Wireguard interface failed to setup 'Protocol not supported'

Hi guys,

I'm using a docker image of 19.07.4 openwrt. I try to setup a wireguard server and it was not working. I think I installed all the packages needed.

the system log shows that 'Protocol not supported'

daemon.notice netifd: Interface 'vpn' is now down
daemon.notice netifd: Interface 'vpn' is setting up now
daemon.notice netifd: vpn (17893): Error: Unknown device type.
daemon.notice netifd: vpn (17893): Unable to modify interface: Protocol not supported

I doubt kernel module seems to be broken so the interface wgvpn keeps uninitialised.

lsmod | grep wireguard gives nothing

for kernal version:

# uname -r 

for install packages

# opkg list-install | grep wireguard
kmod-wireguard - 4.14.195+1.0.20200611-1
luci-app-wireguard - git-20.325.64304-92c01e2-1
luci-proto-wireguard - git-20.325.64304-92c01e2-1
wireguard - 1.0.20200611-1
wireguard-tools - 1.0.20191226-1

can you guys give me some hints on what might be the reason? Is it because of the docker virtualization?

Use KVM/QEMU, VirtualBox, or some other full virtualization method:

so it is a virtualization problem then?

It looks like that.

You should load the wireguard module on the docker host.

1 Like

I'm not sure if i get it correctly. Do you mean I should install wireguard modules in my host mahine, so that in the docker lsmod | grep wireguard can show up some results? or you seggest I just runing the whole wireguard in my host machine without openwrt docker?

For the first method, I did have the wireguard modules installed in my host, wireguard is already in the kernel 5.9.9 and wireguard-tools is also installed. and the lsmod | grep wireguard in the docker still shows nothing.

For the second method, well I really like to run a wireguard server on the openwrt docker, the openwrt docker is acting as a secondary router (with only 1 lan port) to handle all my vpn and proxy links.

Do you mean that lsmod | grep wireguard shows anything on the host? Otherwise load the module with modprobe wireguard on the host.
The host and container run on the same kernel. And you need to load the module on the host since the module available in openwrt can only be loaded when running the openwrt kernel.


Thank you! You solved my problem. I just need to add a wireguard interface in the host.
ip link add dev wg0 type wireguard
then docker can use the wg0 interface.

Yes, that's a way to make sure the wireguard module is loaded, but containers have their own interfaces, that interface isn't used by the container.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.