Closed luckylinux closed 2 months ago
There is definitively some cryptic
apparmor
Entry indmesg
withDENIED
status.
This looks like a potential duplicate of #6389.
Does the problem still happen after running sudo firecfg --clean
and
rebooting?
This is probably not only
firejail
related, since thewg
Program appears to be resolving to/usr/bin/wg
, NOT/usr/local/bin/wg
. I don't even know if there is a Wireguard Profile ...
There isn't.
root@HOST:/# which wg /usr/bin/wg
What is the output of the following commands:
which -a wg
ls -l /usr/bin/wg
What is the output of the following commands:
which -a wg ls -l /usr/bin/wg
root@HOST:/# which -a wg
/usr/bin/wg
/bin/wg
root@HOST:/# ls -l /usr/bin/wg
-rwxr-xr-x 1 root root 101672 Apr 8 18:22 /usr/bin/wg
root@HOST:/# which -a wg /usr/bin/wg /bin/wg root@HOST:/# ls -l /usr/bin/wg -rwxr-xr-x 1 root root 101672 Apr 8 18:22 /usr/bin/wg
So wireguard does not have a profile and is not using any symlinks either.
Does the problem still happen after running
sudo firecfg --clean
and rebooting?
This question still remains.
If you can demonstrate that the issue is indeed caused by firejail, feel free to add a comment.
Closing as a likely duplicate of #6389.
@kmk3: Sorry for the Trouble :disappointed:.
Actually this specific Issue one was neither caused by firejail
neither by System Hardening.
I needed to add this to the end of /etc/wireguard/wg0.conf
on both Server and Client at the End of the [Peer]
Section:
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25
Then it works like a Charm :+1:.
Description
Describe the bug Wireguard cannot connect to external Server. Apparently (looking at my OPNSense Router/Firewall=, there is (ALMOST) no attempt at even trying to connect to the Remote Server. I think there was like 1 connection attempt within a Day or so (and not sure if I was playing with some sysctls or what at that point).
I had setup some Wireguard stuff in my Homelab between 2 Debian Machines (without firejail & with apparmor disabled) and no problems there. Connection occurs immediately.
I don't blame it all on
firejail
, it might be a combination withapparmor
(missing) Rules.There is definitively some cryptic
apparmor
Entry indmesg
withDENIED
status.Steps to Reproduce
Steps to reproduce the behavior
This is probably not only
firejail
related, since thewg
Program appears to be resolving to/usr/bin/wg
, NOT/usr/local/bin/wg
. I don't even know if there is a Wireguard Profile ...Expected behavior
What you expected to happen Wireguard connecting successfully to Remote Server.
Actual behavior
What actually happened Wireguard failing / not even trying to connect to Remote Server.
Behavior without a profile
_What changed calling
LC_ALL=C firejail --noprofile /path/to/program
in a terminal?_ Probably not relevant (see above).Additional context
Any other detail that may help to understand/debug the problem Output of
sysctl -a
attached.Environment
firejail --version
):firejail version 0.9.72
git rev-parse HEAD
): N/AChecklist
/usr/bin/vlc
) "fixes" it).https://github.com/netblue30/firejail/issues/1139
)browser-allow-drm yes
/browser-disable-u2f no
infirejail.config
to allow DRM/U2F in browsers.--profile=PROFILENAME
to set the right profile. (Only relevant for AppImages)Log
Output of
LC_ALL=C firejail /path/to/program
``` output goes here ```
Output of
LC_ALL=C firejail --debug /path/to/program
``` output goes here ```