Wireguard tunnel not coming up

[jaegerschnitzel]

I am unable to get Wireguard running. The logs don't show any errors.

To Reproduce Steps to reproduce the behavior:

• Follow the guide at https://github.com/boostchicken/udm-utilities/tree/master/wireguard-go
• run "podman exec -it wireguard wg-quick up wg0"
• "podman exec -it wireguard wg" does not have any output

Expected behavior See the Wireguard Interface

UDM Information

• UDM-PRO
• Firmware Version: 1.9.2
• Controller Version: 6.1.70

Additional context

• The log output of "podman exec -it wireguard wg-quick up wg0" shows:

[#] ip link add wg0 type wireguard RTNETLINK answers: Not supported [!] Missing WireGuard kernel module. Falling back to slow userspace implementation. [#] wireguard-go wg0 WARNING WARNING WARNING WARNING WARNING WARNING WARNING W G W You are running this software on a Linux kernel, G W which is probably unnecessary and misguided. This G W is because the Linux kernel has built-in first G W class support for WireGuard, and this support is G W much more refined than this slower userspace G W implementation. For more information on G W installing the kernel module, please visit: G W https://www.wireguard.com/install G W G WARNING WARNING WARNING WARNING WARNING WARNING WARNING INFO: (wg0) 2021/04/04 22:03:17 Starting wireguard-go version 0.0.20200320 [#] wg setconf wg0 /dev/fd/63 INFO: (wg0) 2021/04/04 22:03:17 Starting wireguard-go version 0.0.20200320 INFO: (wg0) 2021/04/04 22:03:17 Interface set up INFO: (wg0) 2021/04/04 22:03:17 Device started INFO: (wg0) 2021/04/04 22:03:17 UAPI listener started [#] ip -4 address add 100.64.0.1/24 dev wg0 [#] ip link set mtu 1420 up dev wg0

Here is my wg0.conf:

[Interface] Address = 100.64.0.1/24 PrivateKey = xxxxx ListenPort = 51820

[Peer] PublicKey = xxxxx Endpoint = SERVERIP:51820 AllowedIPs = 100.64.0.2/32

[boostchicken]

[Interface]
Address = 10.20.0.3/24
PrivateKey = xxxx
ListenPort = 51820

[Peer]
PublicKey = xxxxx
Endpoint = <iphere>:54321
AllowedIPs = 10.20.0.0/24, 10.1.0.0/16

That is my config, i would widen your allowed ips, also make sure it includes the whole range of your connections subnet. Notice how I allow the whole /16 to be routed. Also, I route the whole subnet for my address

Also your endpoint has no ip in front the port?

[boostchicken]

Also please update your on_boot.d script to the latest version in master. You'll notice the docker lable changed

[boostchicken]

One last thing, make sure you can connect to your endpoint and that all the firewall rules are open on the target. Use nc or telnet, your tool of choice to open a connection and send garbage over it.

[jaegerschnitzel]

Sorry my endpoint has an IP in front of the port, this was a display problem with Markdown ;) Widen allowed IPs and update on_boot.d script didn't help. Yes I verified that my firewall rules are in place and my request via nc arrives.

I looks as if Wireguard does not create the wg0 interface after executing "podman exec -it wireguard wg-quick up wg0".

[boostchicken]

send me your latest config

[boostchicken]

also does syslog have any stuff in the container or host?

[JeremyAshton]

Not sure if this is the same problem, but I found I was having a similar issue. I found that although podman exec -it wireguard wg-quick up wg0 would show the correct "expected" output what was actually required was the following:

podman exec -it wireguard bash

then

wg-quick up wg0

Alternatively, I found that you could simply run podman exec wireguard wg-quick up wg0. For me, there seemed to be two issues that came up. 1) My configuration file was not named wg0.conf. 2) I had a pair of configuration files for multiple interfaces. I need to dig into this further, but I found I simply appended podman exec wireguard wg-quick up <interface name> for each interface in the /mnt/data/on_boot.d/20-wireguard.sh file.