wireguard-chart icon indicating copy to clipboard operation
wireguard-chart copied to clipboard

Published 20 hours ago verified publisher icon bryopsida

unable to connect, keys mismatch and no easy debug

Open roberto-sebastiano opened this issue 1 year ago • 1 comments

Hello,

I'm having issue with this chart.

From what I see, the keys present in the POD are different from those specified in the yaml file. kubectl get logs reports

wgrs-wireguard-xqvv9 sysctls net.ipv4.ip_forward = 1
wgrs-wireguard-xqvv9 sysctls net.ipv4.conf.all.forwarding = 1
wgrs-wireguard-xqvv9 wireguard [#] ip link add wg0 type wireguard
wgrs-wireguard-xqvv9 wireguard [#] wg setconf wg0 /dev/fd/63
wgrs-wireguard-xqvv9 wireguard [#] ip -4 address add 172.32.32.1/24 dev wg0
wgrs-wireguard-xqvv9 wireguard [#] ip link set mtu 1290 up dev wg0
wgrs-wireguard-xqvv9 wireguard [#] wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s 172.32.32.0/24 -o eth0 -j MASQUERADE
wgrs-wireguard-xqvv9 wireguard Public key 'dRH4Ms/h+H3BmT/J.....'

But in the yaml file, I specified:

wireguard:
  serverAddress: 172.32.32.1/24
  serverCidr: 172.32.32.0/24
  natAddSourceNet: true
  allowWan: false
  clients:
    - AllowedIPs: 172.32.32.2/32
      PublicKey: cbrG5zpfV1BIZZk...
      PresharedKey: KmkotoRaR1B...

wg show wg0 shows

interface: wg0
public key: cbrG5zpfV1BIZZkJNb3OYIilOg4Xdvp/juMNS27/6zA=
private key: (hidden)
listening port: 35008

Another things I note, is that the pod is very hard to debug, I can't get to any shell and kubectl exec gives errors in reading /etc/wireguard

The project seems promising but more focus should be put into documentation (also a way to debug)

-- Roberto

roberto-sebastiano avatar Mar 03 '24 23:03 roberto-sebastiano

Another things I note, is that the pod is very hard to debug, I can't get to any shell and kubectl exec gives errors in reading /etc/wireguard

What kubernetes version and kubernetes distribution are you using? Does your cluster have something applying role bindings impacting kubectl exec permissions? Or are you using a different wireguard container image?

The default image is alpine based and has a shell included so there shouldn't be anything from the image or chart preventing shell access through kubectl.

image

Containers:
  wireguard:
    Container ID:   containerd://a32c61963c1c2d94fa103f547193d13daa7fcf5158b0dc38c5f8ded523229617
    Image:          ghcr.io/bryopsida/wireguard:main
    Image ID:       ghcr.io/bryopsida/wireguard@sha256:500ae22c9f4a0a3ed50c1d7b165b2caf1036dacfd61d893ceeb94f13b93fa2f0
    Port:           51820/UDP

bryopsida avatar Mar 04 '24 22:03 bryopsida