Problem with wireguard connection

coderpop · 26 June 2023 12:38

Issue: Can no longer connect android phone to wg server. Seeing Tx packets on phone going up but no Rx.

System is raspberry pi 4 with 32bit bullseye and the end point is pinging, so I think that is OK.

Docker-compose file is…

version: '3.3'
services:
  wireguard:
    container_name: wireguard
    image: lscr.io/linuxserver/wireguard:latest
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/London
      - SERVERURL=SECRET
      - SERVERPORT=51820
      - PEERS=SGA20,Phantom
      - PEERDNS=auto
      - INTERNAL_SUBNET=10.0.0.0
    ports:
      - 51820:51820/udp
    volumes:
      - type: bind
        source: ./config/
        target: /config/
      - type: bind
        source: /lib/modules
        target: /lib/modules
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

Logs look OK to me…


Log viewer settings
Auto-refresh logs
Wrap lines
Display timestamps
Fetch
Search
Lines
Actions

      

[migrations] started

[migrations] no migrations found

───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗ 

      ██║     ██╔════╝██║██╔═══██╗

      ██║     ███████╗██║██║   ██║

      ██║     ╚════██║██║██║   ██║

      ███████╗███████║██║╚██████╔╝

      ╚══════╝╚══════╝╚═╝ ╚═════╝ 

   Brought to you by linuxserver.io

───────────────────────────────────────

To support the app dev(s) visit:

WireGuard: https://www.wireguard.com/donations/

To support LSIO projects visit:

https://www.linuxserver.io/donate/

───────────────────────────────────────

GID/UID

───────────────────────────────────────

User UID:    1000

User GID:    1000

───────────────────────────────────────

Uname info: Linux efad928e2723 6.1.34-v8+ #1657 SMP PREEMPT Fri Jun 16 12:36:29 BST 2023 aarch64 GNU/Linux

**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****

**** As the wireguard module is already active you can remove the SYS_MODULE capability from your container run/compose. ****

**** Server mode is selected ****

**** External server address is set to SECRET ****

**** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container ****

**** Internal subnet is set to 10.0.0.0 ****

**** AllowedIPs for peers 0.0.0.0/0, ::/0 ****

**** PEERDNS var is either not set or is set to "auto", setting peer DNS to 10.0.0.1 to use wireguard docker host's DNS. ****

**** Server mode is selected ****

**** No changes to parameters. Existing configs are used. ****

[custom-init] No custom files found, skipping...

.:53

CoreDNS-1.10.0

linux/arm, go1.19.9, 

[#] ip link add wg0 type wireguard

[#] wg setconf wg0 /dev/fd/63

[#] ip -4 address add 10.0.0.1 dev wg0

[#] ip link set mtu 1420 up dev wg0

[#] ip -4 route add 10.0.0.3/32 dev wg0

[#] ip -4 route add 10.0.0.2/32 dev wg0

[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

[ls.io-init] done.

Docker-compose pull wireguard says no V8 candidate.

I have an old image from a few weeks back that worked. Can I use that to recreate the container so that at least it works for now? If so how to do that?

Thanks for any help to get this working again

driz · 26 June 2023 13:11

We don’t support 32bit arm on wireguard. We won’t support 32bit anything starting July 1st. It’s time for you to move to 64bit.

coderpop · 26 June 2023 13:19

Thanks - It’s not July yet!

Please if there anyone who knows a way to restore the image I have to a running container I would appreciate the help as docker is not intuitive for me.

driz · 26 June 2023 13:39

That is correct, hence why some containers still support 32bit arm. Wireguard isn’t one of them.

We will not update the container for 32bit anymore, so if you choose to be irresponsible, simply lock your version to one prior to 32bit deprecation. It will be very insecure to do so. The responsible solution is to run a 64bit OS, especially when you consider wireguard likely gives access to your LAN from the outside.

I suggest giving this a read too: A Farewell To Arm(hf) | LinuxServer.io

you should be able to use the tag v1.0.20210914-ls120 to get it working on 32bit hardware. This is a huge security risk, good luck!

P.S. don’t auto update things without verifying it doesn’t have breaking changes. It’s part of the responsibility of self-hosting.

coderpop · 26 June 2023 13:45

I just need to get this working again if possible.

It is used to view cameras at my Mums house as she is 93 and has dementia.

I only need it long enough until I can replace the pi/wireguard with something like cameras with an mobile app from Amazon or similar - Would be better option now I think.

system · 1 July 2023 13:46

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.