search

thrnz / docker-wireguard-pia

A Docker container for using Wireguard with PIA.
283 stars 54 forks source link

Port forwarding not working #111

Closed AtrejaAlwinnen closed 4 months ago

AtrejaAlwinnen commented 4 months ago

I use docker under unraid. If I enter PORT_FORWARDING as a parameter, no port forwarding is displayed in the configuration.

iptables v1.8.10 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.10 (legacy): can't initialize iptables tablefilter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted Warning: `/etc/wireguard/wg0.conf' is world accessible [#] ip link add wg0 type wireguard RTNETLINK answers: Operation not permitted Unable to access interface: Operation not permitted [#] ip link delete dev wg0 Cannot find device "wg0" Tue Jul 9 08:58:28 UTC 2024: Falling back to iptables-legacy Tue Jul 9 08:58:28 UTC 2024: Generating auth token Fetching next-gen PIA server list Verified OK Verified server list Registering public key with PIA endpoint; id: swiss, cn: zurich407, ip: 212.102.37.55 Generating /etc/wireguard/wg0.conf Using PIA DNS servers: 10.0.0.243,10.0.0.242 Port forwarding is available at this location Successfully generated /etc/wireguard/wg0.conf Tue Jul 9 08:58:32 UTC 2024: Bringing up WireGuard interface wg0 Tue Jul 9 08:58:32 UTC 2024: Fatal error

Maybe I missed something here?

AtrejaAlwinnen commented 4 months ago

The problem has been solved. I had to start the container as privileged.

thrnz commented 4 months ago

Make sure the container has the NET_ADMIN capability. Older kernels might also need SYS_MODULE as well. Full privileged mode shouldn't be needed.

services:
    vpn:
        image: thrnz/docker-wireguard-pia
        volumes:
            - pia-dat:/pia
        cap_add:
            - NET_ADMIN
        environment:
            - LOC=swiss
            - USER=xxxx
            - PASS=xxxx
volumes:
    pia-dat:

I should probably add a note about it to the readme. It's already in the examples, but wouldn't hurt to mention it there too.