Wireguard issue (kernel modules? headers?)

ice.man · 7. Juli 2018

Hi, I'm running OMV since 1.x as a VM on a lovely Hp microserver gen7 running ESXi (now 6.5)
I upgraded and tweaked bot the hardware (ssd, 8TB drivers, etc) and the sofware (esxi 6.5, OMV4.x) always looking to get better performance from such a limited hardware
.
Since my OMV4. runs OpenVPN as a server and WireGuard recently jumped to general news....
I've been astonished by the promised througput and little cpu overhead

I was tring to install in on the OMV4.x (Debian Strecht based) and in an Windows Linux container (the Ubuntu 18.04 LTS from the MS Store)

I've installed the wireguard packages, and filled the config files on both the Debian server and the ubuntu client
but once I try to add the interface running command

Code

ip link add wg0 type wireguard

I get the following error messages:

on Omv4.0 -debian

Code

RTNETLINK answers: Operation not supported

on Ubuntu 18.04 (win 10 container)

Code

RTNETLINK answers: No such device

kernel info UBUNTU client

Code

Distributor ID: Ubuntu
Description:    Ubuntu 18.04 LTS
Release:        18.04
Codename:       bionic




Linux HP-840 4.4.0-43-Microsoft #1-Microsoft Wed Dec 31 14:42:53 PST 2014 x86_64 x86_64 x86_64 GNU/Linux

kernel info Debian (OMV server)

Code

Distributor ID: Debian
Description:    Debian GNU/Linux 9.4 (stretch)
Release:        9.4
Codename:       stretch




Linux OPENMEDIAVAULT 4.16.0-0.bpo.2-amd64 #1 SMP Debian 4.16.16-2~bpo9+1 (2018-06-26) x86_64 GNU/Linux

Searching on the internet there is still very little documentation given the WireGuard project is still a BETA and it's kernel support is quite new

ryecoaaron · 7. Juli 2018

I just tried it and it seems to be working (no error messages). Did you modprobe wireguard? Are you running the ip link add command as root?

Code

$ ip addr show dev wg0
4: wg0: <POINTOPOINT,NOARP> mtu 1420 qdisc noop state DOWN group default qlen 1000
    link/none 
    inet 192.168.13.1/24 scope global wg0
       valid_lft forever preferred_lft forever

ice.man · 8. Juli 2018

my fault, you were right

I had to give up about the MS Linux container on Windows (Ubuntu 18.04 lts app from MS store) as far as believe it or not....there were not the kernel headers in the repo (being is a Ms 4.4 kernel and having the repo just 4.15 kernels)
SO I went with the TunSafe Client for Windows, thus the Wireguard's author strongly advises against it
Now there is a networking issue
How does wireguard pushes the default route?
I found misleading how-to on the internet
At the beginning I thought the AllowedIPs = was meant to be an extra check about the client identiy and to better categorize them
but someone is writing that this is the mask that will be pushed to the routing table
What if I want the VPN to be used ONLY to reach the server LAN and not to route all of the traffinc?
Do I have to forge the virtual lan subnet to be supernetted with the remote lan subnet?
This was not a issue on OpenVPN, I mean I can have a 10.0.0.0/24 remote LAN and a 192.168.10.0/24 VPN subnet and everything was used to work

Is it something I have to write on the client or on the server wireguard config file (or both)?

I have want to pay some credit to this guy as far as I found it the more clean and complete how-to about wireguard configuration
expecially for those who want to set up the typical environment of a VPN server + many road warrior clients
https://www.ckn.io/blog/2017/1…eguard-vpn-typical-setup/

Jetzt mitmachen!