WireGuard - Unable to import tunnel: Unknown section in Config Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
Post Reply
derebo
Posts: 5
Joined: Thu Dec 28, 2017 11:49 pm

WireGuard - Unable to import tunnel: Unknown section in Config

Post by derebo »

Hi,

I'm getting the following message when trying to read the QR code with the official WireGuard Android app:

Code: Select all

Unable to import tunnel: Unknown section in config
This is a brand new DietPi install:

DietPi v7.0.2
Device model : RPi 3 Model B+ (armv7l)

I have installed noip (so it's taking wlan0) and then wireguard.

This is the client wg0-cllient.conf file:

Code: Select all

root@DietPi:~# grep -v '^#' /etc/wireguard/wg0-client.conf 
[Interface]
Address = 10.9.0.2/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxx=

DNS = 8.8.8.8


[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyy=
AllowedIPs = 192.168.1.10/32

Endpoint = my.server.org:51820

root@DietPi:~# 
I'm using AllowedIPs = 192.168.1.10/32 as I intend WireGuard to VPN only incoming connections from the Internet (me, accessing Raspberry Pi).

This is the WireGard conf wg0.conf file:

Code: Select all

root@DietPi:~# cat /etc/wireguard/wg0.conf 
[Interface]
Address = 10.9.0.1/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxx=
ListenPort = 51820

PreUp = /boot/dietpi/func/obtain_network_details
PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(mawk 'NR==3' /run/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(mawk 'NR==3' /run/dietpi/.network) -j MASQUERADE

# Client 1
[Peer]
PublicKey = yyyyyyyyyyyyyyyyyyyyy=
AllowedIPs = 10.9.0.2/32

# Client 2
#[Peer]
#PublicKey = XXXX
#AllowedIPs = 10.9.0.3/32
root@DietPi:~#
I have googled and have not been able to find a solution to this situation so any piece of advice is welcome. And if you should need additional details, please, just let me know.

Thank you!
User avatar
MichaIng
Site Admin
Posts: 2780
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard - Unable to import tunnel: Unknown section in Config

Post by MichaIng »

Many thanks for your report.

Strange, the configs look all correct, also I cannot find any hint for a changed syntax. I think there is a beta/dev version of the Android app available via F-Droid and Play Store open beta, probably this can be tested. Otherwise could you try to manually copy the file from the server to the client, skipping the QR code?
derebo
Posts: 5
Joined: Thu Dec 28, 2017 11:49 pm

Re: WireGuard - Unable to import tunnel: Unknown section in Config

Post by derebo »

@MichaIng Thank you for your feedback. Appreciated. I have imported wg0-client.conf instead of scanning the QR code and it works as expected. I have tried both with the official app from the Android Play Store and later the official app from F-Droid. Success in both tests. So I think the issue may be with the generated QR code? In any case, your approach is so helpful an successful. Issue solved! :D

PS. I don't know how to set the green tick at the end of the Subject so that it can help others.
User avatar
Joulinar
Posts: 4203
Joined: Sat Nov 16, 2019 12:49 am

Re: WireGuard - Unable to import tunnel: Unknown section in Config

Post by Joulinar »

done, set to solved :D
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply