wireguard issue after upgrade Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
jollyrogr
Posts: 13
Joined: Mon Jul 13, 2020 7:52 pm

wireguard issue after upgrade

Post by jollyrogr »

upgraded to dietpi from v7.6.2 to v7.7.3 and wireguard service can no longer run:

Code: Select all

root@vpn01:~# systemctl status wg-quick@wg0.service 
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2021-10-26 22:21:56 CDT; 8min ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 1204 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=255/EXCEPTION)
 Main PID: 1204 (code=exited, status=255/EXCEPTION)

Oct 26 22:21:56 vpn01 wg-quick[1204]: [#] ip link set mtu 1420 up dev wg0
Oct 26 22:21:56 vpn01 wg-quick[1204]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(sed -n 3p /run/dietpi/.networ
k).forwarding=1
Oct 26 22:21:56 vpn01 wg-quick[1204]: sed: can't read /run/dietpi/.network: No such file or directory
Oct 26 22:21:56 vpn01 wg-quick[1204]: net.ipv4.conf.wg0.forwarding = 1
Oct 26 22:21:56 vpn01 wg-quick[1204]: sysctl: separators should not be repeated: ..forwarding
Oct 26 22:21:56 vpn01 wg-quick[1204]: sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory
Oct 26 22:21:56 vpn01 wg-quick[1204]: [#] ip link delete dev wg0
Oct 26 22:21:56 vpn01 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/
EXCEPTION
Oct 26 22:21:56 vpn01 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Oct 26 22:21:56 vpn01 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: wireguard issue after upgrade

Post by Joulinar »

Hi

You are missing directory /run/dietpi/. Usually it should be created during boot process as it is used by a couple of scripts. can you check related service

Code: Select all

journalctl -u systemd-tmpfiles-setup
systemctl status systemd-tmpfiles-setup
[/quote]
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jollyrogr
Posts: 13
Joined: Mon Jul 13, 2020 7:52 pm

Re: wireguard issue after upgrade

Post by jollyrogr »

Code: Select all

root@vpn01:~# journalctl -u systemd-tmpfiles-setup
-- Logs begin at Wed 2021-10-27 22:22:35 CDT, end at Wed 2021-10-27 22:23:14 CDT. --
Oct 27 22:22:35 vpn01 systemd[1]: Starting Create Volatile Files and Directories...
Oct 27 22:22:35 vpn01 systemd[1]: Started Create Volatile Files and Directories.

root@vpn01:~# systemctl status systemd-tmpfiles-setup
● systemd-tmpfiles-setup.service - Create Volatile Files and Directories
   Loaded: loaded (/lib/systemd/system/systemd-tmpfiles-setup.service; static; vendor preset: enabled)
   Active: active (exited) since Wed 2021-10-27 22:22:35 CDT; 2min 6s ago
     Docs: man:tmpfiles.d(5)
           man:systemd-tmpfiles(8)
  Process: 390 ExecStart=/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=0/SUCCESS)
 Main PID: 390 (code=exited, status=0/SUCCESS)

Oct 27 22:22:35 vpn01 systemd[1]: Starting Create Volatile Files and Directories...
Oct 27 22:22:35 vpn01 systemd[1]: Started Create Volatile Files and Directories.
I do have /run/dietpi/
but there is no .network file in it.

Code: Select all

root@vpn01:~# ls -la /run/dietpi/
total 4
drwxrwxrwx  2 root root  60 Oct 27 22:22 .
drwxr-xr-x 16 root root 500 Oct 27 22:22 ..
-rw-r--r--  1 root root 450 Oct 27 22:22 .dietpi_motd
User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: wireguard issue after upgrade

Post by Joulinar »

Yes there was a resend change on how network information are collected. But the update should have adjusted the server configuration file wg0.conf accordingly.

Could you share the file. Pls remove all client peer configuration and the private keys.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jollyrogr
Posts: 13
Joined: Mon Jul 13, 2020 7:52 pm

Re: wireguard issue after upgrade

Post by jollyrogr »

Thanks for your help. Here's wg0.conf

Code: Select all

root@vpn01:/etc/wireguard# cat wg0.conf 
[Interface]
Address = x.x.x.x/24
PrivateKey = 
ListenPort = xxxxx


PostUp = sysctl net.ipv4.conf.%i.forwarding=1 net.ipv4.conf.$(sed -n 3p /run/dietpi/.network).forwarding=1
PostUp = sysctl net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).accept_ra=2
PostUp = sysctl net.ipv6.conf.%i.forwarding=1 net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).forwarding=1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $(sed -n 3p /run/dietpi/.network) -j MASQUERADE

# Client 1
[Peer]
PublicKey = 
AllowedIPs = x.x.x.x/32

# Client 2
[Peer]
PublicKey = 
AllowedIPs = x.x.x.x/32

root@vpn01:/etc/wireguard# 

User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: wireguard issue after upgrade

Post by Joulinar »

ok you are running the old configuration file. Not sure why this has not been adjusted during the update to 7.7.

pls try following

Code: Select all

cp -p /etc/wireguard/wg0.conf /etc/wireguard/wg0.save
sed -i '\|/boot/dietpi/func/obtain_network_details|d' /etc/wireguard/wg0.conf
sed -Ei "s#mawk .NR==3. /(run|boot|DietPi)/dietpi/.network#ip r l 0/0 | mawk '{print \$5;exit}'#g" /etc/wireguard/wg0.conf
systemctl restart wg-quick@wg0.service 
systemctl status wg-quick@wg0.service 
as well could you share your update log file

Code: Select all

cat /var/tmp/dietpi/logs/dietpi-update.log
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jollyrogr
Posts: 13
Joined: Mon Jul 13, 2020 7:52 pm

Re: wireguard issue after upgrade

Post by jollyrogr »

The sed commands didn't work for some reason. Nothing changed in wg0.conf. Anyway I went ahead and configured a new VM using a fresh bullseye 7.7 image and wireguard works on that. Here's the update log.

Code: Select all

root@vpn01:/# cat /var/tmp/dietpi/logs/dietpi-update.log 

 DietPi-Update
─────────────────────────────────────────────────────
 Phase: Applying pre-patches

[  OK  ] DietPi-Update | Downloading pre-patches
[  OK  ] DietPi-Update | Applying execute permission
[ INFO ] DietPi-Pre-patches | Connecting to Mosquitto and Webmin repositories via plain HTTP once until latest OpenSSL has been installed: https://github.com/MichaIng/DietPi/issues/4795
[  OK  ] DietPi-Pre-patches | sed -Ei s#https://(repo.mosquitto.org|download.webmin.com)#http://\1# /etc/apt/sources.list
[  OK  ] DietPi-Update | Successfully applied pre-patches

 DietPi-Update
─────────────────────────────────────────────────────
 Phase: Upgrading APT packages

[ INFO ] DietPi-Update | APT update, please wait...
Hit:1 https://deb.debian.org/debian buster InRelease
Get:2 https://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:3 https://deb.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:4 https://deb.debian.org/debian buster-backports InRelease [46.7 kB]
Hit:5 https://deb.debian.org/debian bullseye InRelease
Get:6 https://deb.debian.org/debian buster-updates/main amd64 Packages.diff/Index [9100 B]
Get:7 https://deb.debian.org/debian buster-updates/main i386 Packages.diff/Index [9100 B]
Get:8 https://deb.debian.org/debian buster-updates/main amd64 Packages 2021-10-26-2004.40.pdiff [283 B]
Get:8 https://deb.debian.org/debian buster-updates/main amd64 Packages 2021-10-26-2004.40.pdiff [283 B]
Get:9 https://deb.debian.org/debian buster-updates/main i386 Packages 2021-10-26-2004.40.pdiff [283 B]
Get:9 https://deb.debian.org/debian buster-updates/main i386 Packages 2021-10-26-2004.40.pdiff [283 B]
Get:10 https://deb.debian.org/debian buster-backports/main amd64 Packages.diff/Index [27.8 kB]
Get:11 https://deb.debian.org/debian buster-backports/contrib i386 Packages.diff/Index [27.8 kB]
Get:12 https://deb.debian.org/debian buster-backports/main i386 Packages.diff/Index [27.8 kB]
Get:13 https://deb.debian.org/debian buster-backports/contrib amd64 Packages.diff/Index [27.8 kB]
Get:14 https://deb.debian.org/debian buster-backports/main amd64 Packages 2021-10-20-0801.54.pdiff [2244 B]
Get:15 https://deb.debian.org/debian buster-backports/main amd64 Packages 2021-10-20-1403.22.pdiff [6166 B]
Get:16 https://deb.debian.org/debian buster-backports/main amd64 Packages 2021-10-20-2007.27.pdiff [17.5 kB]
Get:17 https://deb.debian.org/debian buster-backports/main amd64 Packages 2021-10-27-1402.26.pdiff [74 B]
Get:18 https://deb.debian.org/debian buster-backports/main amd64 Packages 2021-10-28-2002.47.pdiff [1864 B]
Get:18 https://deb.debian.org/debian buster-backports/main amd64 Packages 2021-10-28-2002.47.pdiff [1864 B]
Get:19 https://deb.debian.org/debian buster-backports/contrib i386 Packages 2021-10-20-1403.22.pdiff [179 B]
Get:19 https://deb.debian.org/debian buster-backports/contrib i386 Packages 2021-10-20-1403.22.pdiff [179 B]
Get:20 https://deb.debian.org/debian buster-backports/main i386 Packages 2021-10-20-1403.22.pdiff [8622 B]
Get:21 https://deb.debian.org/debian buster-backports/main i386 Packages 2021-10-20-2007.27.pdiff [23.8 kB]
Get:22 https://deb.debian.org/debian buster-backports/main i386 Packages 2021-10-27-1402.26.pdiff [76 B]
Get:22 https://deb.debian.org/debian buster-backports/main i386 Packages 2021-10-27-1402.26.pdiff [76 B]
Get:23 https://deb.debian.org/debian buster-backports/contrib amd64 Packages 2021-10-20-1403.22.pdiff [181 B]
Get:23 https://deb.debian.org/debian buster-backports/contrib amd64 Packages 2021-10-20-1403.22.pdiff [181 B]
Get:24 https://deb.debian.org/debian-security buster/updates/main amd64 Packages [308 kB]
Get:25 https://deb.debian.org/debian-security buster/updates/main i386 Packages [308 kB]
Fetched 971 kB in 3s (383 kB/s)
Reading package lists...
[  OK  ] DietPi-Update | APT update
[ INFO ] DietPi-Update | APT upgrade, please wait...
Preconfiguring packages ...
(Reading database ... 65859 files and directories currently installed.)
Preparing to unpack .../tzdata_2021a-0+deb10u3_all.deb ...
Unpacking tzdata (2021a-0+deb10u3) over (2021a-0+deb10u2) ...
Preparing to unpack .../libisc-export1100_1%3a9.11.5.P4+dfsg-5.1+deb10u6_amd64.deb ...
Unpacking libisc-export1100:amd64 (1:9.11.5.P4+dfsg-5.1+deb10u6) over (1:9.11.5.P4+dfsg-5.1+deb10u5) ...
Preparing to unpack .../libdns-export1104_1%3a9.11.5.P4+dfsg-5.1+deb10u6_amd64.deb ...
Unpacking libdns-export1104 (1:9.11.5.P4+dfsg-5.1+deb10u6) over (1:9.11.5.P4+dfsg-5.1+deb10u5) ...
Setting up tzdata (2021a-0+deb10u3) ...

Current default time zone: 'America/Chicago'
Local time is now:      Sat Oct 30 10:44:23 CDT 2021.
Universal Time is now:  Sat Oct 30 15:44:23 UTC 2021.
Run 'dpkg-reconfigure tzdata' if you wish to change it.

Setting up libisc-export1100:amd64 (1:9.11.5.P4+dfsg-5.1+deb10u6) ...
Setting up libdns-export1104 (1:9.11.5.P4+dfsg-5.1+deb10u6) ...
Processing triggers for libc-bin (2.28-10) ...
[  OK  ] DietPi-Update | APT upgrade

 DietPi-Update
─────────────────────────────────────────────────────
 Phase: Installing new DietPi code

[  OK  ] DietPi-Update | Downloading update archive
[  OK  ] DietPi-Update | Unpacking update archive
[  OK  ] DietPi-Update | Installing new DietPi scripts
[  OK  ] DietPi-Update | Installing new DietPi system files
[  OK  ] DietPi-Update | Setting execute permissions for DietPi scripts
[ SUB1 ] DietPi-Set_software > verify_dietpi.txt
[  OK  ] DietPi-Set_software | Downloading current dietpi.txt
[  OK  ] DietPi-Set_software | Added setting AUTO_SETUP_BOOT_WAIT_FOR_NETWORK=1 to end of file /boot/dietpi.txt
[  OK  ] verify_dietpi.txt  | Completed

 DietPi-Update
─────────────────────────────────────────────────────
 Phase: Applying incremental patches

[ INFO ] DietPi-Update | Current version : v7.6.2
[ INFO ] DietPi-Update | Latest version  : v7.7.3
[ INFO ] DietPi-Patch | Patching to DietPi v7.7...
[ INFO ] DietPi-Patch | Reverting Mosquitto and Webmin repositories back to HTTPS
[  OK  ] DietPi-Patch | sed -Ei s#http://(repo.mosquitto.org|download.webmin.com)#https://\1# /etc/apt/sources.list
[  OK  ] DietPi-Patch | sed -i /^[[:blank:]]*aSOFTWARE_INSTALL_STATE\[142\]=/d /boot/dietpi/.installed
[ INFO ] DietPi-Patch | Updating WireGuard wg0 configuration
[  OK  ] DietPi-Patch | sed -i \|/boot/dietpi/func/obtain_network_details|d /etc/wireguard/wg0.conf
[  OK  ] DietPi-Patch | sed -Ei s#mawk .NR==3. /(run|boot|DietPi)/dietpi/.network#ip r l 0/0 | mawk '{print $5;exit}'#g /etc/wireguard/wg0.conf
[  OK  ] DietPi-Patch | systemctl disable dietpi-boot
[  OK  ] DietPi-Patch | rm /boot/dietpi-CHANGELOG.txt
[  OK  ] DietPi-Patch | rm /boot/dietpi/func/obtain_network_details
[  OK  ] DietPi-Patch | rm /boot/dietpi/boot
[  OK  ] DietPi-Patch | rm /etc/systemd/system/dietpi-boot.service
[ SUB2 ] DietPi-Set_software > boot_wait_for_network (1)
[  OK  ] DietPi-Set_software | mkdir -p /etc/systemd/system/dietpi-postboot.service.d
[  OK  ] DietPi-Set_software | Desired setting in /boot/dietpi.txt was already set: AUTO_SETUP_BOOT_WAIT_FOR_NETWORK=1
[  OK  ] boot_wait_for_network 1 | Completed
[  OK  ] DietPi-Patch | sed -i /^[[:blank:]]*CONFIG_BOOT_WAIT_FOR_NETWORK=/d /boot/dietpi.txt
[  OK  ] DietPi-Patch | systemctl enable systemd-timesyncd
[  OK  ] DietPi-Patch | Patched to DietPi v7.7
[ INFO ] DietPi-Update | APT autopurge, please wait...
(Reading database ... 65859 files and directories currently installed.)
Removing linux-headers-4.19.0-17-amd64 (4.19.194-3) ...
Removing linux-headers-4.19.0-17-common (4.19.194-3) ...
Removing linux-image-4.19.0-17-amd64 (4.19.194-3) ...
/etc/kernel/prerm.d/dkms:
dkms: removing: wireguard 1.0.20210219 (4.19.0-17-amd64) (x86_64)

-------- Uninstall Beginning --------
Module:  wireguard
Version: 1.0.20210219
Kernel:  4.19.0-17-amd64 (x86_64)
-------------------------------------

Status: Before uninstall, this module version was ACTIVE on this kernel.

wireguard.ko:
 - Uninstallation
   - Deleting from: /lib/modules/4.19.0-17-amd64/kernel/net/
rmdir: failed to remove 'kernel/net': Directory not empty
 - Original module
   - No original module was found for this module on this kernel.
   - Use the dkms install command to reinstall any previous module version.

depmod....

DKMS: uninstall completed.
I: /vmlinuz.old is now a symlink to boot/vmlinuz-4.19.0-14-amd64
I: /initrd.img.old is now a symlink to boot/initrd.img-4.19.0-14-amd64
/etc/kernel/postrm.d/initramfs-tools:
update-initramfs: Deleting /boot/initrd.img-4.19.0-17-amd64
/etc/kernel/postrm.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.19.0-18-amd64
Found initrd image: /boot/initrd.img-4.19.0-18-amd64
Found linux image: /boot/vmlinuz-4.19.0-14-amd64
Found initrd image: /boot/initrd.img-4.19.0-14-amd64
done
(Reading database ... 44167 files and directories currently installed.)
Purging configuration files for linux-image-4.19.0-17-amd64 (4.19.194-3) ...
[  OK  ] DietPi-Update | APT autopurge
[  OK  ] DietPi-Update | Incremental patching to v7.7.3 completed
[ INFO ] DietPi-Update | Checking for available live patches
[ INFO ] DietPi-Update | Found valid live patch 0:
 - Description: Deluge services fail on fresh installs
 - Condition: grep -q " \\$salt," /boot/dietpi/dietpi-software
 - Patch: sed -Ei -e "/max_active_limit/s/1\)',\"/1\),\"/" -e "/pwd_salt/s/ \\$salt,/ \\\"\\$salt\\\",/" -e "/pwd_sha1/s/ \\$\(echo (.*)\),/ \\\"\\$\(echo \1\)\\\",/" /boot/dietpi/dietpi-software
[ INFO ] DietPi-Update | Live patch 0 is applicable on your system
[  OK  ] DietPi-Update | Added setting G_LIVE_PATCH_STATUS[0]='not applied' to end of file /boot/dietpi/.version
[ INFO ] DietPi-Update | Applying live patch 0
[  OK  ] DietPi-Update | Setting in /boot/dietpi/.version adjusted: G_LIVE_PATCH_STATUS[0]='applied'

User avatar
Joulinar
Posts: 6441
Joined: Sat Nov 16, 2019 12:49 am

Re: wireguard issue after upgrade

Post by Joulinar »

ok the update log contains the wg0.conf update. But I guess I know where this is comming from

This is the part our script is expecting

Code: Select all

(mawk 'NR==3' /run/dietpi/.network).forwarding=1
But you have

Code: Select all

(sed -n 3p /run/dietpi/.network).forwarding=1
something different the we expect. Probably you are running an older version of the config file. Therefore in your case sed command would need to be following

Code: Select all

sed -Ei "s#sed -n 3p /(run|boot|DietPi)/dietpi/.network#ip r l 0/0 | mawk '{print \$5;exit}'#g" /etc/wireguard/wg0.conf
@MichaIng
FYI
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
jollyrogr
Posts: 13
Joined: Mon Jul 13, 2020 7:52 pm

Re: wireguard issue after upgrade

Post by jollyrogr »

That sed command worked and now wireguard does too :)
Thank you.
przemko
Posts: 252
Joined: Sun Mar 15, 2020 5:40 pm

Re: wireguard issue after upgrade

Post by przemko »

Hello @Joulinar I have also problem with wireguard after upgrade to 7.7. I cannot connect to internet when use wireguard. Everything looks OK but in dietpi-config connecting status i failture. I have that issue yesterday and I have to reinstall wireguard. After that it works. Today after reboot it don't work again.

Code: Select all

dietpi@DietPi:~$ sudo wg
interface: Dietpi
  public key: xxxxxxxxxxxxxxxxxxxxxxxxxxx
  private key: (hidden)
  listening port: 60237
  fwmark: 0xca6c

peer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
  preshared key: (hidden)
  endpoint: xxxxxxxxxxxxxxxxxx
  allowed ips: 0.0.0.0/0, ::/0
  transfer: 0 B received, 86.14 KiB sent

Code: Select all

dietpi@DietPi:~$ sudo systemctl status wg-quick@Dietpi
● wg-quick@Dietpi.service - WireGuard via wg-quick(8) for Dietpi
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
   Active: active (exited) since Thu 2021-11-04 19:40:49 CET; 54min ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 385 ExecStart=/usr/bin/wg-quick up Dietpi (code=exited, status=0/SUCCESS)
 Main PID: 385 (code=exited, status=0/SUCCESS)

Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip -6 route add ::/0 dev Dietpi table 51820
Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip -6 rule add not fwmark 51820 table 51820
Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip -6 rule add table main suppress_prefixlength 0
Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip6tables-restore -n
Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip -4 route add 0.0.0.0/0 dev Dietpi table 51820
Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip -4 rule add not fwmark 51820 table 51820
Nov 04 19:40:49 DietPi wg-quick[385]: [#] ip -4 rule add table main suppress_prefixlength 0
Nov 04 19:40:49 DietPi wg-quick[385]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
Nov 04 19:40:49 DietPi wg-quick[385]: [#] iptables-restore -n
Nov 04 19:40:49 DietPi systemd[1]: Started WireGuard via wg-quick(8) for Dietpi.
Can You help with that?

Regards,
Przemek
Post Reply