WireGuard - Unable to import tunnel: Unknown section in Config

derebo · 11 March 2021 19:03

Hi,

I’m getting the following message when trying to read the QR code with the official WireGuard Android app:

Unable to import tunnel: Unknown section in config

This is a brand new DietPi install:

DietPi v7.0.2
Device model : RPi 3 Model B+ (armv7l)

I have installed noip (so it’s taking wlan0) and then wireguard.

This is the client wg0-cllient.conf file:

root@DietPi:~# grep -v '^#' /etc/wireguard/wg0-client.conf 
[Interface]
Address = 10.9.0.2/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxx=

DNS = 8.8.8.8


[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyy=
AllowedIPs = 192.168.1.10/32

Endpoint = my.server.org:51820

root@DietPi:~#

I’m using AllowedIPs = 192.168.1.10/32 as I intend WireGuard to VPN only incoming connections from the Internet (me, accessing Raspberry Pi).

This is the WireGard conf wg0.conf file:

root@DietPi:~# cat /etc/wireguard/wg0.conf 
[Interface]
Address = 10.9.0.1/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxx=
ListenPort = 51820

PreUp = /boot/dietpi/func/obtain_network_details
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE

# Client 1
[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyy=
AllowedIPs = 10.9.0.2/32

# Client 2
#[Peer]
#PublicKey = XXXX
#AllowedIPs = 10.9.0.3/32
root@DietPi:~#

I have googled and have not been able to find a solution to this situation so any piece of advice is welcome. And if you should need additional details, please, just let me know.

Thank you!

MichaIng · 11 March 2021 20:09

Many thanks for your report.

Strange, the configs look all correct, also I cannot find any hint for a changed syntax. I think there is a beta/dev version of the Android app available via F-Droid and Play Store open beta, probably this can be tested. Otherwise could you try to manually copy the file from the server to the client, skipping the QR code?

derebo · 11 March 2021 20:31

MichaIng Thank you for your feedback. Appreciated. I have imported wg0-client.conf instead of scanning the QR code and it works as expected. I have tried both with the official app from the Android Play Store and later the official app from F-Droid. Success in both tests. So I think the issue may be with the generated QR code? In any case, your approach is so helpful an successful. Issue solved!

PS. I don’t know how to set the green tick at the end of the Subject so that it can help others.

Joulinar · 11 March 2021 20:35

done, set to solved