Open electronmoss-gitter opened 4 years ago
Hi there.
Your post does not contain enough information for me to give good advice. I need to exactly which commands you've run and the output of them.
The way you set up Wireguard on your NAS is similar to how you would do it on any Linux computer. So you can follow any guide you want on how to do that. I recommend using wg0.conf
and the wg-quick
command. I don't think you want to tinker with the ip
command directly unless you know what you're doing.
I can't link you any good tutorial since it depends on how you want your VPN to work.
Thanks for your response runfalk!
The exact steps I took were:
Since my first comment, I ran the command: sudo wg-quick down wg0 The I ran the up command again with the following response: user@server:/$ sudo wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 192.168.5.10/32 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a wg0 -m 0 -x /usr/local/bin/wg-quick: line 31: resolvconf: command not found [#] ip link delete dev wg0
Is there any additional information I can provide?
Thanks for your help!!
Just re read the github page and read that DNS is not supported.
I removed the DNS setting in the config file and now getting the following error when ran sudo wg-quick up wg0:
[#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 192.168.5.10/32 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] wg set wg0 fwmark 51820 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] iptables-restore -n iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'
Error occurred at line: 1 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0
Any idea?
Hi runfalk, Just wondering if you had any idea about this one? Thanks in advance!
Hi @electronmoss-gitter, I don't know how to solve your problem. I do track all issues, but I won't reply unless I can contribute with something. I'm very much a WireGuard novice, who happened to know how to cross-compile it for Synology devices :smile:. I'm a bit lost when it comes to anything but the most basic configuration.
The reason why the Dns
configuration option is not supported is that the resolvconf
program is not available (at least on my device a year ago when I tested it). There may have been changes in WireGuard that allows this to work.
Hi Runfalk, No problem, thanks for your response and help. Im guessing its a kernel issue, which I have no clue on how to fix. Cheers.
I am getting the same error on a DS1019+. I think I've loaded all the kernel modules I need per galaxysd. Oddly, I also cannot just iptables-restore something I just iptables-save'd ... So it definitely seems like an iptables issue.
I am going to guess that @electronmoss-gitter may have been setting up wireguard for a default route, and this was causing wg-quick to use iptables. At least that is what was happening to me. I ended up taking two approaches to solve the issue:
Example Script:
#!/bin/bash
ip link add wg0 type wireguard
ip netns add tunnel
ip link set wg0 netns tunnel
ip netns exec tunnel wg set wg0 \
private-key /etc/wireguard/privatekey \
peer <public_key> \
endpoint x.x.x.x:51820 \
allowed-ips 10.250.0.0/24,0.0.0.0/0
ip netns exec tunnel ip addr add 10.250.0.6/24 dev wg0
ip netns exec tunnel ip link set mtu 1420 up dev wg0
ip netns exec tunnel ip route add default dev wg0
tunnel_exec() { sudo -E ip netns exec tunnel sudo -E -u \#$(id -u) -g \#$(id -g) "$@"; }
Example resolv.conf:
root@clio:~# cat /etc/netns/tunnel/resolv.conf
nameserver 1.0.0.1
nameserver 1.1.1.1
Now if you want to ping through the tunnel (for example) you can do:
tunnel_exec ping www.google.com
Credit where credit is due. I got this idea from the Wireguard website. https://www.wireguard.com/netns/#the-new-namespace-solution
The solution posted on the site does it the other way. Everything is set up to tunnel and the namespace is set up for the exception.
@tablador BINGO!
I am going to guess that @electronmoss-gitter may have been setting up wireguard for a default route, and this was causing wg-quick to use iptables. At least that is what was happening to me. I ended up taking two approaches to solve the issue:
I'm having the same issue as electronmoss-glitter
When I try your namespace solution here, I get a 'Temporary failure in name resolution:' error when it looks up the endpoint name.
I've set up a resolv.conf as in your example, but that doesn't change the above error.
I'd actually prefer to have everything set up to tunnel (as document in https://www.wireguard.com/netns/#the-new-namespace-solution), but I don't know how to get this to work on a NAS
Interestingly, if I load the previous release (Mar 2019), I don't get theiptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'
error
But without a DNS entry in the conf file (due to the lack of resolvconf), nothing loads...
The new release is based on the rewrite of WireGuard that Jason did in order to get it merged into Linux 5.6. There was some dispute about whether to use the kernel's built in crypto or if WireGuard could roll their own. It wouldn't surprise me that the two releases are very different. However, I made very few changes to how the build process works between those releases.
Unfortunately I don't know how to solve your issue.
You could get some inspiration from OpenVPN's solution: Change:
AllowedIPs = 0.0.0.0/0
To:
AllowedIPs = 0.0.0.0/1,128.0.0.0/1
Hi runfalk,
Thanks for the wg synology package!
I have a synology DS218+ and with DSM 6.2.2 installed.
I have uploaded the apollolake package manually, have ran sudo ip link add wg0 type wireguard and sudo wg which outputs; interface: wg0.
When i look for the wg0 interface nothing is showing.. Am i missing a critical step? Do I need to create the /etc/wireguard/wg0.conf file (which i have done with now luck)?
Sorry if this is a noob question.