Wireguard error

scouserontour · 29 March 2023 16:25

I was wondering that but here is the output of ls -asnl /home/paul/appdata/wireguard

9 drwxr-xr-x  6 1000 1000   8 Mar 29 12:02 .
9 drwxr-xr-x 21 1000 1000  21 Mar 29 12:02 ..
1 drwxr-xr-x  2 1000 1000   3 Mar 29 12:02 coredns
5 -rw-------  1 1000 1000 192 Mar 29 12:02 .donoteditthisfile
9 drwx------  2 1000 1000   7 Mar 29 12:02 peer_myPhone
1 drwxr-xr-x  2 1000 1000   4 Mar 29 12:02 server
1 drwxr-xr-x  2 1000 1000   4 Mar 29 12:02 templates
5 -rw-------  1 1000 1000 552 Mar 29 12:02 wg0.conf

scouserontour · 29 March 2023 16:29

Would that affect all docker containers?
As I have got 18 other containers running fine

j0nnymoe · 29 March 2023 16:32

The issue is likely if it’s a LXC container that the wireguard container isn’t able to get access to all the functions it needs.

scouserontour · 29 March 2023 16:43

I not running it as an LXC container. If I run docker ps

68444ee10244   lscr.io/linuxserver/wireguard:latest          "/init"                  35 minutes ago   Up 35 minutes   0.0.0.0:51820->51820/udp, :::51820->51820/udp                                                                                     wireguard
4e196231cf2d   lscr.io/linuxserver/plex:latest               "/init"                  13 hours ago     Up 13 hours                                                                                                                                       plex
66d4eaf8adde   lscr.io/linuxserver/overseerr:latest          "/init"                  13 hours ago     Up 13 hours     0.0.0.0:5055->5055/tcp, :::5055->5055/tcp                                                                                         overseerr
992524e24ccf   lscr.io/linuxserver/unifi-controller:latest   "/init"                  13 hours ago     Up 13 hours                                                                                                                                       unifi-controller

---------------------------------------- Rest cut off--------------------------------------------------------------------------------

thanks

aptalca · 29 March 2023 18:22

Then what are you running docker in? How did you install docker?

scouserontour · 29 March 2023 19:09

I thought docker was an alternative to LXC.

I installed the docker engine using the instructions on https://docs.docker.com/engine/install/debian/
I believe Proxmox is based on debian.

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

If I am misunderstanding is there a link you can refer me to?
Thanks

aptalca · 29 March 2023 19:26

I’m not too familiar with proxmox, but I’m pretty sure they recommend installing docker in a VM (other option is in LXC, but they recommend against it).

itsnotv · 9 April 2023 19:32

I ran into the same issue on latest docker on debian 11.

github.com/linuxserver/docker-wireguard

Fix init script

linuxserver:master ← itsnotv:patch-1

opened 07:15PM - 09 Apr 23 UTC

itsnotv

+5 -2

[linuxserverurl]: https://linuxserver.io [![linuxserver.io](https://raw.githubu…sercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)][linuxserverurl] ------------------------------ - [x] I have read the [contributing](https://github.com/linuxserver/docker-wireguard/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications ------------------------------ ## Description: The container fails to start. I am running this on latest docker on debian 11, default settings. ``` wireguard | User UID: 1000 wireguard | User GID: 1000 wireguard | Uname info: Linux 30ebfb6d19e9 6.1.0-0.deb11.5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1~bpo11+1 (2023-03-05) x86_64 x86_64 x86_64 GNU/Linux wireguard | **** It seems the wireguard module is already active. Skipping kernel header install and module compilation. **** wireguard | mkdir: cannot create directory ‘/etc/wireguard’: Invalid argument wireguard | ln: failed to create symbolic link '/etc/wireguard/wg0.conf': No such file or directory wireguard | **** Server mode is selected **** wireguard | **** External server port is set to 51820. Make sure that port is properly forwarded to port 51820 inside this container **** wireguard | **** Internal subnet is set to 10.0.0.0 **** wireguard | **** AllowedIPs for peers 0.0.0.0/0 **** wireguard | **** PEERDNS var is either not set or is set to "auto", setting peer DNS to 10.0.0.1 to use wireguard docker host's DNS. **** wireguard | **** Server mode is selected **** wireguard | **** No changes to parameters. Existing configs are used. **** wireguard | [custom-init] No custom files found, skipping... wireguard | wg-quick: `/etc/wireguard/wg0.conf' does not exist wireguard | s6-rc: warning: unable to start service svc-wireguard: command exited 1 ``` docker ``` Server Version: 23.0.3 Storage Driver: overlay2 Kernel Version: 6.1.0-0.deb11.5-amd64 Operating System: Debian GNU/Linux 11 (bullseye) Architecture: x86_64 ``` docker-compose.yaml ``` version: '3.8' services: wireguard: image: linuxserver/wireguard restart: on-failure container_name: wireguard cap_add: - NET_ADMIN - SYS_MODULE environment: - PUID=1000 - PGID=1000 - TZ=America/Vancouver - SERVERPORT=51820 - PEERS=macbook - PEERDNS=auto - INTERNAL_SUBNET=10.0.0.0 - ALLOWEDIPS=0.0.0.0/0 volumes: - ./config:/config - /lib/modules:/lib/modules ports: - 51820:51820/udp sysctls: - net.ipv4.conf.all.src_valid_mark=1 ``` ## Benefits of this PR and context: - By default, the `/etc/wireguard` directory is empty, after installation of wireguard-tools. - This PR checks if the directory exists. If yes, it removes any config files inside, else it creates a new directory. ## How Has This Been Tested? Yes, tested with docker 23.0.3 on debian 11 x86_64. ## Source / References: I found a forum post by someone else who ran into the exact same issue. https://discourse.linuxserver.io/t/wireguard-error/7409

robumb · 26 May 2023 08:11

I am having the same problem, but as people have mentioned earlier, i think it is because i use lxc containers instead of virtual machine. I will be trying to do it on a virtual machine and hopefully it will work

agunal · 27 July 2023 01:03

Running into the same issue. I don’t think it has anything to do with LXC containers.
My setup:
Proxmox 8 → LXC container → docker

I see that the commands to create /etc/wireguard and create symlink are inside root/etc/s6-overlay/s6-rc.d/init-wireguard-confs/run

# prepare symlinks
rm -rf /etc/wireguard
mkdir -p /etc/wireguard
ln -s /config/wg0.conf /etc/wireguard/wg0.conf

I confirmed that the docker process is running as root with sudo ps aux | grep docker on the host machine (the LXC container in this case)

I then cloned the github docker-wireguard repo to build the image manually. Edited the ... /init-wireguard-confs/run file to add whoami right before the above commands. Resulting log:

Uname info: Linux f2c80a274cff 6.2.16-4-pve #1 SMP PREEMPT_DYNAMIC PVE 6.2.16-4 (2023-07-07T04:22Z) x86_64 GNU/Linux
**** It seems the wireguard module is already active. Skipping kernel header install and module compilation. ****
root
mkdir: cannot create directory ‘/etc/wireguard’: Invalid argument
ln: failed to create symbolic link '/etc/wireguard/wg0.conf': No such file or directory
**** Client mode selected. ****

So, it is definitely root. I opened a shell into the running container at that point to try and manually mkdir inside /etc/.
This works just fine:

mkdir -p /etc/any-random-name

When I try to create a directory named wireguard specifically, it gives the invalid argument error:

root@f2c80a274cff:/etc# mkdir wireguard
mkdir: cannot create directory ‘wireguard’: Invalid argument
root@f2c80a274cff:/etc# cd ..
root@f2c80a274cff:/# mkdir /etc/wireguard
mkdir: cannot create directory ‘/etc/wireguard’: Invalid argument
root@f2c80a274cff:/# mkdir /etc/wireguard2
root@f2c80a274cff:/# ls -l /etc
total 242
-rw-r--r--  1 root root       7 Jun 14 07:28 alpine-release
drwxr-xr-x  1 root root       3 Jul 26 17:33 apk
drwxr-xr-x  2 root root       3 Jul 22 06:29 bash
drwxr-xr-x  3 root root       3 Jul 22 06:29 ca-certificates
-rw-r--r--  1 root root    5594 May  6 05:14 ca-certificates.conf
drwxr-xr-x  2 root root       2 Jul 22 06:29 conf.d
drwxr-xr-x  2 root root       2 Jul 26 17:33 cont-init.d
drwxr-xr-x  2 root root       2 Jul 26 17:33 coredns
drwxr-xr-x  2 root root       3 Jul 22 06:29 crontabs
-rw-r--r--  1 root root      97 Jun 27  2022 environment
-rw-r--r--  1 root root    1362 Jun 10  2022 ethertypes
-rw-r--r--  1 root root      89 Nov  4  2022 fstab
-rw-r--r--  1 root root     736 Jul 26 17:33 group
-rw-r--r--  1 root root     736 Jul 26 17:33 group-
-rw-r--r--  1 root root      13 Jul 26 17:33 hostname
-rw-r--r--  1 root root     175 Jul 26 17:33 hosts
drwxr-xr-x  2 root root       2 Jul 22 06:29 init.d
-rw-r--r--  1 root root     570 Nov  4  2022 inittab
-rw-r--r--  1 root root    1748 Sep 27  2022 inputrc
drwxr-xr-x  2 root root      11 Jul 26 17:33 iproute2
drwxr-xr-x  2 root root       2 Jul 26 17:33 iptables
-rw-r--r--  1 root root      54 Jun 14 07:28 issue
-rw-r--r--  1 root root      20 Nov  9  2022 login.defs
drwxr-xr-x  1 root root       3 Jul 26 17:33 logrotate.d
drwxr-xr-x  2 root root       6 Jul 22 06:29 modprobe.d
-rw-r--r--  1 root root      25 Jul 26 17:33 modules
drwxr-xr-x  2 root root       2 Jul 22 06:29 modules-load.d
-rw-r--r--  1 root root     284 Nov  4  2022 motd
lrwxrwxrwx  1 root root      12 Jul 26 17:33 mtab -> /proc/mounts
drwxr-xr-x  8 root root       8 Jul 22 06:29 network
-rw-r--r--  1 root root     205 Nov  4  2022 nsswitch.conf
drwxr-xr-x  2 root root       3 Jul 26 17:33 openldap
drwxr-xr-x  2 root root       2 Jul 22 06:29 opt
-rw-r--r--  1 root root     188 Jun 14 07:28 os-release
drwxr-xr-x  2 root root      20 Jul 22 06:29 pam.d
-rw-r--r--  1 root root    1262 Jul 26 17:33 passwd
-rw-r--r--  1 root root    1261 Jul 26 17:33 passwd-
drwxr-xr-x  7 root root       7 Jul 22 06:29 periodic
drwxr-xr-x  2 root root       3 Jul 26 17:33 pkcs11
-rw-r--r--  1 root root     846 Nov  4  2022 profile
drwxr-xr-x  2 root root       5 Jul 22 06:29 profile.d
-rw-r--r--  1 root root    3144 Nov  4  2022 protocols
-rw-r--r--  1 root root      57 Jul 26 17:33 resolv.conf
-rw-r--r--  1 root root     255 Jun 25  2022 resolvconf.conf
drwxr-xr-x  1 root root       3 Jul 26 16:58 s6-overlay
drwxr-xr-x  2 root root       3 Jul 22 06:29 secfixes.d
-rw-r--r--  1 root root      98 Nov 19  2022 securetty
drwxr-xr-x  4 root root      12 Jul 22 06:29 security
-rw-r--r--  1 root root   12813 Nov  4  2022 services
drwxr-xr-x  2 root root       2 Jul 26 17:33 services.d
-rw-r-----  1 root shadow   469 Jul 26 17:33 shadow
-rw-r-----  1 root shadow   440 Jul 22 06:29 shadow-
-rw-r--r--  1 root root      48 Jul 22 06:29 shells
drwxr-xr-x  1 root root       3 Jul 22 06:29 ssl
drwxr-xr-x  2 root root       4 Jul 22 06:29 ssl1.1
-rw-r--r--  1 root root      53 Nov  4  2022 sysctl.conf
drwxr-xr-x  2 root root       2 Jul 22 06:29 sysctl.d
drwxr-xr-x 13 root root      13 Jul 22 06:29 terminfo
-rw-r--r--  1 root root    5636 Nov 19  2022 udhcpd.conf
drwxr-xr-x  2 root root       2 Jul 26 17:56 wireguard2

Any idea why this specific word doesn’t act like a normal directory path argument or is somehow invalid?

edit: removed github link - flagged for spam

driz · 27 July 2023 01:06

Unfortunately, as the devs of proxmox do not recommend running docker in an lxc container (they recommend docker in a vm) and we do not test lxc at all, this isn’t something we’re going to spend time on unless it can be reproduced by pure docker in a vm or on bare metal.

Note, whether we want to help or not, none of us use proxmox or lxc.

agunal · 27 July 2023 01:28

I understand. However the OP wasn’t running it inside LXC containers anyway, from what I understood they were running docker directly on the proxmox host machine.

Also same issue here, no proxmox involved:
github /linuxserver/docker-wireguard/issues/282

I will try it on a VM regardless, but that’s not solving this peculiar problem, even if it works on a VM. Where would one look to try and figure out a solution or a workaround?

edit: removed github link - flagged for spam

driz · 27 July 2023 01:50

to be perfectly honest, I’m not sure. We’ve never been able to reproduce the issue internally which makes it quite challenging to tshoot. It could be related to the storage driver being used… I don’t recall what that looks like in terms of errors/logs.

agunal · 27 July 2023 02:13

Thanks for the response. It sounds like it’s way more involved to dig into than I initially thought. For now I am using the workaround that itsnotv posted above:

(Can’t post a link to github anymore I guess, my previous posts were flagged/hidden too. For posterity, just go to post 11 above and apply the changes in the commit before manually building the docker image.)

huuub · 23 September 2023 19:54

I hope the workaround will still be implemented. I also still have the issue.
As a workaround I first start normally. It crashes. Then I add this line in the volumes:

$VOLDIR/wg/config/wg0.conf:/etc/wireguard/wg0.conf
And I restart.

aptalca · 23 September 2023 20:42

Any of you using zfs?

huuub · 23 September 2023 20:53

I am… And my solutions still doesnt work as the file is not accurate anynore after it…

huuub · 23 September 2023 21:01

Any more ideas. I cant believe this is not working…

aptalca · 23 September 2023 21:01

Give this a try

huuub · 23 September 2023 21:28

well that doesnt seem to work. I need to use overlay2. The drive added however is zfs. I am not an expert if I need to change something. But it is weird that this is the first containter having this kind of problems.