:

[Interface]
Address = 10.100.100.1/24
ListenPort = 51820
PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s 10.100.100.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

# [Peer]
# PublicKey =
# AllowedIPs = 10.100.100.2/32

Hope it helps :)

exponentactivity commented 4 years ago

Thanks i got it working!