Wireguard Plugin stopped working after latest upgrade of OMV

liciogelli · Jun 7th 2023

Hi there, is my first post here

I have an Odroid HC4 with two hdd and a micro sd running OMV6.4.3-1 (Shaitan)

Since the last update i've got my Wireguard setup (via OMV-Plugin) worked flawlessly, but since that it stopped working.

I already tried to unistall the plugin and reinstall it, I create a new tunnel after deleting the old one but the peers don't see Bits in "rx"

My router is already setup with port forwarding and i also opened the firewall ports manually on OMV Firewall with no results.

here some command i saw in other post related to the issue, I hope that can help

-ip link

Code

 ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 00:1e:06:49:18:55 brd ff:ff:ff:ff:ff:ff
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether 02:42:33:f9:a0:84 brd ff:ff:ff:ff:ff:ff
5: veth406243d@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
    link/ether 12:da:ce:e3:61:c2 brd ff:ff:ff:ff:ff:ff link-netnsid 1
9: vetha162f54@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
    link/ether de:f3:a5:97:0a:f8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
11: vethf8fcf35@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default
    link/ether a6:d5:95:aa:49:83 brd ff:ff:ff:ff:ff:ff link-netnsid 2
21: wgnet1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none

Display More

- ls -al /usr/bin/wg

Code

ls -al /usr/bin/wg
-rwxr-xr-x 1 root root 85016 Feb 25  2021 /usr/bin/wg

- dpkg -l | grep -E "wireguard|openme"

Code

 dpkg -l | grep -E "wireguard|openme"
ii  openmediavault                       6.4.3-1                         all          openmediavault - The open network attached storage solution
ii  openmediavault-backup                6.1                             all          backup plugin for OpenMediaVault.
ii  openmediavault-compose               6.7.15                          all          OpenMediaVault compose plugin
ii  openmediavault-cputemp               6.1.3                           all          cpu temperature plugin for openmediavault
ii  openmediavault-diskstats             6.0.3-1                         all          openmediavault disk monitoring plugin
ii  openmediavault-flashmemory           6.2                             all          folder2ram plugin for openmediavault
ii  openmediavault-ftp                   6.0.1-1                         all          openmediavault FTP-Server plugin
ii  openmediavault-keyring               1.0.2-2                         all          GnuPG archive keys of the openmediavault archive
ii  openmediavault-omvextrasorg          6.3.1                           all          OMV-Extras.org Package Repositories for OpenMediaVault
ii  openmediavault-sftp                  6.0.1                           all          sftp server
ii  openmediavault-sharerootfs           6.0.2-1                         all          openmediavault share root filesystem plugin
ii  openmediavault-wireguard             6.2.1                           all          openmediavault WireGuard plugin
ii  wireguard                            1.0.20210223-1                  all          fast, modern, secure kernel VPN tunnel (metapackage)
ii  wireguard-tools                      1.0.20210223-1                  arm64        fast, modern, secure kernel VPN tunnel (userland utilities)

Display More

- cat /etc/wireguard/wgnet1.conf

Code

cat /etc/wireguard/wgnet1.conf
[Interface]
Address = 10.192.1.254/24
SaveConfig = true
ListenPort = 51820
PrivateKey = BLABLABLA
PostUp = iptables -A FORWARD -i wgnet1 -j ACCEPT; iptables -A FORWARD -o wgnet1 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wgnet1 -j ACCEPT; iptables -D FORWARD -o wgnet1 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = BLABLABLA
AllowedIPs = 10.192.1.1/32
PresharedKey = BLABLABLA

[Peer]
PublicKey = BLABLABLA
AllowedIPs = 10.192.1.2/32
PresharedKey = BLABLABLA

[Peer]
PublicKey = BLABLABLA
AllowedIPs = 10.192.1.3/32
PresharedKey = BLABLABLA

Display More

- cat /etc/wireguard/wgnet_client1.conf

Code

cat /etc/wireguard/wgnet_client1.conf
[Interface]
Address = 10.192.1.1/24
PrivateKey = BLABLABLA
DNS = 1.1.1.1,8.8.8.8

[Peer]
PublicKey = BLABLABLA
PresharedKey = BLABLABLA
Endpoint = my.wireguard.link:51820
AllowedIPs = 0.0.0.0/0

Display More

Am I missing something? i also try to see on dmesg if i have some errors, but it seems not.

Hope somebody can help, thanks in advance!

Silvio

p.s. i L O V E omv, it really change my life

chente · Jun 7th 2023

Quote from liciogelli

21: wgnet1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000

There is a bug external to OMV that is breaking some networks, and by the looks of it it also breaks Wireguard. Try this. https://www.openmediavault.org/?p=3492

liciogelli · Jun 8th 2023

Hi chente, thanks for your support

I tried with no results, in fact the systemd-networkd.service seems to be "active (running)".

I did not understand how to set static IP on omv, because "/etc/network/interfaces" seems to be an auto-generated file

here the result of this command:

Code

systemctl status systemd-networkd.service
● systemd-networkd.service - Network Service
     Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-06-08 20:50:57 CEST; 1min 26s ago
TriggeredBy: ● systemd-networkd.socket
       Docs: man:systemd-networkd.service(8)
   Main PID: 115747 (systemd-network)
     Status: "Processing requests..."
      Tasks: 1 (limit: 3423)
     Memory: 1.4M
        CPU: 143ms
     CGroup: /system.slice/systemd-networkd.service
             └─115747 /lib/systemd/systemd-networkd

Jun 08 20:50:57 asparago systemd[1]: Starting Network Service...
Jun 08 20:50:57 asparago systemd-networkd[115747]: vethf8fcf35: Gained IPv6LL
Jun 08 20:50:57 asparago systemd-networkd[115747]: vetha162f54: Gained IPv6LL
Jun 08 20:50:57 asparago systemd-networkd[115747]: veth406243d: Gained IPv6LL
Jun 08 20:50:57 asparago systemd-networkd[115747]: docker0: Gained IPv6LL
Jun 08 20:50:57 asparago systemd-networkd[115747]: Enumeration completed
Jun 08 20:50:57 asparago systemd[1]: Started Network Service.
Jun 08 20:50:57 asparago systemd-networkd[115747]: eth0: DHCPv4 address 192.168.0.85/24 via 192.168.0.1

Display More

i don't see any interface except of the physical one (eth0), none docker ones or wg1 (my wireguard net). It is normal?

I also tried to shut down and up the wireguard network via the "wg-quick" command but i can't see anything in the systemd-networkd.service log as you can see

Thanks again

Silvio

fbeye · Jun 8th 2023

In OMV GUI; Network - Interfaces - Edit [the interface in question] does not let you put in static ip?

liciogelli · Jun 8th 2023

yes, sorry, i forgot the GUI

I set the static IP right now, but still wireguard does not work

matdb · Jun 8th 2023

Have you tried a reboot?

Sounds stupid but I use pop os and my wireguard wasn't working after updates. Booted in the older kerknel and everything worked fine. Booted back to the current kernel and everything worked also.

So can't hurt to reboot I think.

chente · Jun 9th 2023

What is the output of

systemctl status wg-quick@wgnet1.service

rambos · Jun 12th 2023

I'm not OP and hopefully you don't mind me jumping in the thread. I believe I'm experiencing same problem as OP does.

systemctl status systemd-networkd.service reports active (running), but systemctl status wg-quick@wgnet1.service reports active (exited). systemctl restart systemd didn't help.

What does that mean?

Code

root@tride:/home/tri# systemctl status systemd-networkd.service
● systemd-networkd.service - Network Service
     Loaded: loaded (/lib/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-06-12 12:48:03 CEST; 23s ago
TriggeredBy: ● systemd-networkd.socket
       Docs: man:systemd-networkd.service(8)
   Main PID: 25979 (systemd-network)
     Status: "Processing requests..."
      Tasks: 1 (limit: 9334)
     Memory: 2.2M
        CPU: 81ms
     CGroup: /system.slice/systemd-networkd.service
             └─25979 /lib/systemd/systemd-networkd
root@tride:/home/tri# ^C
root@tride:/home/tri# systemctl status wg-quick@wgnet1.service
● wg-quick@wgnet1.service - WireGuard via wg-quick(8) for wgnet1
     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
     Active: active (exited) since Mon 2023-06-12 12:45:59 CEST; 5min ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
   Main PID: 23941 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 9334)
     Memory: 0B
        CPU: 0
     CGroup: /system.slice/system-wg\x2dquick.slice/wg-quick@wgnet1.service
root@tride:/home/tri#

Display More

chente · Jun 12th 2023

Quote from rambos

but systemctl status wg-quick@wgnet1.service reports active (exited)

That shouldn't be a problem. What is wrong with your system? Wireguard not working? What is not working?

rambos · Jun 12th 2023

Quote from chente

That shouldn't be a problem. What is wrong with your system? Wireguard not working? What is not working?

Yeah, wireguard stopped working suddenly. Post from OP sounds like my problem, but it seems like I'm wrong. I don't know if I did anything other than update.

So it looks like plugin is working fine? Can I exclude problem on the server then?

Is there any way to check is my router acting and not forwarding port?

chente · Jun 12th 2023

Quote from rambos

Is there any way to check is my router acting and not forwarding port?

You can forward that port to whatever other service you have on your network, jellyfin(www.YOUR_DOMAIN:8096), the OMV GUI, whatever you want. If you can access it, the forwarding is working. Remember to remove that port after testing, don't leave a door open.

You can verify your public IP here https://whatismyipaddress.com/ Make sure your ISP has not put you behind CGNAT. Check if your public IP matches the public IP advertised on the router.

You can check if your domain is being forwarded to your public IP here. https://www.whatsmydns.net/

rambos · Jun 12th 2023

Quote from chente

Make sure your ISP has not put you behind CGNAT.

First time I hear about CGNAT, thank you a lot, you are my hero !

After quick googling I found out my connection is behind CGNAT. Called provider, they disabled it and works perfectly again.

chente you are so kind, thank you for all tips

liciogelli good luck with your vpn

OMV thank you for being so good and sorry for blaming you lol

chente · Jun 12th 2023

Quote from rambos

First time I hear about CGNAT, thank you a lot, you are my hero !
After quick googling I found out my connection is behind CGNAT. Called provider, they disabled it and works perfectly again.

I'm glad you figured it out

chente · Jun 12th 2023

Quote from rambos

OMV thank you for being so good and sorry for blaming you lol

This is much more common than you may think. Many users enter the forum blaming OMV (some of them angry) and later realize that the cause of their problem has nothing to do with OMV.

But nothing happens, it is the daily bread

liciogelli · Jun 12th 2023

Quote from chente

What is the output of
systemctl status wg-quick@wgnet1.service

Code

 systemctl status wg-quick@wgnet1.service
● wg-quick@wgnet1.service - WireGuard via wg-quick(8) for wgnet1     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor pre>     Active: active (exited) since Thu 2022-12-22 12:55:57 CET; 5 months 20 day>       Docs: man:wg-quick(8)             man:wg(8)             https://www.wireguard.com/             https://www.wireguard.com/quickstart/             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8    Process: 1575 ExecStart=/usr/bin/wg-quick up wgnet1 (code=exited, status=0/>   Main PID: 1575 (code=exited, status=0/SUCCESS)

I'm so sorry I disappeared but I traveled a lot for work..

matdb: yes I tried to reboot several times with no results

chente · Jun 12th 2023

Quote from liciogelli

I'm so sorry I disappeared but I traveled a lot for work..

Try to do the same as I said in post 11, please.

liciogelli · Jun 12th 2023

Quote from chente

Try to do the same as I said in post 11, please.

Ok thank you for pointing me to that post, i checked and everything works except the path of my wireguard setup. I did a mistake in my cloudflare DDNS setup and now everything works

I have to thank you all for the help, I probably would never have done it alone

Wireguard Plugin stopped working after latest upgrade of OMV

liciogelli Jun 12th 2023

liciogelli Jun 12th 2023

Participate now!