search

runfalk / synology-wireguard

WireGuard support for some Synology NAS drives
MIT License
920 stars 131 forks source link

Unable to start Wireguard tunnel #39

Open mellow129 opened 4 years ago

mellow129 commented 4 years ago

Description Thank you for your work on this package! Setting up WG on Synology NAS as a client. See client conf below. Package installs fine. Service is up and running. Unable to start Wireguard tunnel using the commands in the documentation. Error message is "iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'"

DS1618+ DSM 6.2 synology-wireguard release 1.0.20200401

Steps to reproduce

$ ssh user@nas
$ sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.6.0.6/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'

Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0

Expected behavior Expected successful activation of wg0 tunnel. The iptables-save error prevents that.

Synology NAS model DS1618+

wg0.conf

[Interface]
PrivateKey = [REDACTED]
Address = 10.6.0.6/24

[Peer]
PublicKey = [REDACTED]
PresharedKey = [REDACTED]
Endpoint = [REDACTED]:51820
AllowedIPs = 0.0.0.0/0

log messages at the time of sudo wg-quick up wg0

2020-05-27T17:46:26-05:00 GenericNASName synonetd: base_hook.cpp:74 Hook environment is not valid
2020-05-27T17:46:27-05:00 GenericNASName ipv4_change hook event: wg0 none->10.6.0.6 
2020-05-27T17:46:27-05:00 GenericNASName if_link_up hook event: wg0 
2020-05-27T17:46:27-05:00 GenericNASName if_link_down hook event: wg0 
2020-05-27T17:46:27-05:00 GenericNASName ipv4_change hook event: wg0 10.6.0.6->none 
2020-05-27T17:46:28-05:00 GenericNASName [11535.969217] init: scsi_plugin_server main process (17639) killed by TERM signal
2020-05-27T17:46:28-05:00 GenericNASName [11535.992032] init: iscsi_pluginserverd main process (20308) killed by TERM signal
2020-05-27T17:46:28-05:00 GenericNASName [11536.005412] init: iscsi_pluginengined main process (20298) killed by TERM signal
2020-05-27T17:46:28-05:00 GenericNASName [11536.047433] init: scsi_plugin_server main process (20313) killed by TERM signal
2020-05-27T17:46:28-05:00 GenericNASName [11536.515917] init: nmbd main process (20432) killed by TERM signal
2020-05-27T17:46:30-05:00 GenericNASName [11538.725168] init: iscsi_pluginserverd main process (20330) killed by TERM signal
2020-05-27T17:46:30-05:00 GenericNASName [11538.733989] init: iscsi_pluginengined main process (20327) killed by TERM signal
2020-05-27T17:46:30-05:00 GenericNASName [11538.757394] init: scsi_plugin_server main process (20334) killed by TERM signal
2020-05-27T17:46:31-05:00 GenericNASName [11538.983189] init: iscsi_pluginserverd main process (20962) killed by TERM signal
2020-05-27T17:46:31-05:00 GenericNASName [11538.991977] init: iscsi_pluginengined main process (20961) killed by TERM signal
2020-05-27T17:46:31-05:00 GenericNASName [11539.015945] init: scsi_plugin_server main process (20964) killed by TERM signal

As a side note: I'm concerned that the wireguard stop may be killing the scsi processes when it winds down after the error.

shaynem commented 4 years ago

Just tried setting this up myself and come across this exactly iptables issue upon sudo wg-quick up wg0

rkulow commented 4 years ago

Cloud also confirm this issue on DS218+ running DSM 6.2.3-25426 with synology-wireguard release 1.0.20200401.

FADEC44 commented 3 years ago

Cloud also confirm this issue on DS218+ running DSM 6.2.3-25426 with synology-wireguard release 1.0.20200401.

Same here with this configuration

nymous commented 3 years ago

If it helps I had the same issue (iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw') when upgrading to the latest version 1.0.20200401. I tried the 0.0.20191226 version as well with the same error. I had to downgrade all the way to 0.0.20190227-2 for wg-quick to work.

Synology DS418play DSM 6.2.3-25426 Update 2

ivlis commented 3 years ago

@mellow129 @nymous see #36

isaacsu commented 2 years ago

Using AllowIPs = 0.0.0.0/1, 128.0.0.0/1 instead of AllowIPs = 0.0.0.0/0 might help.

https://github.com/runfalk/synology-wireguard/issues/36#issuecomment-945085735