Wireguard Server LE 10

Xorm · October 27, 2021 at 4:19 PM

Hi guys,

I'm struggling to install wireguard server on docker in LE 10, using portainer, on my RPI4B.

I'm receiving the following error:

Code

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.,
[s6-init] ensuring user provided files have correct perms...exited 0.,
[fix-attrs.d] applying ownership & permissions fixes...,
[fix-attrs.d] done.,
[cont-init.d] executing container initialization scripts...,
[cont-init.d] 01-envfile: executing... ,
[cont-init.d] 01-envfile: exited 0.,
[cont-init.d] 10-adduser: executing... ,
-------------------------------------,
          _         (),
         | |  ___   _    __,
         | | / __| | |  /  \ ,
         | | \__ \ | | | () |,
         |_| |___/ |_|  \__/,
Brought to you by linuxserver.io,
-------------------------------------,
To support the app dev(s) visit:,
WireGuard: https://www.wireguard.com/donations/,
To support LSIO projects visit:,
https://www.linuxserver.io/donate/,
-------------------------------------,
GID/UID,
-------------------------------------,
User uid:    65534,
User gid:    65534,
-------------------------------------,
[cont-init.d] 10-adduser: exited 0.,
[cont-init.d] 30-config: executing... ,
Uname info: Linux b0c1a242c296 5.10.52 #1 SMP Wed Aug 11 14:10:51 CEST 2021 aarch64 aarch64 aarch64 GNU/Linux,
RTNETLINK answers: Operation not permitted,
**** The wireguard module is not active, will attempt kernel header install and module compilation. ****,
**** Attempting kernel header install ****,
Get:1 http://ports.ubuntu.com/ubuntu-ports bionic InRelease [242 kB],
Get:2 http://ports.ubuntu.com/ubuntu-ports bionic-updates InRelease [88.7 kB],
Get:3 http://ports.ubuntu.com/ubuntu-ports bionic-backports InRelease [74.6 kB],
Get:4 http://ports.ubuntu.com/ubuntu-ports bionic-security InRelease [88.7 kB],
Get:5 http://ports.ubuntu.com/ubuntu-ports bionic/restricted armhf Packages [12.5 kB],
Get:6 http://ports.ubuntu.com/ubuntu-ports bionic/universe armhf Packages [11.0 MB],
Get:7 http://ports.ubuntu.com/ubuntu-ports bionic/multiverse armhf Packages [157 kB],
Get:8 http://ports.ubuntu.com/ubuntu-ports bionic/main armhf Packages [1,277 kB],
Get:9 http://ports.ubuntu.com/ubuntu-ports bionic-updates/restricted armhf Packages [16.5 kB],
Get:10 http://ports.ubuntu.com/ubuntu-ports bionic-updates/main armhf Packages [1,491 kB],
Get:11 http://ports.ubuntu.com/ubuntu-ports bionic-updates/multiverse armhf Packages [6,818 B],
Get:12 http://ports.ubuntu.com/ubuntu-ports bionic-updates/universe armhf Packages [1,855 kB],
Get:13 http://ports.ubuntu.com/ubuntu-ports bionic-backports/main armhf Packages [11.2 kB],
Get:14 http://ports.ubuntu.com/ubuntu-ports bionic-backports/universe armhf Packages [11.0 kB],
Get:15 http://ports.ubuntu.com/ubuntu-ports bionic-security/multiverse armhf Packages [2,821 B],
Get:16 http://ports.ubuntu.com/ubuntu-ports bionic-security/restricted armhf Packages [9,670 B],
Get:17 http://ports.ubuntu.com/ubuntu-ports bionic-security/main armhf Packages [1,115 kB],
Get:18 http://ports.ubuntu.com/ubuntu-ports bionic-security/universe armhf Packages [1,168 kB],
Fetched 18.6 MB in 11s (1,754 kB/s),
Reading package lists...,
**** No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work ****,
**** Kernel headers don't seem to be available, can't compile the module. Sleeping now. . . ****

Display More

I've set the volumes as follow:

Host/volume	Path in container
/storage/.config/wireguard	/config
/lib/modules	/lib/modules

Don't know why it doesn't find the kernel headers Is there anything else that I need to set?

Thank you!

**aptalca** · October 27, 2021 at 8:05 PM

Did you use Portainer? If so you probably didn't set the cap-adds correctly

Xorm · October 27, 2021 at 8:34 PM

Quote from aptalca

Did you use Portainer? If so you probably didn't set the cap-adds correctly

You mean this ones?

Code

-- cap-add=NET_ADMIN \
 --cap-add=SYS_MODULE

Where should I add them?

elonesna · October 27, 2021 at 9:00 PM

I have been using this for a long time and it works great. My SSH command to create the container is this, then you just have to start it:

Code

docker create \
  --privileged \
  --name=51820-wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Paris \
  -e SERVERURL=<my-public-ip> \
  -e SERVERPORT=51820 \
  -e PEERS=peer1,peer2,peer3,peer4,peer5,peer6,peer7,peer8,peer9 \
  -e PEERDNS=<dns1>,<dns2> \
  -e INTERNAL_SUBNET=10.10.10.0/24 \
  -e ALLOWEDIPS=0.0.0.0/0 \
  -p 51820:51820/udp \
  -v /storage/.config/dockers/wireguard/config:/config \
  -v /lib/modules:/lib/modules \
  --restart unless-stopped \
  --net=host \
  linuxserver/wireguard

Display More

To configure the clients you just have to look at /storage/.config/dockers/wireguard/config

Xorm · October 28, 2021 at 8:52 AM

Quote from elonesna

I have been using this for a long time and it works great. My SSH command to create the container is this, then you just have to start it:

Code

docker create \
  --privileged \
  --name=51820-wireguard \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Paris \
  -e SERVERURL=<my-public-ip> \
  -e SERVERPORT=51820 \
  -e PEERS=peer1,peer2,peer3,peer4,peer5,peer6,peer7,peer8,peer9 \
  -e PEERDNS=<dns1>,<dns2> \
  -e INTERNAL_SUBNET=10.10.10.0/24 \
  -e ALLOWEDIPS=0.0.0.0/0 \
  -p 51820:51820/udp \
  -v /storage/.config/dockers/wireguard/config:/config \
  -v /lib/modules:/lib/modules \
  --restart unless-stopped \
  --net=host \
  linuxserver/wireguard

Display More

To configure the clients you just have to look at /storage/.config/dockers/wireguard/config

Hi Elonesna,

Thank you so much for your help, now the server is up and running.

Since I'm using portainer I wasn't able to insert the --net=host command (you know where should I put it in the portainer configuration?)

For the ones struggling with the cap-add command, you find them under the capabilities tab in the container configuration

Now, I've configured both the raspberry and my phone as clients, below the raspberry configuration:

Code

Type = WireGuard
Name = WireGuard VPN Tunnel
Host = <ddns url>
WireGuard.ListenPort = 51820
WireGuard.Address = <private_ip_addres_from_file_peer_test.conf_in_server>/32
WireGuard.PrivateKey = <privatekey_from_file_peer_test.conf_in_server>
WireGuard.PublicKey = <publickey_from_file_peer_test.conf_in_server>
WireGuard.DNS = 8.8.8.8, 8.8.4.4
WireGuard.AllowedIPs = 0.0.0.0/0
WireGuard.EndpointPort = 51820
WireGuard.PersistentKeepalive = 25

Display More

However from my phone, when I open the tunnel and I'm not at home, I'm unable to connect to internet nor access any service available at home (like transmission, sonarr, etc...).

Instead, from raspberry, when I use connmanctl services in SSH, i see only my wifi connection, nothing else....

Probably is something on my router that I need to change....

Maybe can you help me?

elonesna · October 28, 2021 at 11:25 AM

Sorry I don't use portainer to create containers, I use SSH and hub.docker and github recommendations.

Xorm · October 28, 2021 at 1:34 PM

Quote from elonesna

Sorry I don't use portainer to create containers, I use SSH and hub.docker and github recommendations.

Yes, but the server has been configured as you wrote.

Now the problem is that i'm unable to connect from the phone to my local network when the VPN is on: the configuration is exactly as you said.

Do youo know why i cannot connect?

elonesna · October 28, 2021 at 5:22 PM

Quote from Xorm

Yes, but the server has been configured as you wrote.
Now the problem is that i'm unable to connect from the phone to my local network when the VPN is on: the configuration is exactly as you said.
Do youo know why i cannot connect?

Sorry, I am not a guesser, you have not told me how you have configured your phone and you have not told me what operating system your phone uses.

The configuration of an android client is much easier than a LE client, you just have to export the client configuration file to the device, for example, peer_peer3.conf and import this configuration from the Android WireGuard application. You may have to edit these settings from the same android application to adjust the server address (it can be a public ddns, a static public IP, or a home network IP address only valid at home), you could also adjust the dns. Obviously you have to have configured the router to redirect the internet input to the wireguard server, which you should know and is common to all 'normal' servers as wireguard.

Connecting to the server from a client using an external public IP while they are both on the same home network may not work, this is not a server failure. Use a public IP when you are away from home. At home use the private IP of the server within the home network.

If you don't understand me then you have to spend some time studying the concept of VPN servers, how they work and what it takes to get them up and running.

Wireguard Server LE 10

Similar Threads

squeezelite not working anymore as background process with LE 10

rsync not working anymore after upgrading to LE10

wireguard dont connect at boot