drscheme Posted March 19, 2020 Posted March 19, 2020 Hi, I run a wireguard server in my home. I have a Mac and a couple of iOS devices that can successfully connect to the server, my internet traffic is routed via the home wireguard server and I can access devices in my home network using an address like 192.168.178.200. No problem. Now I want to connect my cubitruck running Armbian Ubuntu 18.04 to my home network. I created a similar configuration as for all of the other devices, wireguard connects after I say `wg-quick up $configname`, with `ip a` I can see a new interface with an IP that corresponds to my configuration, there is a route set (Dst 10.9.0.0 -> Iface $configuration_wg0) BUT when I try to ping the IP of the WG server (in my case 10.9.0.1): no response when I try to ping a device in the home network (192.168.178.*): no response when I try to access the Internet: nope. Interestingly, on server side, when I say `wg show`, I notice that there is no sign that the client is/was connected. Here's my client conf: [Interface] PrivateKey = xx Address = 10.9.0.7/24 DNS = 1.1.1.1,1.0.0.1 [Peer] PublicKey = yy AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = foo.bar.baz:10815 PersistentKeepalive = 25 And here the server.conf: [Interface] Address = 10.9.0.1/24 ListenPort = 10815 PrivateKey = aa SaveConfig = false # iphone [Peer] PublicKey = bb AllowedIPs = 10.9.0.4/32 # ipad [Peer] PublicKey = cc AllowedIPs = 10.9.0.5/32 # macpro [Peer] PublicKey = dd AllowedIPs = 10.9.0.6/32 # backuptruck [Peer] PublicKey = ee AllowedIPs = 10.9.0.7/32 I am actually pretty confident, that the configuration is correct. So I tested what happens when I run the same configuration on a Ubuntu notebook and here the configuration works. So my conclusion is that there might be something broken/incompatible/ with wireguard on Armbian.
Igor Posted March 19, 2020 Posted March 19, 2020 6 minutes ago, drscheme said: So my conclusion is that there might be something broken/incompatible/ with wireguard on Armbian. I might give you some hints if you show me logs and WG module version. But you can just try to switch to nightly repository (current kernel). That includes up to date driver.
drscheme Posted March 19, 2020 Author Posted March 19, 2020 Thank you Igor. I try the nightly builds tomorrow and post an update. Thanks!
Peter P Posted March 30, 2020 Posted March 30, 2020 Hello! I'm investigating a similar issue and found this thread. I'm trying to run wireguard on my banana pi pro. I have the following setup (as simple as possible for debugging the problem, left in the keys on purpose): Quote #Banana pi running armbian on 192.168.0.11 [Interface] Address = 10.200.200.1/24 SaveConfig = true ListenPort = 51822 PrivateKey = qAQNv75Hbfa6Spoe6lx0Y71h509ftMmqcnWhf2EDY2U= [Peer] PublicKey = Z2fGG/610nuIg58X0MGBXTwGR9bgqdvjQsUvfqrPhic= AllowedIPs = 10.200.200.2/32 #Endpoint = 192.168.0.101:51822 #My notebook running Ununtu on 192.168.0.101 [Interface] Address = 10.200.200.2/24 PrivateKey = YJOifAYRt0WojFAFvideTCVSr5OE4PtQCxMri0s4mHY= ListenPort = 51822 [Peer] PublicKey = tAotXUDO1HLLjDN1Ovq3R16DG/JgmNN71YvfBrPYFFQ= Endpoint = 192.168.0.11:15822 AllowedIPs = 10.200.200.0/24 I found that bpi is having problem accepting connections, I can see the packets received in tcpdump but there is no wg handshake. If I uncomment the Endpoint line in BPI config wireguard can establish connection with my desktop, even if I remove the endpoint address from my notebooks configuration. The situation is same with 4.19.62-sunxi #5.92, 5.4.28-sunxi #20.02.7 and 5.5.13-sunxi #trunk.088. Quotemodinfo wireguard filename: /lib/modules/5.5.13-sunxi/kernel/drivers/net/wireguard/wireguard.ko alias: net-pf-16-proto-16-family-wireguard alias: rtnl-link-wireguard version: 1.0.0 author: Jason A. Donenfeld <Jason@zx2c4.com> description: WireGuard secure network tunnel license: GPL v2 srcversion: 00F219E9700C1A81A851666 depends: libcurve25519,libblake2s,udp_tunnel,libchacha20poly1305,curve25519-neon,ip6_udp_tunnel intree: Y name: wireguard vermagic: 5.5.13-sunxi SMP mod_unload ARMv7 thumb2 p2v8 I didn't find any related error message in the logs. Please let me know if you have some idea debugging this issue. Thanks, Peter
Igor Posted March 30, 2020 Posted March 30, 2020 3 hours ago, Peter P said: I didn't find any related error message in the logs. Please let me know if you have some idea debugging this issue. Below Linux kernel 5.5.y is a legacy out of the tree version, this: https://git.zx2c4.com/wireguard-linux-compat Starting from 5.6.y WG is a part of the mainline kernel. Reports those errors / problems directly to WG authors and when they fix this, apt update and upgrade will solve it ...
maxlinux2000 Posted June 22, 2020 Posted June 22, 2020 root@w2:~# apt update Hit:1 http://deb.debian.org/debian buster InRelease Hit:2 http://security.debian.org buster/updates InRelease Hit:3 http://deb.debian.org/debian buster-updates InRelease Hit:4 http://deb.debian.org/debian buster-backports InRelease Hit:5 https://apt.armbian.com buster InRelease Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. root@w2:~# apt install wireguard Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: wireguard : Depends: wireguard-tools (>= 1.0.20200513-1~bpo10+1) but 1.0.20200319-1~bpo10+1 is to be installed E: Unable to correct problems, you have held broken packages. root@w2:~# uname -a Linux w2 5.4.43-sunxi64 #20.05.2 SMP Tue Jun 2 17:20:17 CEST 2020 aarch64 GNU/Linux
Igor Posted June 22, 2020 Posted June 22, 2020 We host wireguard-tools package since they are not a part of a standard Debian. They have been updated now ... but you don't need this package because Wireguard is build into the kernel. Debian "apt install wireguard" is written badly: root@odroidc4:/home/igorp# apt install wireguard Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: dkms linux-image-4.19.0-9-rt-arm64 linux-image-rt-arm64 wireguard-dkms Suggested packages: python3-apport menu linux-doc-4.19 debian-kernel-handbook Recommended packages: fakeroot linux-headers-686-pae | linux-headers-amd64 | linux-headers-generic | linux-headers firmware-linux-free apparmor The following NEW packages will be installed: dkms linux-image-4.19.0-9-rt-arm64 linux-image-rt-arm64 wireguard wireguard-dkms 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 40.9 MB of archives. After this operation, 228 MB of additional disk space will be used. Do you want to continue? [Y/n] n Abort. On Armbian you only need to configure Wireguard. You don't need any of those packages and 228MB of waste.
Recommended Posts