Add support for DSM 7.0

[Matige]

This pull request adds support for DSM 7.0. Additionally, a wg-init script has been developed, which allows you to easily add the WireGuard interface to autostart.

This package has been tested on DS220+ (geminilake) with DSM 7.0, and Virtual DSM (kvmx64) with DSM 6.2 and 7.0.

[quexten]

Hi there, I tried building the package for my 918+ (which is running DSM 7.0 Beta), using sudo docker run --rm --privileged --env PACKAGE_ARCH=apollolake --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild. However when I try installing it, I get the error message "Invalid file format, please contact the package developer". Here is the build log: https://gist.github.com/quexten/f47f8086ebc83ce88cff19d363b9e37a

[Matige]

@quexten After examining the logs, I find that the package was built using the master branch from pkgscripts-ng. Most likely you cloned the synology-wireguard repository incorrectly and continue to use the version for DSM 6. Follow these steps to build the package correctly:

$ git clone https://github.com/runfalk/synology-wireguard
$ cd synology-wireguard
$ git fetch origin pull/71/head:DSM7.0
$ git checkout DSM7.0
$ sudo docker build -t synobuild .
$ sudo docker run --rm --privileged --env PACKAGE_ARCH=apollolake --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild

Parse argument result for DSM 7.0:

platforms     : apollolake
env_section   : default
env_version   : 7.0
dep_level     : 1
parallel_proj : 1
branch        : master
suffix        : 
collect       : True
collecter     : True
link          : True
update_link   : False
build         : True
install       : True
only_install  : False
parallel      : 12
build_opt     : -J
install_opt   : 
print_log     : True
tee           : True
sdk_ver       : 6.2
package       : WireGuard

Your parse argument result:

env_section  : default
env_version  : 7.0
dep_level    : 1
branch       : master
suffix       : 
collect      : True
update       : True
link         : True
build        : True
install      : True
only_install : False
sign         : False
build_opt    : -J
install_opt  : 
print_log    : True
sdk_ver      : 6.0
package      : WireGuard

[quexten]

@Matige Okay so the problem seems to have been that while I did start the build in the DSM7.0 branch, I didn't build the "synobuild" docker image in the DSM7.0 branch, instead I built it in the master. After re-building the synobuild docker image on the DSM7.0 branch and then running the build, the package now installs and runs correctly.

[jaromirrivera]

I am getting the same error as @quexten "Invalid file format, please contact the package developer". I have switched to the DSM7.0 branch and built the synobuild container... I am compiling for a DS1019+ (apollolake)

sudo docker run --rm --privileged --env PACKAGE_ARCH=apollolake --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk -v $(pwd)/sourceforge:/toolkit_tarballs synobuild

here is my parse argument result:

============================================================
                   Parse argument result
------------------------------------------------------------
platforms     : apollolake
env_section   : default
env_version   : 7.0
dep_level     : 1
parallel_proj : 1
branch        : master
suffix        :
collect       : True
collecter     : True
link          : True
update_link   : False
build         : True
install       : True
only_install  : False
parallel      : 6
build_opt     : -J
install_opt   :
print_log     : True
tee           : True
sdk_ver       : 6.2
package       : WireGuard

[runfalk]

It seems that you're using the 6.2 SDK. This should only happen if you haven't rebuilt the Docker image. Try deleting it or build using a different name than synobuild to be sure.

[jaromirrivera]

I tried rebuilding synobuild image with different name and it still doesn't work. Get the same error message: "Invalid file format, please contact the package developer"

My parse arguement result is the same as @Matige's above... it also has sdk_ver set to 6.2.

[quexten]

@jaromirrivera Yeah sdk_ver was also 6.2 on the build that works on my DSM 7 Beta 918+. Try cleaning your docker images, and the build directory you have mounted ($(pwd)/artifacts:/result_spk).

[Matige]

@jaromirrivera Will you share the resulting SPK file with us? Maybe I can figure out what is causing the problems.

[jaromirrivera]

Sure @Matige, attached is the SPK I built compressed in a zip file. WireGuard-apollolake-1.0.20210219.spk.zip

Also of note my DSM 7 version is DSM 7.0-41222

[Matige]

@jaromirrivera The package appears to be built correctly. The directory structure and metadata files are correct. Unfortunately, but I can't tell you why you can't install this package. I also don't have the Apollokale platform, so I can't check anything else.

[jaromirrivera]

Ha, I found out what the issue was... I previously had the Wireguard spk installed for DSM 6.2, then upgraded to DSM 7.0 beta. The wireguard package was still "installed" but would not run.

I needed to uninstall the DSM 6.2 version of the WireGuard package before installing the DSM 7.0 one I compiled.

@runfalk That might be something to note for upgraders... Backup wireguard configs, uninstall any previous versions of wireguard and then install DSM 7 version.

[runfalk]

@runfalk That might be something to note for upgraders... Backup wireguard configs, uninstall any previous versions of wireguard and then install DSM 7 version.

Yeah, definitely something that we should list along the release.

[Matige]

@nc88keyz The problem is most likely due to an mistake in the comment with the package build instructions. You should run docker build before docker run (the comment has already been corrected).

[nc88keyz]

https://www.dropbox.com/s/z5ae2sjej32rxfl/WireGuard-bromolow-1.0.20210219.zip DS3615XS Bromolow DSM 7.0 I have an actual DS3615XS and this compiled without error. If ran from terminal, it stays alive. Since I have not gotten wireguard configured yet, I will refrain from commenting on success. I feel it will work if you know what you are doing. I've only used ovpn in the past and its beginning to show its age with TG

Edit: 03/21/2021 Works with binhex/arch-qbittorrentvpn:4.3.3-1-02 ( Last version to support the Kernel for the DS3615XS) I was having issues because of the kernel support ending in these containers from the devs.

DS3615XS DSM Beta 7.0-41222 Kernel: 3.10.108 Wireguard Support with attached .spk confirmed successful

[jobhax25]

Sure @Matige, attached is the SPK I built compressed in a zip file. WireGuard-apollolake-1.0.20210219.spk.zip

Also of note my DSM 7 version is DSM 7.0-41222

I tried this package but it fails to runa dn wants to "repair". Unsure why. Also did have the 6.2 package and upgraded but removed it

[jelbo]

Sure @Matige, attached is the SPK I built compressed in a zip file. WireGuard-apollolake-1.0.20210219.spk.zip Also of note my DSM 7 version is DSM 7.0-41222

I tried this package but it fails to runa dn wants to "repair". Unsure why. Also did have the 6.2 package and upgraded but removed it

You need to follow the instructions you can access through this link. Basically, don't autostart initially and do it manually the first time using sudo /var/packages/WireGuard/scripts/start

[Matige]

@jobhax25 The solution can be found in #63. Follow this instruction, pay attention to step 4. After installing the package run sudo /var/packages/WireGuard/scripts/start

[jelbo]

Sorry to clutter this thread, but I can't find a way to contact @nc88keyz. I see you have binhex/arch-qbittorrentvpn working with this WireGuard implementation. Can you share how? You may e-mail me, it's the last e-mail in this Base64 encoded string.

I've had no luck with --privileged=true, --sysctl="net.ipv4.conf.all.src_valid_mark=1, --cap-add=NET_ADMIN, --cap-add=SYS_MODULE and even --volume /lib/modules:/lib/modules. It can't find the WireGuard interface.

[Baalzaman]

Just a FYI, PR #71 compiles and runs fine on DSM 7 on a DS216j (armada38x). Works very well with excellent performance. Thank you Runfalk and Matige.

[mcdallas]

I compiled the SPK for geminilake (DS220+) but I am getting an error when starting the tunnel:

$ sudo wg-quick up wg0
Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.5.15/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
iptables-restore v1.8.3 (legacy): iptables-restore: unable to initialize table 'raw'

Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0

I am trying to use the NAS as a client. My wg0.conf is

[Interface]
Address = 192.168.5.15/32
PrivateKey = ***
ListenPort = 51820

[Peer]
PublicKey = ***
AllowedIPs = 0.0.0.0/0
Endpoint = ***:51820

Any idea how to fix this?

[Matige]

@mcdallas It seems that the problem was already discussed in #31.

[mattjanssen]

Works on my DS418play. Building inside a Docker container was very slick. Thanks!

[nohnaimer]

Hi @mcdallas, Can you upload spk for geminilake? I have 920+ and 220+. What I build myself is installed but does not start.

[Matige]

@nohnaimer Did you run sudo /var/packages/WireGuard/scripts/start after installing the package? See the updated installation instructions.

[nohnaimer]

@Matige Thanks, I'll try in the evening

[mcdallas]

@nohnaimer here's the spk I used https://keybase.pub/mcdallas/WireGuard-geminilake-1.0.20210219.spk

[nohnaimer]

Everything works as it should. I did it according to the instructions. Here is my compiled package -https://cloud.mail.ru/public/13QD/cstYBiMby

[wmar]

Any chance to support DS216II+ with DSM7?

[runfalk]

It probably works already, if you compile an SPK for braswell.

[nohnaimer]

It probably works already, if you compile an SPK for braswell.

Compile for braswell - https://cloud.mail.ru/public/13QD/cstYBiMby

[wmar]

Hi,

Thanks the compiled package but it seems not able to run after manual installation!

William

On Thu, 1 Jul 2021 at 5:43 PM, Maksim Astapenko @.***> wrote:

It probably works already, if you compile an SPK for braswell.

Compile for braswell - https://cloud.mail.ru/public/13QD/cstYBiMby

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/runfalk/synology-wireguard/pull/71#issuecomment-872094739, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH7FV3UZSDEQWPNLEZA6JEDTVQ2FXANCNFSM4W3T5VWQ .

-- Sent from Gmail Mobile

[oschmidteu]

@wmar did you checked: https://github.com/runfalk/synology-wireguard/blob/396ae7e4d81fb3e14ead0bbe863f454b6611215a/README.rst#installation and https://github.com/runfalk/synology-wireguard/pull/71#issuecomment-871264132

I bet you didn't.

[WeeJeWel]

Hey all! What's the status of this PR?

[max19751]

I try to compile (on a DS720 DSM 7.0 machine) a DSM7.0 package for a DS216+II braswell architecture and get the following error:

sudo docker run --rm --privileged --env PACKAGE_ARCH=braswell --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk -v $(pwd)/toolkit_tarballs_download:/toolkit_tarballs synobuild

WireGuard version: 1.0.20210606 WireGuard tools version: 1.0.20210424 libmnl version: 1.0.4

Cloning into 'pkgscripts-ng'... [2021-08-11 16:04:37,130] INFO: tar -xhf /toolkit_tarballs/base_env-7.0.txz -C /build_env/ds.braswell-7.0 [2021-08-11 16:06:21,092] INFO: tar -xhf /toolkit_tarballs/ds.braswell-7.0.env.txz -C /build_env/ds.braswell-7.0 [2021-08-11 16:07:02,385] INFO: tar -xhf /toolkit_tarballs/ds.braswell-7.0.dev.txz -C /build_env/ds.braswell-7.0 [2021-08-11 16:07:40,027] INFO: All task finished.

               Parse argument result                    

---

platforms : braswell env_section : default env_version : 7.0 dep_level : 1 parallel_proj : 1 branch : master suffix : collect : True collecter : True link : True update_link : False build : True install : True only_install : False parallel : 4 build_opt : -J install_opt : print_log : True tee : True sdk_ver : 6.2 package : WireGuard

Processing [7.0-42176]: braswell

          Start to run "Traverse project"               

---

Projects: WireGuard

============================================================ Start to run "Link Project"

Link /pkgscripts-ng -> /build_env/ds.braswell-7.0/pkgscripts-ng Link //source/WireGuard -> /build_env/ds.braswell-7.0/source/WireGuard

============================================================ Start to run "Build Package"

[braswell] env PackageName=WireGuard /pkgscripts-ng/SynoBuild --braswell -c --min-sdk 6.2 -J WireGuard /pkgscripts-ng/include/check: line 93: /dev/null: Permission denied ERROR: This script must be run as root Traceback (most recent call last): File "/pkgscripts-ng/include/python/exec_env.py", line 76, in execute output = commandrunner.run(cmd, display=display, **kwargs) File "/pkgscripts-ng/include/python/commandrunner.py", line 39, in run raise RunShellFailed(p.returncode, cmd, output) commandrunner.RunShellFailed

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/pkgscripts-ng/include/python/parallel.py", line 15, in call result = self.__callable(*args, **kwargs) ...

what is this "ERROR: This script must be run as root" about?

[alie2n]

I just built a spk for a DS920+ on geminilake. WireGuard-geminilake-1.0.20210606.spk.zip

[HavermansStef]

Hi. Any updates on the status of this PR and when we might see it release?

[runfalk]

I've been putting it off since I haven't touched my Synology since this PR was created. It does seem a lot of people are having success with so I'm just going to merge it.

I apologize for the huge delay, and a big thanks to @Matige for implementing it.

[runfalk]

Things are merged, but I haven't built any packages yet.

[nohnaimer]

@runfalk Hi, Maybe add release with build WireGuard-* for DSM7?

[vihu]

I just built a spk for a DS920+ on geminilake. WireGuard-geminilake-1.0.20210606.spk.zip

Thank you for building this! Disappointing that there is no official support for wireguard on synology. I tried this on my DS920+ but it keeps failing asking to "Repair", did you do anything particularly special (user perms/kernel module etc) to get it going?

[M4rt1n12]

I just built a spk for a DS920+ on geminilake. WireGuard-geminilake-1.0.20210606.spk.zip

Thank you for building this! Disappointing that there is no official support for wireguard on synology. I tried this on my DS920+ but it keeps failing asking to "Repair", did you do anything particularly special (user perms/kernel module etc) to get it going?

Thanks, installation worked for me! (DS 720+)

You have to run "sudo /var/packages/WireGuard/scripts/start" to start the package

[cchhat01]

@Matige @runfalk I still can't get this work on my DS713+ (cedarview platform). What am I doing wrong ?

$ git clone https://github.com/runfalk/synology-wireguard
$ cd synology-wireguard
$ sudo docker build -t synobuild .

...

Running hooks in /etc/ca-certificates/update.d...
done.
Removing intermediate container 93c0ad8efe84
 ---> d59ec74cc93c
Step 5/6 : COPY . /source/WireGuard
 ---> ff54c16fc6e1
Step 6/6 : ENTRYPOINT exec /source/WireGuard/build.sh
 ---> Running in af9a2f55e818
Removing intermediate container af9a2f55e818
 ---> 13251f8c2429
Successfully built 13251f8c2429
Successfully tagged synobuild:latest

$ sudo docker run --rm --privileged --env PACKAGE_ARCH=cedarview --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild
docker: Error response from daemon: Bind mount failed: '/volume1/downloads/synology-wireguard/artifacts' does not exists.

[oschmidteu]

@cchhat01

docker: Error response from daemon: Bind mount failed: '/volume1/downloads/synology-wireguard/artifacts' does not exists.

[cchhat01]

@oschmidteu Yes I know, but why? So where is the process failing ? sudo docker build -t synobuild . OR sudo docker run ...

[oschmidteu]

sudo docker run ... -v $(pwd)/artifacts:/result_spk synobuild

You are trying to mount a folder which does not exist... Just create the folder and you should be fine.

[cchhat01]

Nevermind i figured it out... I was attempting to do this on my synology NAS... I am now performing this on my ubuntu VM and things seem to be moving along much further...

[cchhat01]

well that didn't get me anywhere either, the built .spk fails to run on my DS713+. As soon as the spk is installed and attempts to start, it dies and I am only left with the option to "Repair" which does nothing but Stops the service from running. If anyone has any luck in building for my cedarview device DS713+ (I am not sure why I am not able to build the image on my synology nas but on my amd64 based ubuntu VM), please let me know and I can give it a shot. Not sure what logs I can provide since I don't know where to look.

[oschmidteu]

Well you should read and follow the installation guide. You probably didn't got step 4 which starts with (Only for DSM 7).

Your problem was already discussed a few times, you could try to use the search function.

[nohnaimer]

@Matige @runfalk I still can't get this work on my DS713+ (cedarview platform). What am I doing wrong ?

$ git clone https://github.com/runfalk/synology-wireguard
$ cd synology-wireguard
$ sudo docker build -t synobuild .

...

Running hooks in /etc/ca-certificates/update.d...
done.
Removing intermediate container 93c0ad8efe84
 ---> d59ec74cc93c
Step 5/6 : COPY . /source/WireGuard
 ---> ff54c16fc6e1
Step 6/6 : ENTRYPOINT exec /source/WireGuard/build.sh
 ---> Running in af9a2f55e818
Removing intermediate container af9a2f55e818
 ---> 13251f8c2429
Successfully built 13251f8c2429
Successfully tagged synobuild:latest

$ sudo docker run --rm --privileged --env PACKAGE_ARCH=cedarview --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild
docker: Error response from daemon: Bind mount failed: '/volume1/downloads/synology-wireguard/artifacts' does not exists.

Compile for cedarview - https://cloud.mail.ru/public/13QD/cstYBiMby

[cchhat01]

@nohnaimer This build had the exact same effect as my build, I can install and attempt to run it but it fails to start according to synology logs. I even have my wg0 configured as per my VPN provider all setup in /etc/wireguard/wg0.conf so this should have worked. I think there may be something more and I can help debug if I knew what else I could do... Thanks.