WireGuard Update failes

Joulinar

I have installed the latest Wireguard update, unfortunately Wireguard does not start after that. The command dpkg -l wireguard shows version 1.0.20200319-1, although I had already installed version 1.0.20200401. I am currently still at 6.28, if I install 6.30, it will also install the latest version of WireGuard and I have the same error. What can I do?

Regards
Niwre

Hi,

Latest version of Wireguard should be 1.0.20200506-1. Question is what do you installed and how did you do that?

Joulinar

Yes, I installed the last version, which I did with G_AGUP and G_AGUG as always.

ok I’m on v6.28 as well and today I was updating wireguard-dkms from 0.0.20200318-1 to 1.0.20200506-1 without issues. I used apt updated && apt upgrade which is nearly the same as using G_AGUP and G_AGUG. After reboot my wg-quick@wg0.service is running fine and I’m able to connect.

root@DietPi4:~# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/wg-quick@wg0.service.d
           └─dietpi.conf
   Active: active (exited) since Tue 2020-05-19 12:29:36 CEST; 2s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 967 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 967 (code=exited, status=0/SUCCESS)

bzw Wireguard has more than 1 package and you would need to use the * on your command to display all of them. The package that is update is wireguard-dkms and not wireguard

root@DietPi4:~# dpkg -l wireguard*
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name              Version        Architektur  Beschreibung
+++-=================-==============-============-===========================================================
ii  wireguard         1.0.20200319-1 all          fast, modern, secure kernel VPN tunnel (metapackage)
ii  wireguard-dkms    1.0.20200506-1 all          fast, modern, secure kernel VPN tunnel (DKMS version)
un  wireguard-modules <keine>        <keine>      (keine Beschreibung vorhanden)
ii  wireguard-tools   1.0.20200319-1 armhf        fast, modern, secure kernel VPN tunnel (userland utilities)

Joulinar

I tried again with apt update && apt upgrade, after the installation the service is still running. Unfortunately, after a reboot, it no longer works. However, the installation was carried out.

 root@WireGuardPi:~# dpkg -l wireguard*
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name                                       Version                    Architektur                Beschreibung
+++-==========================================-==========================-==========================-==========================================================================================
ii  wireguard                                  1.0.20200319-1             all                        fast, modern, secure kernel VPN tunnel (metapackage)
ii  wireguard-dkms                             1.0.20200506-1             all                        fast, modern, secure kernel VPN tunnel (DKMS version)
un  wireguard-modules                          <keine>                    <keine>                    (keine Beschreibung vorhanden)
ii  wireguard-tools                            1.0.20200319-1             amd64                      fast, modern, secure kernel VPN tunnel (userland utilities)

 wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2020-05-19 12:18:32 BST; 10s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 1170 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
 Main PID: 1170 (code=exited, status=1/FAILURE)

Mai 19 12:18:32 WireGuardPi systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Mai 19 12:18:32 WireGuardPi wg-quick[1170]: [#] ip link add wg0 type wireguard
Mai 19 12:18:32 WireGuardPi wg-quick[1170]: RTNETLINK answers: Operation not supported
Mai 19 12:18:32 WireGuardPi wg-quick[1170]: Unable to access interface: Protocol not supported
Mai 19 12:18:32 WireGuardPi wg-quick[1170]: [#] ip link delete dev wg0
Mai 19 12:18:32 WireGuardPi wg-quick[1170]: Cannot find device "wg0"
Mai 19 12:18:32 WireGuardPi systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Mai 19 12:18:32 WireGuardPi systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Mai 19 12:18:32 WireGuardPi systemd[1]: wg-quick@wg0.service: Unit entered failed state.
Mai 19 12:18:32 WireGuardPi systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.

Something is going wrong.

did you tried restarting the service wg-quick@wg0.service ??

systemctl restart wg-quick@wg0.service

As well pls can you have a look to journalctl

journalctl -u wg-quick@wg0.service

Joulinar

 root@WireGuardPi:~# journalctl -u wg-quick@wg0.service
-- Logs begin at Tue 2020-05-19 15:39:05 BST, end at Tue 2020-05-19 15:39:34 BST. --
Mai 19 15:39:07 WireGuardPi systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Mai 19 15:39:08 WireGuardPi wg-quick[486]: [#] ip link add wg0 type wireguard
Mai 19 15:39:08 WireGuardPi wg-quick[486]: RTNETLINK answers: Operation not supported
Mai 19 15:39:08 WireGuardPi wg-quick[486]: Unable to access interface: Protocol not supported
Mai 19 15:39:08 WireGuardPi wg-quick[486]: [#] ip link delete dev wg0
Mai 19 15:39:08 WireGuardPi wg-quick[486]: Cannot find device "wg0"
Mai 19 15:39:08 WireGuardPi systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Mai 19 15:39:08 WireGuardPi systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Mai 19 15:39:08 WireGuardPi systemd[1]: wg-quick@wg0.service: Unit entered failed state.
Mai 19 15:39:08 WireGuardPi systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
root@WireGuardPi:~#

Joulinar

 root@WireGuardPi:~# systemctl restart wg-quick@wg0.service
Job for wg-quick@wg0.service failed because the control process exited with error code.
See "systemctl status wg-quick@wg0.service" and "journalctl -xe" for details.

hmm looks like the kernel module is not loaded correctly. Can you try following

sudo dpkg-reconfigure wireguard-dkms

Joulinar

 root@WireGuardPi:~# dpkg-reconfigure wireguard-dkms

------------------------------
Deleting module version: 1.0.20200506
completely from the DKMS tree.
------------------------------
Done.
Loading new wireguard-1.0.20200506 DKMS files...
Building for 4.9.0-9-amd64
Building initial module for 4.9.0-9-amd64
Error! Bad return status for module build on kernel: 4.9.0-9-amd64 (x86_64)
Consult /var/lib/dkms/wireguard/1.0.20200506/build/make.log for more information.

and did you checked the log file??

Consult /var/lib/dkms/wireguard/1.0.20200506/build/make.log for more information.

Joulinar

Here is the content from the log file

DKMS make.log for wireguard-1.0.20200506 for kernel 4.9.0-9-amd64 (x86_64)
Di 19. Mai 19:45:22 BST 2020
make: Verzeichnis „/usr/src/linux-headers-4.9.0-9-amd64“ wird betreten
LD /var/lib/dkms/wireguard/1.0.20200506/build/built-in.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/main.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/noise.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/device.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/peer.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/timers.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/queueing.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/send.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/receive.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/socket.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/peerlookup.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/allowedips.o
CC [M] /var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.o
/var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.c:25:8: error: unknown type name ‘hsiphash_key_t’
static hsiphash_key_t key;
^~~~~~~~~~~~~~
/var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.c: In function ‘wg_ratelimiter_allow’:
/var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.c:109:22: error: implicit declaration of function ‘hsiphash_2u32’ [-Werror=implicit-function-declaration]
bucket = &table_v4[hsiphash_2u32(net_word, ip, &key) &
^~~~~~~~~~~~~
/var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.c:116:22: error: implicit declaration of function ‘hsiphash_3u32’ [-Werror=implicit-function-declaration]
bucket = &table_v6[hsiphash_3u32(net_word, ip >> 32, ip, &key) &
^~~~~~~~~~~~~
cc1: some warnings being treated as errors
/usr/src/linux-headers-4.9.0-9-common/scripts/Makefile.build:309: die Regel für Ziel „/var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.o“ scheiterte
make[3]: *** [/var/lib/dkms/wireguard/1.0.20200506/build/ratelimiter.o] Fehler 1
/usr/src/linux-headers-4.9.0-9-common/Makefile:1544: die Regel für Ziel „module/var/lib/dkms/wireguard/1.0.20200506/build“ scheiterte
make[2]: *** [module/var/lib/dkms/wireguard/1.0.20200506/build] Fehler 2
Makefile:152: die Regel für Ziel „sub-make“ scheiterte
make[1]: *** [sub-make] Fehler 2
Makefile:8: die Regel für Ziel „all“ scheiterte
make: *** [all] Fehler 2
make: Verzeichnis „/usr/src/linux-headers-4.9.0-9-amd64“ wird verlassen

ok found a similar report on the web fitting yours

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935134

it’s not the same version of wireguard but fitting your kernel 4.9.0-9-amd64.

EDIT: your kernel seems not the latest one. On my test system I can see 4.9.0-12-amd64

root@DietPiVM3:~# uname -a
Linux DietPiVM3 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1 (2020-01-20) x86_64 GNU/Linux
root@DietPiVM3:~#

Joulinar

That seems to be the problem, but what can I do now? I don’t really understand the linked post.

 root@WireGuardPi:~# uname -a
Linux WireGuardPi 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u5 (2019-08-11) x86_64 GNU/Linux

I guess you would need to update your kernel. Usually this should happen automatically by running apt update && apt upgrade

I assume you are running debian Stretch. Correct?

Joulinar

Yes, I’m on Debian Stretch. I tried again with apt update && apt upgrade, unfortunately the kernel is not updated.

are you running a VM or physical box? Just as interest because I see x86?

What else you are running on your system? Anything in addition?

Joulinar

I use a VM on an ESXi 6.0, the VM is only used for WireGuard.

ok in this case, I would recommend to create a new VM on Buster as Stretch is the old Debian version. It will be much faster and shorter instead of figuring out what happen and why the kernel did not update. Next to this Buster is more future proof than continue running Stretch.

You just would need to safe your configs on /etc/wireguard. Once you finished setup and installation on the new Buster systems, simply copy back the files and restart wireguard. I did the same in the past and it was working quite well.

Joulinar

Is there a finished image for Debian Buster as a VM that I can use as a basis for it?