Wireguard stop working after last update

siteswap423 · 21. Juli 2020

Dear all,

Anyone has issue with the last update of omv-extras " iptables" ???

Before the update i was able to reach my netrwork from outside with wireguard+duckdns docker.

Could someone point me to a solution ?

I think is something with iptables/nftables .

Best regards.

ryecoaaron · 21. Juli 2020

Zitat von siteswap423

Anyone has issue with the last update of omv-extras " iptables" ???
Before the update i was able to reach my netrwork from outside with wireguard+duckdns docker.
Could someone point me to a solution ?
I think is something with iptables/nftables .

omv-extras does not run the iptables change automatically. And all it does is change from nft to legacy or vice versa. Depending on how your wireguard setup is adding iptables rules, doing this may break something.

siteswap423 · 21. Juli 2020

Hi Ryecoarron,

How can i check the wireguard iptables setup?

Can i give you any logs about that ?

This is my wireguard container ( i keep every created container in a .txt file) :

docker create \

--name=wireguard \

--cap-add=NET_ADMIN \

--cap-add=SYS_MODULE \

-e PUID=1000 \

-e PGID=995 \

-e TZ=Europe/Rome \

-e SERVERURL=XYZ.duckdns.org \

-e SERVERPORT=51820 \

-e PEERS=1 \

-p 51820:51820/udp \

-v /var/lib/docker/wireguard/config:/config \

-v /var/lib/docker/wireguard/lib/modules:/lib/modules \

--sysctl="net.ipv4.conf.all.src_valid_mark=1" \

--restart unless-stopped \

linuxserver/wireguard

Till sunday with this configuration it works , so i don't undestand why today is down .

This is the Duckdns docker log :

Code

 -1 }">
[services.d] starting services
 -1 }">
[services.d] done.
 -1 }">
Your IP was updated at Tue Jul 21 19:00:06 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:05:04 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:10:02 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:15:03 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:20:04 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:25:03 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:30:02 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:35:04 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:40:03 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:45:03 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:50:03 CEST 2020
 -1 }">
Your IP was updated at Tue Jul 21 19:55:03 CEST 2020

Alles anzeigen

siteswap423 · 21. Juli 2020

So , I read this on the web-ui " Debian 10/OMV 5.x uses iptables-nft by default and Docker needs iptables-legacy"

When i use iptables-legacy on the drop down and restart the wireguard container i got this error :

"Failure

Cannot restart container dacb186622bc9b0842bc0c5ca5b44b9869f1b5bb73895169c9eba14e381221c1: driver failed programming external connectivity on endpoint wireguard (3f90611ec8ee2329489ed2fc68dd52fcc20eb6c0e4654361f78a392210d62a70): (iptables failed: iptables --wait -t nat -A DOCKER -p udp -d 0/0 --dport 51820 -j DNAT --to-destination 172.17.0.6:51820 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1))"

Maybe could help

ryecoaaron · 21. Juli 2020

Have you rebooted or at least restarted docker? docker will re-create its iptables rules when it starts.

siteswap423 · 21. Juli 2020

Only restarted the docker container by portainer web-UI.

Do you think i need a reboot of the Omv ?

ryecoaaron · 22. Juli 2020

Zitat von siteswap423

Do you think i need a reboot of the Omv ?

No but you definitely need to restart docker. Rebooting might be easier if there are some weird iptables rules out there.

siteswap423 · 22. Juli 2020

Nothing ti do, same error after reboot .

Really strange .

Seems i Need ti setup some iptables Legacy rules for docker ( i think.. ).

Can i check anything else ??

Anyone get issues like that ??

siteswap423 · 24. Juli 2020

Recreate the wireguard container from scratch, everything works fine.

Wireguard stop working after last update

siteswap423 24. Juli 2020

Jetzt mitmachen!