Wireguard interface failed to setup 'Protocol not supported'

ciacc · November 25, 2020, 4:36pm

Hi guys,

I'm using a docker image of 19.07.4 openwrt. I try to setup a wireguard server and it was not working. I think I installed all the packages needed.

the system log shows that 'Protocol not supported'

daemon.notice netifd: Interface 'vpn' is now down
daemon.notice netifd: Interface 'vpn' is setting up now
daemon.notice netifd: vpn (17893): Error: Unknown device type.
daemon.notice netifd: vpn (17893): Unable to modify interface: Protocol not supported

I doubt kernel module seems to be broken so the interface wgvpn keeps uninitialised.

lsmod | grep wireguard gives nothing

for kernal version:

# uname -r 
5.9.9-arch1-1

for install packages

# opkg list-install | grep wireguard
kmod-wireguard - 4.14.195+1.0.20200611-1
luci-app-wireguard - git-20.325.64304-92c01e2-1
luci-proto-wireguard - git-20.325.64304-92c01e2-1
wireguard - 1.0.20200611-1
wireguard-tools - 1.0.20191226-1

can you guys give me some hints on what might be the reason? Is it because of the docker virtualization?

vgaetera · November 25, 2020, 4:42pm

Use KVM/QEMU, VirtualBox, or some other full virtualization method:
https://openwrt.org/docs/guide-user/virtualization/start

ciacc · November 25, 2020, 4:48pm

so it is a virtualization problem then?

vgaetera · November 25, 2020, 4:50pm

It looks like that.

mikma · November 25, 2020, 6:13pm

You should load the wireguard module on the docker host.

ciacc · November 26, 2020, 12:51pm

I'm not sure if i get it correctly. Do you mean I should install wireguard modules in my host mahine, so that in the docker lsmod | grep wireguard can show up some results? or you seggest I just runing the whole wireguard in my host machine without openwrt docker?

For the first method, I did have the wireguard modules installed in my host, wireguard is already in the kernel 5.9.9 and wireguard-tools is also installed. and the lsmod | grep wireguard in the docker still shows nothing.

For the second method, well I really like to run a wireguard server on the openwrt docker, the openwrt docker is acting as a secondary router (with only 1 lan port) to handle all my vpn and proxy links.

mikma · November 26, 2020, 12:59pm

Do you mean that lsmod | grep wireguard shows anything on the host? Otherwise load the module with modprobe wireguard on the host.
The host and container run on the same kernel. And you need to load the module on the host since the module available in openwrt can only be loaded when running the openwrt kernel.

ciacc · November 30, 2020, 12:10am

Thank you! You solved my problem. I just need to add a wireguard interface in the host.
ip link add dev wg0 type wireguard
then docker can use the wg0 interface.

mikma · November 30, 2020, 12:23am

Yes, that's a way to make sure the wireguard module is loaded, but containers have their own interfaces, that interface isn't used by the container.

system · December 10, 2020, 12:23am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.