search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.72k stars 331 forks source link

Bug: Wireguard preshared key gets picked up only through environment variable and not through wg0.conf #2339

Closed emsknock closed 2 days ago

emsknock commented 3 days ago

Is this urgent?

No

Host OS

Ubuntu 22.04.4 LTS

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version v3.38.0 built on 2024-03-25T15:53:33.983Z (commit b3ceece)

What's the problem šŸ¤”

When I bind /gluetun/wireguard/wg0.conf to a Wireguard configuration file through docker-compose, the Presharedkey value seems to get ignored. This does not happen when the Wireguard configuration is passed through environment variables.

I have tested the Wireguard configuration file in question outside of Gluetun and verified that it works, so it doesn't seem like the config file is the problem.

There's also a "Target IP address" value that appears when I pass in the settings through the environment but I don't know what that relates to ā€” I don't know Wireguard internals very well.

Share your logs (at least 10 lines)

When the volumes key in docker-compose.yaml has ./wg.conf:/gluetun/wireguard/wg0.conf:

VPN settings:
ā”œā”€ā”€ VPN provider settings:
|   ā”œā”€ā”€ Name: custom
|   ā””ā”€ā”€ Server selection settings:
|       ā”œā”€ā”€ VPN type: wireguard
|       ā””ā”€ā”€ Wireguard selection settings:
|           ā”œā”€ā”€ Endpoint IP address: xxx.xxx.xxx.xxx
|           ā”œā”€ā”€ Endpoint port: 443
|           ā””ā”€ā”€ Server public key: 5...k=
ā””ā”€ā”€ Wireguard settings:
    ā”œā”€ā”€ Private key: 8...o=
    ā”œā”€ā”€ Interface addresses:
    |   ā””ā”€ā”€ xxx.xxx.xxx.xxx/xx
    ā”œā”€ā”€ Allowed IPs:
    |   ā”œā”€ā”€ 0.0.0.0/0
    |   ā””ā”€ā”€ ::/0
    ā””ā”€ā”€ Network interface: tun0
        ā””ā”€ā”€ MTU: 1400

When the above file is not mounted but instead the configuration is given through docker-compose.yaml's environment key (WIREGUARD_PUBLIC_KEY etc):

VPN settings:
ā”œā”€ā”€ VPN provider settings:
|   ā”œā”€ā”€ Name: custom
|   ā””ā”€ā”€ Server selection settings:
|       ā”œā”€ā”€ VPN type: wireguard
|       ā”œā”€ā”€ Target IP address: xxx.xxx.xxx.xxx # ā† ~~~~~ ! This line is new !
|       ā””ā”€ā”€ Wireguard selection settings:
|           ā”œā”€ā”€ Endpoint IP address: xxx.xxx.xxx.xxx
|           ā”œā”€ā”€ Endpoint port: 443
|           ā””ā”€ā”€ Server public key: 5...k=
ā””ā”€ā”€ Wireguard settings:
    ā”œā”€ā”€ Private key: 8...o=
    ā”œā”€ā”€ Pre-shared key: h...I= # ā† ~~~~~~~~~~~~~~~~~~~~~ ! This line is new !
    ā”œā”€ā”€ Interface addresses:
    |   ā””ā”€ā”€ xxx.xxx.xxx.xxx/xx
    ā”œā”€ā”€ Allowed IPs:
    |   ā”œā”€ā”€ 0.0.0.0/0
    |   ā””ā”€ā”€ ::/0
    ā””ā”€ā”€ Network interface: tun0
        ā””ā”€ā”€ MTU: 1400

Share your configuration

# docker-compose.yaml:
services:
  gluetun:
    image: qmcgaw/gluetun:v3
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - /srv/gluetun:/gluetun
      #
      # 1: This does not work!
      #    Contents pasted after this block.
      #
      # - /srv/gluetun/wg.conf:/gluetun/wireguard/wg0.conf
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      #
      # 2: These settings do work!
      #    Exact values redacted.
      #
      # - VPN_ENDPOINT_IP=xxx.xxx.xxx.xxx
      # - VPN_ENDPOINT_PORT=443
      # - WIREGUARD_PUBLIC_KEY=5...k=
      # - WIREGUARD_PRIVATE_KEY=8...o=
      # - WIREGUARD_PRESHARED_KEY=h...I=
      # - WIREGUARD_ADDRESSES=xxx.xxx.xxx.xxx/xx
# /srv/gluetun/wg.conf:
[Interface]
PrivateKey = 8...o=
Address = xxx.xxx.xxx.xxx/xx

[Peer]
Presharedkey = h...I=
PublicKey = 5...k=
Endpoint = xxx.xxx.xxx.xxx:443
github-actions[bot] commented 3 days ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

qdm12 commented 2 days ago

Hi there, thanks for the detailed issue! Presharedkey should be PresharedKey that's why šŸ˜‰ Although this is a silly limitation, so I changed it to read fields with case insentivity in fe05521f2b4a655dbc34b8a0602341e76d2cda9c (latest image). Thanks!

github-actions[bot] commented 2 days ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.