Howto get Wireguarding running via Docker - A description of a successful try

Don't miss a thing. Post your questions and discussion about other uncategorized NAS features here.
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

I hope QNAP will provide an official wireguard integration soon. Especially as there are userspace implementations available. The following is an description of my (at least short term, successfull) try-out of wireguard. I dont run it in "production" yet, but it seems to work -> I cannot guarantee stability, all experiments are in your own responsibility. I am not a VPN or network expert, so I will most likely not be able to help. Any changes, updates to this experiment description is highly welcome...

I used the userspace implementation of Wireguard in Go via Docker using the "masipcat/wireguard-go" docker image/container (https://github.com/masipcat/wireguard-go-docker and https://hub.docker.com/r/masipcat/wireguard-go).
I had some difficulties - check my remarks below. Make sure you store the private key in a file and start wg with that key so it doesnt change on every reboot (part of the tutorial in the link).

Precondtion: I had QVPN installed (not sure if this is required to get IP forwarding enabled.

Edit: A few more posts down I wrote my steps down in detail - viewtopic.php?f=50&t=155840&p=758548#p758548

My wg0.conf - please note that I had to update the iptables rules and add another one to make it work. Choose your subnet. Often 10.0.0.0/24 is used. I chose a different one to avoid conflicts. The below 172.0.20.0/24 is an example

Code: Select all

[Interface]
Address = 172.0.20.1/32
PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -A FORWARD -i %i -j ACCEPT && iptables -t nat -A POSTROUTING -s 172.0.20.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT && iptables -t nat -D POSTROUTING -s 172.0.20.0/24 -o eth0 -j MASQUERADE
ListenPort = YOUR_PORT #choose your own, default is 51820
PrivateKey = SERVER_PRIVATEKEY

[Peer]
# Client1
PublicKey = CLIENT1_PUBLICKEY
AllowedIPs = 172.0.20.2/32

[Peer]
# Client2
PublicKey = CLIENT2_PUBLICKEY
AllowedIPs = 172.0.20.3/32
Example client1 conf

Code: Select all

[Interface]
Address = 172.0.20.2/32
PrivateKey = CLIENT1_PRIVATEKEY
DNS = 1.1.1.1 # cloudflare dns

[Peer]
PublicKey = SERVER_PUBLICKEY
AllowedIPs = 0.0.0.0/0  # means route ALL traffic through the VPN. Choose your subnets if only some subnets shall be routed. E.g. 192.168.0.0/24 or multiple ones
Endpoint = WG_SERVER_IP:51820
As wg clients I used the official MacOS and iOS clients.

Starting container
Bringing up wireguard, I used the docker-compose from masipcat with a few changes: I activated priviledged=true and removed sysctl as port forwarding is already active on my QNAP. I started the application using docker-compose up (-d later on to make it run in the background) from commandline. I havent tried yet the the "create application" button in container station. As this is only one container, I would prefer docker, but I cannot use "cap_add" in the container-stration interface to my knowledge.:

Code: Select all

version: '3.3'
services:
  wireguard:
    image: masipcat/wireguard-go:latest
    cap_add:
     - NET_ADMIN
 #   sysctls:
 #    - net.ipv4.ip_forward=1
    volumes:
     - /dev/net/tun:/dev/net/tun
     - YOUR_NAS_WIREGUARD_FOLDER:/etc/wireguard
    environment:
     - WG_COLOR_MODE=always
     - LOG_LEVEL=info
    ports:
     - YOUR_PORT:YOUR_PORT/udp
    # Uncomment the following line when 'AllowedIPs' is '0.0.0.0/0'
    privileged: true
    restart: always
Remarks
Please note that I didnt do any long term test. I still have OpenVPN running in parallel to have a fallback (seems to work). The setup I only tested for a few hours, but it worked. Probably somebody is able to bring it a step further.

Issue: official clients show VPN connection as active while handshake was failing
Remark: ssh into docker and check "wg show all" if there is a successful handshake (you can also show "latest-handshakes" only). If there is no handshake - keys will be most likely mixed up

Issue: handshake didnt work
Remark: server publickey was different to the one I noted down. Check keys triple times :-). After updating all was smooth

Issue: internet and network access didnt work in the beginning
Remark: Had to add the following rule to PostUp and accordingly PostDown (see conf above): iptables -A FORWARD -i %i -j ACCEPT to make it work ("%i" will translate into the wg created interface - normally wg0)

Issue: Bringing the container down didnt remove the iptables routes, leading to multiple similar rules when starting the container up
Remark: If you ssh into the container and use wg-quick down, rules are removed. I filed a bug against this issue
>>> This issue is solved using the container-station GUI - see next reply

Issue: TUN device suddenly was found to be a directory in QNAP
Remark: dont know the cause - reboot helped
>>> Seems now to work, when using container-station gui. To be tested further


I hope this helps some users and I didnt make any mistaked :-). Best regards!
Last edited by bigcookie on Fri Jul 10, 2020 8:47 pm, edited 3 times in total.
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

Found a better way and user container-station "create application". This is the docker-compopes.yaml I used:

Code: Select all

version: '3.3'
services:
  wireguard:
    image: masipcat/wireguard-go:latest
    cap_add:
     - NET_ADMIN
    volumes:
     - /dev/net/tun:/dev/net/tun
     # Folder with 'publickey', 'privatekey' and 'wg0.conf'
     - /share/Container/Wireguard/etc_wireguard:/etc/wireguard
    environment:
     - WG_COLOR_MODE=always
     - LOG_LEVEL=info
    ports:
     - 51820:51820/udp
    # Uncomment the following line when 'AllowedIPs' is '0.0.0.0/0'
    privileged: true
    restart: always
This also cleans up properly iptables when shutting down via container-station! So, looks good to me :-). VPN works, OpenVPN also still works!
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

As this is a userspace implementation, it seems that the speed is much lower than expected and is similar to openvpn. I tested via speedtest.net through a lte connection.
For the great speed improvement, i expect we need to wait for the kernelspace implementation...

My findings might be wrong and i for sure didnt try optimizing the setup.
User avatar
Moogle Stiltzkin
Guru
Posts: 11448
Joined: Thu Dec 04, 2008 12:21 am
Location: Around the world....
Contact:

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Moogle Stiltzkin »

NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1

Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)


Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

Yes, this link is containing useful information. NEvertheless - if you go for external providers, some already implement dynamic IP addresses etc: https://hide.me/en/blog/wireguard-is-no ... -friendly/

In my case, security is the most important as I am anyway the only user connecting to my server. As all is running on my own NAS - the log files/configurations are on the same machine (we can discuss if this is the best way :-) ) and as such under my control. I consider this low risk. Privacy wise, yes the internal VPN network addresses are static. As I am the only user in this case, any connection to the server would reveal metadata about me. Therefore i accepted this. Also dynamic IP address management ist as far as I read in the article you pasted in the works...

Summary for me:
I dont see benefits from Wireguard if the userspace implementation is required which comes with no speed/throughput improvement as I experienced (better measurements could be done for sure). So I will stick with OpenVPN for now, at least until QNAP pushes the new Linux kernel including Wireguard. But the setup above is great to simply experiment with Wireguard and understand a bit more.

Thanks for sharing!
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

As I still had to try and error a lot. I decided to document my steps for a IPv4 configuration below for others to try/enhance... It uses static IPs and a fixed config. Keep your private keys secure and safe!!! The copying of keys is pretty nasty. I used another container and some scripts to automatically add/remove peers and generate the key pairs on the server. The config is then transferred via a file or a QR code to the client (not beautiful, but working). Ping me on interest.

Here the step by step instruction for people who want to try (simple installation). This worked for me. Please also be reminded, that this is a userspace implementation of wireguard as the new kernel containing the module is not part of QTS. Due to this, I didnt see the speed/throughput improvements. Please also read the links above as they show some downsides of Wireguard (logs/configs on the server and fixed IP address usage - I could accept both as the logs are on my server and it is anyway only me connecting to the server). Nevertheless I will most likely shutdown wireguard as there is no performance improvements for me until the kernel module is provided.

1. Install/start container-station

2. Create a folder to store wireguard persistant data. E.g. /share/Container/wireguard

3. Goto to overview and "Create application"

4. Use the following YAML and replace whatever is written in the create application window. Replace the capital strings starting with "YOUR...". You can change the standard port, but at the end in IPv4 I do this through port forwarding to expose a non standard port:

Code: Select all

version: '3.3'
services:
  wireguard:
    image: masipcat/wireguard-go:latest
    cap_add:
     - NET_ADMIN
    sysctls:
     - net.ipv4.ip_forward=1
    volumes:
     - /dev/net/tun:/dev/net/tun
     # Folder with 'publickey', 'privatekey' and 'wg0.conf'
     - YOUR_PERSISTANT_WG_FOLDER_ABSOLUT_PATH_FROM_POINT2:/etc/wireguard
    environment:
     - WG_COLOR_MODE=always
     - LOG_LEVEL=info
    ports:
     - 51820:51820/udp
    # Uncomment the following line when 'AllowedIPs' is '0.0.0.0/0'
    privileged: true
    restart: always
5. Stop the wireguard application in "overview"

6. Create your server public and private keys by ssh'ing in your NAS:

Code: Select all

> cd YOUR_PERSISTANT_WG_FOLDER_ABSOLUT_PATH_FROM_POINT2
> umask 077
# Generate privatekey
> docker run --rm -i masipcat/wireguard-go wg genkey > privatekey
# Generate publickey from privatekey
> docker run --rm -i masipcat/wireguard-go wg pubkey < privatekey > publickey
7. Generate WG wg0 interface config. Example below.
Choose your VPN internal subnet - e.g. 172.0.0.0/24 (I chose a different one to 10.0.0.0/24 as this is used by OpenVPN which I am still running in parallel).
Choose your server address (example below: 172.0.0.1/32)
Choose the port (I suggest the defaullt port 51820 as this is not outside world facing)
Paste the just generate private key from the server under [Interface] -> PrivateKey
Generate a new key pair for a peer (client) - either on the client software (iOS/Android) or with the same method of step 6 -> attention, choose other files as target or simply read the keys from the terminal
Add peer public key to peer section.
Assign an IP address to the peer (example below: 172.0.0.2/32) - each peer needs a unique address

Example "wg0.conf" in your persistent wireguard folder.

Code: Select all

[Interface]
Address = 172.0.0.1/32
PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -A FORWARD -i %i -j ACCEPT && iptables -t nat -A POSTROUTING -s 172.0.20.0/24 -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT && iptables -t nat -D POSTROUTING -s 172.0.20.0/24 -o eth0 -j MASQUERADE
ListenPort = 51820
PrivateKey = SERVER_PRIVATEKEY

[Peer]
# Client1
PublicKey = CLIENT1_PUBLICKEY
AllowedIPs = 172.0.0.2/32

[Peer]
# Client2
PublicKey = CLIENT2_PUBLICKEY
AllowedIPs = 172.0.0.3/32
8. Peer configuration: Same thing as the server, but vice versa. The [Interface] section is for the peer, the [Peer] section for the server.
Add the IP address from the corresponding [Peer] section in "wg0.conf" as "address" into the peer config
Add the server public key to the [Peer] section of the peer config
Add "0.0.0.0/0" to the AllowedIPs of the [Peer] section of the peer config
Add the endpoint (your public IP or DNS address followed by ":PORT_NUMBER of the server) to the [Peer] section of the peer config

Example client config:

Code: Select all

[Interface]
Address = 172.0.00.2/32
PrivateKey = CLIENT1_PRIVATEKEY
DNS = 1.1.1.1 # cloudflare dns

[Peer]
PublicKey = SERVER_PUBLICKEY
AllowedIPs = 0.0.0.0/0  # means route ALL traffic through the VPN. Choose your subnets if only some subnets shall be routed. E.g. 192.168.0.0/24 or multiple ones
Endpoint = WG_SERVER_IP/DNS:51820
9. Start the wireguard application in container-station

10. activate wireguard connection on your mobile (Attention: it will show active, though it might not be). Check if the DNS name resolves in the UI. Check access to your network

11. Trouble shooting
Open terminal of the wireguard container through container-station. Use

Code: Select all

> wg show all
And check if there is a "handshake" listed under your peer. If not, most likely some of the keys are wrongly written/copied.

Have fun
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

Hi i am getting this error.
I only want to run the Nas as a client.
Does anyone know?

Code: Select all

[#] ip link add wg0 type wireguard                                                                                                                                                                                                                                                              
RTNETLINK answers: Not supported                                                                                                                                                                                                                                                                
[!] Missing WireGuard kernel module. Falling back to slow userspace implementation.                                                                                                                                                                                                             
[#] wireguard-go wg0                                                                                                                                                                                                                                                                            
WARNING WARNING WARNING WARNING WARNING WARNING WARNING                                                                                                                                                                                                                                         
W                                                     G                                                                                                                                                                                                                                         
W   You are running this software on a Linux kernel,  G                                                                                                                                                                                                                                         
W   which is probably unnecessary and misguided. This G                                                                                                                                                                                                                                         
W   is because the Linux kernel has built-in first    G                                                                                                                                                                                                                                         
W   class support for WireGuard, and this support is  G                                                                                                                                                                                                                                         
W   much more refined than this slower userspace      G                                                                                                                                                                                                                                         
W   implementation. For more information on           G                                                                                                                                                                                                                                         
W   installing the kernel module, please visit:       G                                                                                                                                                                                                                                         
W           https://www.wireguard.com/install         G                                                                                                                                                                                                                                         
W                                                     G                                                                                                                                                                                                                                         
WARNING WARNING WARNING WARNING WARNING WARNING WARNING                                                                                                                                                                                                                                         
INFO: (wg0) 2021/01/14 21:43:23 Starting wireguard-go version 0.0.20200320                                                                                                                                                                                                                      
[#] wg setconf wg0 /dev/fd/63                                                                                                                                                                                                                                                                   
INFO: (wg0) 2021/01/14 21:43:23 Starting wireguard-go version 0.0.20200320                                                                                                                                                                                                                      
INFO: (wg0) 2021/01/14 21:43:23 Interface set up                                                                                                                                                                                                                                                
INFO: (wg0) 2021/01/14 21:43:23 Device started                                                                                                                                                                                                                                                  
INFO: (wg0) 2021/01/14 21:43:23 UAPI listener started                                                                                                                                                                                                                                           
[#] ip -4 address add 192.168.200.4 dev wg0                                                                                                                                                                                                                                                     
[#] ip link set mtu 1420 up dev wg0                                                                                                                                                                                                                                                             
[#] resolvconf -a wg0 -m 0 -x                                                                                                                                                                                                                                                                   
[#] wg set wg0 fwmark 51820                                                                                                                                                                                                                                                                     
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820                                                                                                                                                                                                                                               
[#] ip -4 rule add not fwmark 51820 table 51820                                                                                                                                                                                                                                                 
[#] ip -4 rule add table main suppress_prefixlength 0                                                                                                                                                                                                                                           
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1                                                                                                                                                                                                                                                
[#] iptables-restore -n                                                                                                                                                                                                                                                                         
iptables-restore v1.8.4 (legacy): iptables-restore: unable to initialize table 'raw'                                                                                                                                                                                                            
                                                                                                                                                                                                                                                                                                
Error occurred at line: 1                                                                                                                                                                                                                                                                       
Try `iptables-restore -h' or 'iptables-restore --help' for more information.                                                                                                                                                                                                                    
[#] resolvconf -d wg0 -f                                                                                                                                                                                                                                                                        
[#] ip -4 rule delete table 51820                                                                                                                                                                                                                                                               
[#] ip -4 rule delete table main suppress_prefixlength 0                                                                                                                                                                                                                                        
[#] ip link delete dev wg0                                                                                                                                                                                                                                                                      
INFO: (wg0) 2021/01/14 21:43:23 Interface set down                                                                                                                                                                                                                                              
ERROR: (wg0) 2021/01/14 21:43:23 Failed to read packet from TUN device: read : file descriptor in bad state                                                                                                                                                                                     
INFO: (wg0) 2021/01/14 21:43:23 Device closing                                                                                                                                                                                                                                                  
INFO: (wg0) 2021/01/14 21:43:23 Shutting down     
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

my wg0.conf

Code: Select all

[Interface]
PrivateKey = *****************************************************
#Address = 172.0.00.2/32
Address = 192.168.200.4
#Address = fd86:ea04:1111::4/128
DNS = 1.1.1.1

[Peer]
PublicKey = ***************************************************
Endpoint = 82.***.**.**:53153
AllowedIPs = 0.0.0.0/0
#PersistenKeepalive = 25
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

Hi @Lice2, can you share a bit more - not sure if I will be able to help though. Are you running wireguard docker? On a QNAP NAS? Is the error coming through the wiregaurd startup, or did you put in the commands manually? It looks to me, like you do all that things manually via commandline.

The setup howto I created above works fine for me without the need to fire-up wireguard manually. You should be able to use it as a client, by simply putting a client config instead of the server config in the according folder...
What you need to know, the VPN client from QNAP need to be started prior - otherwise the TUN device is missing. Sometime there is a race condition and I have to restart the container to make it work.

Also I noticed that the ports you use are different. Probably you have a misconfiguration on that side as well (though it doesnt explain the iptables error).

Regarding the error, this post might help:
https://askubuntu.com/questions/28215/h ... lter#28218
(missing "sudo" in front of iptables or missing module?)

regards
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

Yes, I use the docker under qnap. As described above . The error then comes in the container where wireguard is running.
And the Wireguard server runs outside on a Vserver, all my other Pcs and Raspberries work perfectly as clients. It just doesn't work with Qnap.

The port on which the server is running is 53153. I wrote that in above, but he always uses the 51820.
I can write the yaml from the docker here in the forum again.

Thank you also for the first time for the answer
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

This is how I created the Docker.
Only when it starts does it not take the 53153 udp port.

Code: Select all

version: '3.3'
services:
  wireguard:
    image: masipcat/wireguard-go:latest
    cap_add:
     - NET_ADMIN
     - SYS_MODULE
    sysctls:
     - net.ipv4.ip_forward=1
    volumes:
     - /dev/net/tun:/dev/net/tun
     # Folder with 'publickey', 'privatekey' and 'wg0.conf'
     - /share/CACHEDEV1_DATA/Container/wireguard:/etc/wireguard
    environment:
     - WG_COLOR_MODE=always
     - LOG_LEVEL=info
    ports:
     - 53153:53153/udp
    # Uncomment the following line when 'AllowedIPs' is '0.0.0.0/0'
    privileged: true
    restart: always
I put that with - SYS_MODULE in for test purposes. it doesn't work with or without.

http://minelice.com/qnap-docker.png

here is a screenshot !
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

@bigcookie Question, you installed qvpn and started openvpn with vpn client?
bigcookie
Getting the hang of things
Posts: 76
Joined: Fri Jan 30, 2009 6:00 pm

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by bigcookie »

Sorry not too much time today.
1. yes i installed qvpn. No need to run openvpn, but qvpn installation is needed for the tun device to beavailable. At least my system complains in case qvpn is not there.

2. the instruction is slightly wrong... the YOURPORT:YOURPORT is the port mapping from inside the container to the outside if i recall correctly. So please try to use the original wireguard port:YOURPORT... instead (or vice versa - i dont remember by heart). I hope this is correct (it‘s been a while and I am waiting for qnap to provide the kernel integration of wireguard)

I am not an expert and shared simply my experience. I hope this can help. I will read and digest the post fully most likely tomorrow... sorry for that...
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

I think it's nice of you that you still help me. So I also installed QVPN.
So I am writing now.
ports:
- 51820: 53153 / udp
Have you changed anything in the Container Station under Preferences Network Settings (docker 0)?
Yes, I am also waiting for Qnap Wireguard to integrate.

Unfortunately I still get the same error.

Code: Select all

[#] wireguard-go wg0                                                                                                                                                                
WARNING WARNING WARNING WARNING WARNING WARNING WARNING                                                                                                                             
W                                                     G                                                                                                                             
W   You are running this software on a Linux kernel,  G                                                                                                                             
W   which is probably unnecessary and misguided. This G                                                                                                                             
W   is because the Linux kernel has built-in first    G                                                                                                                             
W   class support for WireGuard, and this support is  G                                                                                                                             
W   much more refined than this slower userspace      G                                                                                                                             
W   implementation. For more information on           G                                                                                                                             
W   installing the kernel module, please visit:       G                                                                                                                             
W           https://www.wireguard.com/install         G                                                                                                                             
W                                                     G                                                                                                                             
WARNING WARNING WARNING WARNING WARNING WARNING WARNING                                                                                                                             
INFO: (wg0) 2021/01/15 20:23:42 Starting wireguard-go version 0.0.20200320                                                                                                          
INFO: (wg0) 2021/01/15 20:23:42 Starting wireguard-go version 0.0.20200320                                                                                                          
INFO: (wg0) 2021/01/15 20:23:42 Interface set up                                                                                                                                    
[#] wg setconf wg0 /dev/fd/63                                                                                                                                                       
INFO: (wg0) 2021/01/15 20:23:42 Device started                                                                                                                                      
INFO: (wg0) 2021/01/15 20:23:42 UAPI listener started                                                                                                                               
[#] ip -4 address add 192.168.200.4 dev wg0                                                                                                                                         
[#] ip link set mtu 1420 up dev wg0                                                                                                                                                 
[#] resolvconf -a wg0 -m 0 -x                                                                                                                                                       
[#] wg set wg0 fwmark 51820                                                                                                                                                         
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820                                                                                                                                   
[#] ip -4 rule add not fwmark 51820 table 51820                                                                                                                                     
[#] ip -4 rule add table main suppress_prefixlength 0                                                                                                                               
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1                                                                                                                                    
[#] iptables-restore -n                                                                                                                                                             
iptables-restore v1.8.4 (legacy): iptables-restore: unable to initialize table 'raw'                                                                                                
                                                                                                                                                                                    
Error occurred at line: 1                                                                                                                                                           
Try `iptables-restore -h' or 'iptables-restore --help' for more information.                                                                                                        
[#] resolvconf -d wg0 -f                                                                                                                                                            
[#] ip -4 rule delete table 51820                                                                                                                                                   
[#] ip -4 rule delete table main suppress_prefixlength 0                                                                                                                            
[#] ip link delete dev wg0                                                                                                                                                          
INFO: (wg0) 2021/01/15 20:23:43 Interface set down                                                                                                                                  
ERROR: (wg0) 2021/01/15 20:23:43 Failed to read packet from TUN device: read : file descriptor in bad state                                                                         
INFO: (wg0) 2021/01/15 20:23:43 Device closing                                                                                                                                      
INFO: (wg0) 2021/01/15 20:23:43 Shutting down  
Lice2
New here
Posts: 7
Joined: Fri Jan 15, 2021 5:39 am

Re: Howto get Wireguarding running via Docker - A description of a successful try

Post by Lice2 »

I've tried both now.
ports:
- 53153: 51820 / udp
and
ports:
- 51820: 53153 / udp
but he always takes the 51820 as a port.
Post Reply

Return to “Miscellaneous”