Not working with DSM 7.1.1-42962 Update 1

[Lodifice]

Hi, I have a DS 220j and with the recent upgrade to 7.1.1-42962 Update 1, WireGuard stopped working. I rebuilt the package and installed it again, but without success.

The intended (and previously working) use case is a VPN client inside a home network (behind NAT) that connects to a server running WireGuard. When I tcpdump on the server, I can see packets coming from the client and responses going out, but according to the WireGuard logs, the handshake never completes. It's strange that the port number of the client's endpoint entry is reported as 0 (which is not a valid UDP port). When I tcpdump on the client, I can see ICMP messages that the packets to the invalid UDP port 0 are dropped (these are the server responses, apparently) and the RX counter of wg show stays at zero.

Moreover, once setup the wg0 interface cannot be brought down, as ip link del dev wg0 segfaults. Then the entire system slowly becomes unresponsive and a forced shutdown is the only option.

Has anyone experienced a similar issue? Or can someone give some pointers on where to dig further?

[sergey-brutsky]

Hello, I have DS 220j with upgrade DSM 7.1-42661 Update 4

Compiled manually with params docker run --rm --privileged --env PACKAGE_ARCH=rtd1296 --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild

Installed as mentioned in the guide, everything works fine for me.

[zeldovich]

@Lodifice I also ran into this problem with 7.1.1-42962, on a DS418. As far as I can tell, there's something buggy with the resulting wg kernel module. I'm not quite sure what's going on, but perhaps Synology applied some changes to the kernel for 7.1.1-42962, compared to the kernel from 7.1, which affected the networking functions used by wg.ko. The kernel version number is the same (which is why modules built using kernel headers from 7.1 seemingly load on 7.1.1 to begin with), but that doesn't say much. Synology hasn't posted a build toolchain for 7.1.1 specifically (I opened an issue about it, https://github.com/SynologyOpenSource/pkgscripts-ng/issues/42).

[Lodifice]

@sergey-brutsky Thanks for your answer, but you're running an older version of DSM than I. With your version, I didn't have problems either. Also check your DSM_VER, for some reason it's 7.1.

@zeldovich it's good to know I'm not the only one with that problem, thanks for opening the issue.

[sergey-brutsky]

@sergey-brutsky Thanks for your answer, but you're running an older version of DSM than I. With your version, I didn't have problems either. Also check your DSM_VER, for some reason it's 7.1.

You right, my DSM_VER is 7.1, but I've compiled wireguard against DSM_VER 7.0 because it didn't compile for 7.1

[stpkys]

Same problem with DS418j and DSM 7.1.1-42962. It worked well before upgrade.

[Single568]

Hi, guys same problem on DS420j version DSM 7.1.1-42962 Update 1. Before update work without problems. When i tried some wg command via SSH it ended with hard restart, system totaly not responding :-(. So i uninstal wireguard and compile with this modification and with this version in docker command: DSM_VER=7.1 But same story, again system not responding :-(. Any help, please?

[stpkys]

Seems like wireguard kernel module does not work for 7.1.1. No idea about the root cause, but segfaults and system crashes are too scary to continue investigation. Fortunately, NAS is restarting by itself and getting back to life after some time.

As a proof of concept I was able to connect via user-space client https://github.com/WireGuard/wireguard-go I'm going to migrate to this setup and hopefully it's not going to be significantly slower.

[ruimarinho]

Working well for me on 918+ with both 7.1.1 Update 1 and 7.1.1 Update 2.

[Nightreaver]

Working well for me on 918+ with both 7.1.1 Update 1 and 7.1.1 Update 2.

How did you compile your version then?

[spielmap]

Working well for me on 918+ with both 7.1.1 Update 1 and 7.1.1 Update 2.

How did you compile your version then?

We used a workflow for Github actions: https://github.com/vegardit/synology-wireguard/blob/master/.github/workflows/build.yml Images can be found here: https://github.com/vegardit/synology-wireguard/releases

[Nightreaver]

Working well for me on 918+ with both 7.1.1 Update 1 and 7.1.1 Update 2.

How did you compile your version then?

We used a workflow for Github actions: https://github.com/vegardit/synology-wireguard/blob/master/.github/workflows/build.yml Images can be found here: https://github.com/vegardit/synology-wireguard/releases/tag/latest-DSM7.1

Amazing! let me try that

Did you try on DSM 7.1.1-42962 Update 2 ?

[spielmap]

Working well for me on 918+ with both 7.1.1 Update 1 and 7.1.1 Update 2.

How did you compile your version then?

We used a workflow for Github actions: https://github.com/vegardit/synology-wireguard/blob/master/.github/workflows/build.yml Images can be found here: https://github.com/vegardit/synology-wireguard/releases

Amazing! let me try that

Did you try on DSM 7.1.1-42962 Update 2 ?

Yes, the module loads successfully. Haven't tried to bring up a tunnel yet. Did it work for you?

[Nightreaver]

It seems to work well, at least for accessing my local network with it. I need to tweak my iptables/routing, but tunneling works fine.

thank a lot for the effort

[spielmap]

New URL: https://github.com/vegardit/synology-wireguard/releases We now build releases for 6.2 and 7.1 for all supported platforms.

[Single568]

New URL: https://github.com/vegardit/synology-wireguard/releases We now build releases for 6.2 and 7.1 for all supported platforms.

Same story for me DS420j version DSM 7.1.1-42962 Update 1

[Geier97332]

It doesn't work for me too. The system doesn't respond anymore and I have to shut it down manually. DS118

[mycroft2k]

On DS220j with DSM 7.1.1-42962 Update 2 its not working, when WireGuard starts, NAS stops responding, automatic reboot.. DS220j only wokring with DSM 7.0.1-42218 Update 5 and WireGuard works.

DS220+ and DS920+ (DSM 7.1.1-42962 Update 2) it works perfectly

I think all NAS higher than DSM 7.0.1-42218 Update 5 with Realtek RTD1296 SoC have the problem

[OxygenLiu]

Same issue on DS720+ with DSM 7.1.1-42962 Update 2, wg-quick up wg0 fails.

[small-whiter]

Same issue on DS720+ with DSM 7.1.1-42962 Update 2, wg-quick up wg0 fails.

Have you solved your problem yet? My version is DS920+ with DSM 7.1.1-42962 Update 2. When I run the "wg-quick up wg0", the system also crashes. here are the error reports root@NAS0:~# sudo wg-quick up wg0 【#】 ip link add wg0 type wireguard 【#】 wg setconf wg0 /dev/fd/63 /usr/local/bin/wg-quick: line 30: 26382 Segmentation fault "$@"

[AlexeyGG]

Just wondering if anyone managed to solve this issue? I've got the same Segmentation fault error with wireguard after upgrading to latest "DSM 7.1.1-42962 Update 6'. I stuck with the issue as I can't rollback this update.

Synology DS218

[stpkys]

@AlexeyGG, I couldn't find a solution to this issue, but I managed to find a workaround by using the userspace version of WireGuard

Here are the steps to follow:

1. Compile the ARM version of WireGuard-Go from the repository https://github.com/WireGuard/wireguard-go.
2. Copy the wireguard-go binary to /var/packages/WireGuard/target/wireguard (same folder with wg-quick file)
3. Remove or rename the wireguard.ko file in the same folder.
4. Verify that the tun module is loaded by running lsmod | grep tun. If it's not loaded, you can load it using insmod tun.
5. Now you can try to use WireGuard as usual.

This workaround is a bit clumsy, but I can try to publish a fork in the next couple of days to simplify the process.

[o850cHQk]

That would be great if you could. Going to give this a go since I've had to put something in front of one of my offsite backups in the interim hoping for some kind of fix.