Wireguard stop working after last update

  • Dear all,

    Anyone has issue with the last update of omv-extras " iptables" ???

    Before the update i was able to reach my netrwork from outside with wireguard+duckdns docker.

    Could someone point me to a solution ?

    I think is something with iptables/nftables .

    Best regards.

    HP Microserver Gen8 , 2X3TB data , 1x4TB snapraid sync,SSD for OS. 16g Ecc ram.

    Plugin :

    mergerFs

    Snapraid

    fail2ban

    Docker:

    Pihole

    Transmission-vpn

    jackett

    Headphones

    Duckdns

    Wireguard

    Resilio-sync

  • Anyone has issue with the last update of omv-extras " iptables" ???

    Before the update i was able to reach my netrwork from outside with wireguard+duckdns docker.

    Could someone point me to a solution ?

    I think is something with iptables/nftables .

    omv-extras does not run the iptables change automatically. And all it does is change from nft to legacy or vice versa. Depending on how your wireguard setup is adding iptables rules, doing this may break something.

    omv 5.5.17-3 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.2
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Hi Ryecoarron,

    How can i check the wireguard iptables setup?

    Can i give you any logs about that ?


    This is my wireguard container ( i keep every created container in a .txt file) :


    docker create \

    --name=wireguard \

    --cap-add=NET_ADMIN \

    --cap-add=SYS_MODULE \

    -e PUID=1000 \

    -e PGID=995 \

    -e TZ=Europe/Rome \

    -e SERVERURL=XYZ.duckdns.org \

    -e SERVERPORT=51820 \

    -e PEERS=1 \

    -p 51820:51820/udp \

    -v /var/lib/docker/wireguard/config:/config \

    -v /var/lib/docker/wireguard/lib/modules:/lib/modules \

    --sysctl="net.ipv4.conf.all.src_valid_mark=1" \

    --restart unless-stopped \

    linuxserver/wireguard


    Till sunday with this configuration it works , so i don't undestand why today is down .


    This is the Duckdns docker log :


    HP Microserver Gen8 , 2X3TB data , 1x4TB snapraid sync,SSD for OS. 16g Ecc ram.

    Plugin :

    mergerFs

    Snapraid

    fail2ban

    Docker:

    Pihole

    Transmission-vpn

    jackett

    Headphones

    Duckdns

    Wireguard

    Resilio-sync

  • So , I read this on the web-ui " Debian 10/OMV 5.x uses iptables-nft by default and Docker needs iptables-legacy"

    When i use iptables-legacy on the drop down and restart the wireguard container i got this error :



    "Failure

    Cannot restart container dacb186622bc9b0842bc0c5ca5b44b9869f1b5bb73895169c9eba14e381221c1: driver failed programming external connectivity on endpoint wireguard (3f90611ec8ee2329489ed2fc68dd52fcc20eb6c0e4654361f78a392210d62a70): (iptables failed: iptables --wait -t nat -A DOCKER -p udp -d 0/0 --dport 51820 -j DNAT --to-destination 172.17.0.6:51820 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1))"


    Maybe could help

    HP Microserver Gen8 , 2X3TB data , 1x4TB snapraid sync,SSD for OS. 16g Ecc ram.

    Plugin :

    mergerFs

    Snapraid

    fail2ban

    Docker:

    Pihole

    Transmission-vpn

    jackett

    Headphones

    Duckdns

    Wireguard

    Resilio-sync

  • Have you rebooted or at least restarted docker? docker will re-create its iptables rules when it starts.

    omv 5.5.17-3 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.2
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Only restarted the docker container by portainer web-UI.

    Do you think i need a reboot of the Omv ?

    HP Microserver Gen8 , 2X3TB data , 1x4TB snapraid sync,SSD for OS. 16g Ecc ram.

    Plugin :

    mergerFs

    Snapraid

    fail2ban

    Docker:

    Pihole

    Transmission-vpn

    jackett

    Headphones

    Duckdns

    Wireguard

    Resilio-sync

  • Do you think i need a reboot of the Omv ?

    No but you definitely need to restart docker. Rebooting might be easier if there are some weird iptables rules out there.

    omv 5.5.17-3 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.4.2
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Nothing ti do, same error after reboot .

    Really strange .

    Seems i Need ti setup some iptables Legacy rules for docker ( i think.. ).

    Can i check anything else ??

    Anyone get issues like that ??

    HP Microserver Gen8 , 2X3TB data , 1x4TB snapraid sync,SSD for OS. 16g Ecc ram.

    Plugin :

    mergerFs

    Snapraid

    fail2ban

    Docker:

    Pihole

    Transmission-vpn

    jackett

    Headphones

    Duckdns

    Wireguard

    Resilio-sync

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!