Comments (13)
You could get some inspiration from OpenVPN's solution:
Change:
AllowedIPs = 0.0.0.0/0
To:
AllowedIPs = 0.0.0.0/1,128.0.0.0/1
from synology-wireguard.
Just re read the github page and read that DNS is not supported.
I removed the DNS setting in the config file and now getting the following error when ran sudo wg-quick up wg0:
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.5.10/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
Any idea?
from synology-wireguard.
Hi there.
Your post does not contain enough information for me to give good advice. I need to exactly which commands you've run and the output of them.
The way you set up Wireguard on your NAS is similar to how you would do it on any Linux computer. So you can follow any guide you want on how to do that. I recommend using wg0.conf
and the wg-quick
command. I don't think you want to tinker with the ip
command directly unless you know what you're doing.
I can't link you any good tutorial since it depends on how you want your VPN to work.
from synology-wireguard.
Thanks for your response runfalk!
The exact steps I took were:
- I manually uploaded the apollolake package via DSM package manager
- I created the folder and file for /etc/wireguard/wg0.conf with standard wg config (same as used in my existing VPN setups, with different ip addr and keys etc..)
- ran 'sudo wg-quick up wg0' which outputs: wg-quick: `wg0' already exists
- ran 'sudo wg show' which outputs: interface: wg0
Since my first comment, I ran the command: sudo wg-quick down wg0
The I ran the up command again with the following response:
user@server:/$ sudo wg-quick up wg0
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.5.10/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
/usr/local/bin/wg-quick: line 31: resolvconf: command not found
[#] ip link delete dev wg0
Is there any additional information I can provide?
Thanks for your help!!
from synology-wireguard.
Hi runfalk, Just wondering if you had any idea about this one? Thanks in advance!
from synology-wireguard.
Hi @electronmoss-gitter, I don't know how to solve your problem. I do track all issues, but I won't reply unless I can contribute with something. I'm very much a WireGuard novice, who happened to know how to cross-compile it for Synology devices 😄. I'm a bit lost when it comes to anything but the most basic configuration.
The reason why the Dns
configuration option is not supported is that the resolvconf
program is not available (at least on my device a year ago when I tested it). There may have been changes in WireGuard that allows this to work.
from synology-wireguard.
Hi Runfalk, No problem, thanks for your response and help. Im guessing its a kernel issue, which I have no clue on how to fix. Cheers.
from synology-wireguard.
I am getting the same error on a DS1019+. I think I've loaded all the kernel modules I need per galaxysd. Oddly, I also cannot just iptables-restore something I just iptables-save'd ... So it definitely seems like an iptables issue.
from synology-wireguard.
I am going to guess that @electronmoss-gitter may have been setting up wireguard for a default route, and this was causing wg-quick to use iptables. At least that is what was happening to me. I ended up taking two approaches to solve the issue:
- I set up the wireguard device manually.
- I used network namespaces to create an explicit tunnel namespace. I then specified DNS for this namespace only.
Example Script:
#!/bin/bash
ip link add wg0 type wireguard
ip netns add tunnel
ip link set wg0 netns tunnel
ip netns exec tunnel wg set wg0 \
private-key /etc/wireguard/privatekey \
peer <public_key> \
endpoint x.x.x.x:51820 \
allowed-ips 10.250.0.0/24,0.0.0.0/0
ip netns exec tunnel ip addr add 10.250.0.6/24 dev wg0
ip netns exec tunnel ip link set mtu 1420 up dev wg0
ip netns exec tunnel ip route add default dev wg0
tunnel_exec() { sudo -E ip netns exec tunnel sudo -E -u \#$(id -u) -g \#$(id -g) "$@"; }
Example resolv.conf:
root@clio:~# cat /etc/netns/tunnel/resolv.conf
nameserver 1.0.0.1
nameserver 1.1.1.1
Now if you want to ping through the tunnel (for example) you can do:
tunnel_exec ping www.google.com
Credit where credit is due. I got this idea from the Wireguard website.
https://www.wireguard.com/netns/#the-new-namespace-solution
The solution posted on the site does it the other way. Everything is set up to tunnel and the namespace is set up for the exception.
from synology-wireguard.
@Tablador BINGO!
from synology-wireguard.
I am going to guess that @electronmoss-gitter may have been setting up wireguard for a default route, and this was causing wg-quick to use iptables. At least that is what was happening to me. I ended up taking two approaches to solve the issue:
I'm having the same issue as electronmoss-glitter
When I try your namespace solution here, I get a 'Temporary failure in name resolution:' error when it looks up the endpoint name.
I've set up a resolv.conf as in your example, but that doesn't change the above error.
I'd actually prefer to have everything set up to tunnel (as document in https://www.wireguard.com/netns/#the-new-namespace-solution), but I don't know how to get this to work on a NAS
- as soon as it drops eth0, I can no longer access the NAS until a reboot :)
from synology-wireguard.
Interestingly, if I load the previous release (Mar 2019), I don't get the iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'
error
But without a DNS entry in the conf file (due to the lack of resolvconf), nothing loads...
from synology-wireguard.
The new release is based on the rewrite of WireGuard that Jason did in order to get it merged into Linux 5.6. There was some dispute about whether to use the kernel's built in crypto or if WireGuard could roll their own. It wouldn't surprise me that the two releases are very different. However, I made very few changes to how the build process works between those releases.
Unfortunately I don't know how to solve your issue.
from synology-wireguard.
Related Issues (20)
- DSM7 monaco build fails HOT 3
- Installation Error Code 261
- Build SPK on DSM 7.1 on DS920+ (geminilake) fails HOT 14
- Cannot start WireGuard via ssh : command not found HOT 4
- compatibility list / DS118 DSM6 HOT 1
- Trying to use it as a Wireguard "client" to replace Synology's built-in OpenVPN client, but other devices cannot see internet HOT 2
- Not working with DSM 7.1.1-42962 Update 1 HOT 22
- Unable to start Wireguard in DSM 7.1.1-42962 Update 1: Unable to access interface: No such device HOT 1
- Braswell (DS716+II)
- DS918+ DSM7.1 Compiling issue HOT 4
- Help:Handshake successful could access server side LAN but not internet.
- the command "wg show" displays my interface but nothing goes through the tunnel HOT 5
- Any update for DSM 7.2 beta? HOT 9
- rtd1619b arch Compile error HOT 1
- Compile error on DSM 7.2 armada38x HOT 4
- Package fails to run on DSM 7.2 HOT 1
- im try to compile wireguard in kernal version 6.2.0.32
- Module verification failed, module removed HOT 1
- After installation and configuration on DS220+ DSM Web login not possible HOT 1
- wireguard kernel module not loaded
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from synology-wireguard.