search

runfalk / synology-wireguard

WireGuard support for some Synology NAS drives
MIT License
919 stars 131 forks source link

wg0 won't come up after a 'RTNETLINK answers: File exists' #79

Open jelbo opened 3 years ago

jelbo commented 3 years ago

Description I'm trying to get WireGuard running on VirtualSDM 7.0-41222. I'm almost there, thanks to @Matige's work, but the wg0 interface refuses to come up.

My goal is to be able to access LAN addresses remotely. In my case that's 172.27.1.0/24.

Steps to reproduce I'm running a self built .spk in my VirtualDSM running 7.0-41222, following these instructions. The package is running, kernel modules are loaded;

root@VirtualDSM:~# lsmod | grep wireguard
wireguard             199109  0
ipv6                  318087  58 sit,wireguard
ip6_udp_tunnel          1967  2 vxlan,wireguard
udp_tunnel              2419  2 vxlan,wireguard

I created (by hand) a /etc/wireguard/wg0.conf and a client configuration (see bottom). I did the autostart step using sudo wg-autostart enable wg0 and I also made a scheduled task that runs after booting and does this as root:

sleep 60
wg-quick up wg0
sleep 5
wg-quick down wg0
sleep 5
wg-quick up wg0

After a reboot and waiting a bit, sudo wg show doesn't show anything. ip link doesn't show me a wg0 interface; only these:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 02:11:32:23:f7:b0 brd ff:ff:ff:ff:ff:ff
3: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1
    link/sit 0.0.0.0 brd 0.0.0.0

When I do a sudo wg-quick up wg0 I get this:

Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.0.1.1/16 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sleep 5; ip route add 10.0.0.0/16 dev wg0
**RTNETLINK answers: File exists
[#] ip link delete dev wg0**

It seems to mean the route is already in the routing table. I checked that, but I don't see it:

root@VirtualDSM:~# netstat -rt
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         172.27.1.1      0.0.0.0         UG        0 0          0 eth0
172.27.1.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0

So yeah, I'm pretty lost at this point.

Expected behavior It should just work™

Synology NAS model DS920+ running VirtualDSM

wg0.conf

[Interface]
Address = 10.0.1.1/16
ListenPort = <PORT>
PrivateKey = <PRIVATEKEY_SERVER>

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sleep 5; ip route add 10.0.0.0/16 dev %i
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = <PUBLICKEY_PEER>
AllowedIPs = 10.0.1.2/32

Peer:

[Interface]
PrivateKey = <PRIVATEKEY_PEER>
Address = 10.0.1.2/32
# DNS = unsupported with this custom .spk

[Peer]
PublicKey = <PUBLICKEY_SERVER>
Endpoint = <DDNS_ADDRESS>:<PORT>
AllowedIPs = 172.27.1.0/24

172.27.1.0/24 is my LAN subnet, in which both DSM and VirtualDSM live.

Matige commented 3 years ago

Please start the diagnostics by commenting out the PostUp and PostDown lines in wg0.conf and trying to run the interface manually by sudo wg-quick up wg0.

jelbo commented 3 years ago

That works. ip link now adds

8: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/none

Routing table:

root@VirtualDSM:~# netstat -rt
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         172.27.1.1      0.0.0.0         UG        0 0          0 eth0
10.0.0.0        0.0.0.0         255.255.0.0     U         0 0          0 wg0
172.27.1.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0
Matige commented 3 years ago

For what purpose in PostUp are you manually adding routing?

jelbo commented 3 years ago

For what purpose in PostUp are you manually adding routing?

I did that because I think it was needed on my DS713+ bare metal installation. I got it from this post.

I'm no networking expert by far, but you think it should work without? Can't get a connection from clients yet, but I haven't double checked all the steps again.

Matige commented 3 years ago

Remove the ; sleep 5; ip route add 10.0.0.0/16 dev %i fragment from PostUp and verify that the connection works.

jelbo commented 3 years ago

That's what I did and it didn't work yet. No client communication to be seen from the server. I'll double check everything later when I have time and get back.

jelbo commented 3 years ago

Good news, it works! Fantastic. It needed a little time I guess. Hope this helps others :) Thanks for your help again.

ben-ba commented 2 years ago

ip route add 10.0.0.0/16 dev wg0

fails with "RTNETLINK answers: File exists" because your interface config for wg0, already try to add this route.