Wireguard setup broken

maurer · December 9, 2020, 7:58am

First of all I need to mention I'm running a 19.07.4 fork maintained by Turris called Turris OS on Omnia HW.
I tried to open a ticket to their support but they referred me back to this forum (see here)
ok here goes the problem...
Since the upgrade to 19.07.4 fork wireguard fails to start
configured wireguard as https://doc.turris.cz/doc/en/public/wireguard
Omnia rebooted - still..

root@turris:~# ifconfig wg0
ifconfig: wg0: error fetching interface information: Device not found

some debug:

root@turris:~# lsmod | grep wireg
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             16384  1 wireguard
wireguard             126976  0

root@turris:~# cat /etc/config/network
...
config interface 'wg0'
        option proto 'wireguard'
        option private_key '###--priv.key.here---###'
        option listen_port '1234'
        list addresses '10.0.10.1'
        option ifname 'wg0'

config wireguard_wg0
        option public_key '###--pub.key.here---###'
        option preshared_key '###--pshrd.key.here---###'
        option route_allowed_ips '1'
        list allowed_ips '0.0.0.0/0'
        option persistent_keepalive '25'
        option description 'client1'
....
root@turris:~# cat /etc/config/firewall
...
config rule
        option target 'ACCEPT'
        option proto 'udp'
        option dest_port '1234'
        option name 'Allow-Wireguard-Inbound'
        option src 'wan'
config zone
        option name 'wg'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option masq '1'
        option network 'wg0'

config forwarding
        option src 'wg'
        option dest 'wan'

config forwarding
        option src 'wg'
        option dest 'lan'

config forwarding
        option src 'lan'
        option dest 'wg'

config forwarding
        option src 'wan'
        option dest 'wg'
...
root@turris:~# cat /etc/turris-version
5.1.4

some more info
after issuing

root@turris:~# ip link add dev wg0 type wireguard

logread outputs

Dec  8 13:39:52 turris netifd: Interface 'wg0' is enabled
Dec  8 13:39:52 turris netifd: Network device 'wg0' link is up
Dec  8 13:39:52 turris netifd: Interface 'wg0' has link connectivity
Dec  8 13:39:52 turris netifd: Interface 'wg0' is setting up now
Dec  8 13:39:52 turris netifd: Network device 'wg0' link is down
Dec  8 13:39:52 turris netifd: Interface 'wg0' has link connectivity loss
Dec  8 13:39:52 turris netifd: Interface 'wg0' is now down
Dec  8 13:39:52 turris netifd: Interface 'wg0' is disabled

what else is missing ?

vgaetera · December 9, 2020, 8:07am

Fix this:

uci -q delete network.wg0.ifname
uci commit network
/etc/init.d/network restart

Then reboot and check the output:

logread -e wg0; pgrep -f -a wg; wg show; wg showconf wg0

trendy · December 9, 2020, 8:15am

What is the mask?

Moreover, it looks that this wg interface is a client to some vpn provider, judging from the route-all-internet.
Therefore you don't need the option listen_port '1234' , the following

and for the wg zone you should enable mss clamping and change INPUT and FORWARD to REJECT.

maurer · December 9, 2020, 8:46am

thanks !
that fixed it !

system · December 19, 2020, 8:46am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.