Just did the update to 7.9.3 and it looks like it’s killed Wireguard for me (set up via PiVPN if I remember correctly).
systemctl restart wg-quick@wg0 fails with an error code.
systemctl status wg-quick@wg0 - https://pastebin.com/fR4sEWdR
journalctl -xe - https://pastebin.com/ajJup0hC
It seems to be choking on a couple of files/folders not found, at least according to what I see in the status?
Any idea on how to get it up and running again, ideally without having to rebuild the whole lot and distribute new keys to all my devices.
Can you share wireguard configuration file pls. Don’t forget to remove personal data like keys.
wg0.conf is below (suitably redacted). I’m presuming something has changed in the PostUp requirements or settings?
This was working before…
Edited to add - checked /run/dietpi and it is empty except for .dietpi_motd ? There is no .network in there.
[Interface]
Address = 10.9.0.1/24
PrivateKey = <private key>
ListenPort = <port>
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(sed -n 3p /run/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
# Firestick
[Peer]
PublicKey = <public key>
AllowedIPs = 10.9.0.3/32
# Tablet
[Peer]
PublicKey = <public key>
AllowedIPs = 10.9.0.4/32
# iPhone
[Peer]
PublicKey = <public key>
AllowedIPs = 10.9.0.5/32
# iPod
[Peer]
PublicKey = <public key>
AllowedIPs = 10.9.0.6/32
# MotoG
[Peer]
PublicKey = <public key>
AllowedIPs = 10.9.0.7/32
The whole PostUp / PostDown section needs to be replaced as follow
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
PostUp = sysctl net.ipv6.conf.$(ip r l 0/0 | mawk '{print $5;exit}').accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
Thanks, that’s done the trick.
Any idea what’s changed to make that required? Just for background info…
We changed the way how network interfaces are detected and removed /run/dietpi/.network.
But this already happened on the version before. Usually the update should have migrated the configuration.
OK thanks. Looks like mine missed it somehow.
Anyway the manual modification has fixed it, and wg is running again so all is good. And there’s now a fix here as well for anyone else whose wg0.comf update may have not happened.
For completeness for anyone else who may need to make the change manually as well, the file is in /etc/wireguard.