wireguard-manager icon indicating copy to clipboard operation
wireguard-manager copied to clipboard
verified publisher icon complexorganizations

Installation on Rocky Linux 9.1 is broken

Open Rebelllious opened this issue 3 years ago • 5 comments 

Would you like to expire the peer after a certain period of time?
  1) Every Year (Recommended)
  2) No
Automatic config expire [1-2]:2
Last metadata expiration check: 0:03:58 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
No match for argument: openresolv
**Error: Unable to find a match: openresolv**
Last metadata expiration check: 0:03:58 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
Last metadata expiration check: 0:03:59 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
No match for argument: kmod-wireguard
**Error: Unable to find a match: kmod-wireguard**
Last metadata expiration check: 0:03:59 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
**No match for argument: unbound-host
No match for argument: unbound-anchor**
Error: Unable to find a match: unbound-host unbound-anchor
/usr/local/bin/wireguard-manager.sh: line 1144: unbound-anchor: command not found
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3311  100  3311    0     0   6912      0 --:--:-- --:--:-- --:--:--  6912
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6204    0  6204    0     0   5869      0 --:--:--  0:00:01 --:--:--  5869
/usr/local/bin/wireguard-manager.sh: line 1224: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1225: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1227: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1228: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1233: wg: command not found
Created symlink /etc/systemd/system/multi-user.target.wants/nftables.service → /usr/lib/systemd/system/nftables.service.
Failed to enable unit: Unit file [email protected] does not exist.
Failed to enable unit: Unit file unbound.service does not exist.
Failed to restart unbound.service: Unit unbound.service not found.
/usr/local/bin/wireguard-manager.sh: line 1307: qrencode: command not found
# https://www.wireguard.com

Rebelllious avatar Apr 17 '23 21:04 Rebelllious

Notes:

  • in Rocky Linux 9, qrencode is available via EPEL, unlike in Rocky Linux 8.
  • unbound-anchor is installed as part of unbound-libs, which is a dependency for installing unbound. Thus, no separate command for unbound-anchor is required. unbound-host is also installed as part of unbound/unbound-libs installation.

Will test the adjusted code and push a commit later.

Rebelllious avatar Apr 19 '23 20:04 Rebelllious

Required repositories: yum install epel-release elrepo-release -y Enabling wireguard in the kernel before installing wireguard-tools (no kmod-wireguard is required): modprobe wireguard PostUp and PostDown actions in /etc/wireguard/wg0.conf fail to execute IP forwarding commands with the below errors:

Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: Warning: '/etc/wireguard/wg0.conf' is world accessible
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip link add wg0 type wireguard
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] wg setconf wg0 /dev/fd/63
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip -4 address add 10.0.0.1/8 dev wg0
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip -6 address add fd00:00:00::1/8 dev wg0
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip link set mtu 1420 up dev wg0
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1; nft add table inet wiregua>
Apr 21 21:34:44 localhost.localdomain wg-quick[25975]: sysctl: cannot stat /proc/sys/net/ipv4/ip_forward: Permission denied
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip link delete dev wg0
Apr 21 21:34:44 localhost.localdomain systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE

Not sure about the nature of this "permission denied" yet, haven't dug too deep into it so far. When running the same commands manually, it all worked. Removing them from the PostUp PostDown commands did the trick and the VPN server is fully functional.

Rebelllious avatar Apr 21 '23 19:04 Rebelllious

@Prajwal-Koirala is there any specific reason why we issue the sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1 commands as part of bringing up the Wireguard interface as opposed to performing this just once when configuring the server?

Rebelllious avatar Apr 21 '23 20:04 Rebelllious

@Prajwal-Koirala sorry, DJI is not something I am currently interested in. Also, I don't want to keep things half baked like in case with this script at the moment.

Rebelllious avatar Apr 23 '23 16:04 Rebelllious