wireguard-manager
wireguard-manager copied to clipboard
complexorganizations
error
Ubuntu 18.04
cat /etc/wireguard/wg0.conf
PostUp = sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1; nft add table inet wireguard-wg0; nft add chain inet wireguard-wg0 wireguard_chain {type nat hook postrouting priority srcnat;}; nft add rule inet wireguard-wg0 wireguard_chain oifname ens3 masquerade
root@vps:~# sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1; nft add table inet wireguard-wg0; nft add chain inet wireguard-wg0 wireguard_chain {type nat hook postrouting priority srcnat;}; nft add rule inet wireguard-wg0 wireguard_chain oifname ens3 masquerade net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 Error: syntax error, unexpected string, expecting - or number add chain inet wireguard-wg0 wireguard_chain {type nat hook postrouting priority srcnat;} ^^^^^^ Error: NAT is only supported for IPv4/IPv6 add rule inet wireguard-wg0 wireguard_chain oifname ens3 masquerade ^^^^^^^^^^
Ok., fresh install:
Created symlink /etc/systemd/system/multi-user.target.wants/[email protected] → /lib/systemd/system/[email protected].
Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xe" for details.
Synchronizing state of unbound.service with SysV service script with /lib/systemd/systemd-sysv-install.
root@EKL:~# journalctl -xe | grep wg Aug 02 06:58:32 EKL systemd[1]: Created slice system-wg\x2dquick.slice. -- Subject: Unit system-wg\x2dquick.slice has finished start-up -- Unit system-wg\x2dquick.slice has finished starting up. Aug 02 06:58:32 EKL systemd[1]: Starting WireGuard via wg-quick(8) for wg0... -- Subject: Unit [email protected] has begun start-up -- Unit [email protected] has begun starting up. Aug 02 06:58:32 EKL wg-quick[29023]: [#] ip link add wg0 type wireguard Aug 02 06:58:32 EKL wg-quick[29023]: [#] wg setconf wg0 /dev/fd/63 Aug 02 06:58:32 EKL wg-quick[29023]: [#] ip -4 address add 10.0.0.1/8 dev wg0 Aug 02 06:58:32 EKL wg-quick[29023]: [#] ip -6 address add fd00:00:00::1/8 dev wg0 Aug 02 06:58:32 EKL wg-quick[29023]: [#] ip link set mtu 1420 up dev wg0 Aug 02 06:58:32 EKL wg-quick[29023]: [#] sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1; nft add table inet wireguard-wg0; nft add chain inet wireguard-wg0 wireguard_chain {type nat hook postrouting priority srcnat\;}; nft add rule inet wireguard-wg0 wireguard_chain oifname eth0 masquerade Aug 02 06:58:32 EKL wg-quick[29023]: net.ipv4.ip_forward = 1 Aug 02 06:58:32 EKL wg-quick[29023]: net.ipv6.conf.all.forwarding = 1 Aug 02 06:58:32 EKL wg-quick[29023]: Error: syntax error, unexpected string, expecting - or number Aug 02 06:58:32 EKL wg-quick[29023]: add chain inet wireguard-wg0 wireguard_chain {type nat hook postrouting priority srcnat;} Aug 02 06:58:32 EKL wg-quick[29023]: ^^^^^^ Aug 02 06:58:32 EKL wg-quick[29023]: [#] ip link delete dev wg0 Aug 02 06:58:33 EKL systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE Aug 02 06:58:33 EKL systemd[1]: [email protected]: Failed with result 'exit-code'. Aug 02 06:58:33 EKL systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0. -- Subject: Unit [email protected] has failed -- Unit [email protected] has failed. root@EKL:~#
root@EKL:~# nft --version nftables v0.8.2 (Joe Btfsplk) root@EKL:~# uname -a Linux EKL 4.15.0-166-generic #174-Ubuntu SMP Wed Dec 8 19:07:44 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux root@EKL:~#
Please do this.
cat /etc/os-release
Have u recently updated the kernel?
Response Options for the GitHub Issue:
Option 1: Offer further assistance with debugging:
- Hi CraftedCat, thanks for reporting this issue! It seems like you're facing a problem with setting up WireGuard and encountering a syntax error related to
nft. I'd be happy to help you debug further. - I noticed you've already tried creating a fresh install and provided logs for analysis. Could you please share the output of
journalctl -xe | grep wgagain? This might offer additional clues. - In the meantime, I can recommend checking the nftables documentation for the specific syntax used for adding chains and rules. Additionally, some community forums might have similar cases and solutions related to older nftables versions.
Option 2: Recommend alternative solutions:
- Although you mentioned creating a PR isn't an option, exploring the community-contributed configurations provided in pull requests might offer insights for adapting to your environment.
- Since the issue seems related to the outdated nftables version, consider alternative firewall solutions like iptables that might be more compatible and avoid the syntax error.
- If upgrading nftables on your Ubuntu 18.04 system is feasible, check if any available updates address the compatibility concerns.
Option 3: Suggest further information gathering:
- To investigate the issue further, it would be helpful to know the specific network interface you're trying to use for WireGuard (eth0 or ens3 in your case) and the desired routing configuration (masquerade or specific rules).
- If you've made any recent modifications to your system configuration, including kernel updates or firewall settings changes, mentioning those might pinpoint potential interactions causing the problem.
General Notes:
- Regardless of the chosen option, always maintain a friendly and helpful tone.
- If possible, reference specific documentation or resources to guide the user towards further troubleshooting.
- Acknowledge the user's efforts and appreciate their contribution to the project.
Remember to adapt the response based on your specific understanding of the issue and the context provided in the Github issue.
I hope this helps! Let me know if you have any other questions.