Hi,
I used your script on a VPS with CentOS 7. The installation runs smooth. I also can connect from the Wireguard iOS App. But I can’t connect to any webpage. By manually starting up Wireguard I run into the following problem:
root@GuBo ~]# wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Can you help?
Thanks
is this a client side error or a server side error??
Dear,
World expect server. The WireGuard App on iOS works with another (commercial) Wireguard service. Also the App shows me the connection is established. And configuration is done by the generated QR code. Would I help if you can login to the VPS Server?
I can provide you with the login data by email.
Thanks
Thomas
The life is too short to drink a bad wine.
Am 28. Januar 2019 um 20:38:04, Prajwal Koirala (notifications@github.com(mailto:notifications@github.com)) schrieb:
…
On Debian 9.2 (64-bit) Minimal and following the above steps I get the following error:
/usr/lib/wireguard_install.sh: line 146: /etc/iptables/rules.v4: No such file or directory
Failed to enable unit: File wg-quick@wg0.service: No such file or directory
Failed to start wg-quick@wg0.service: Unit wg-quick@wg0.service not found.
Thanks
@GuBo88 looks like your server has problems with wireguard kernel module. Is it a virtual server? Does it allow kernel modules to be loaded?
@GuBo88 good, is it KVM or OpenVZ plan?
OpenVZ and installing Kernel modules is not possible in OpenVZ at Liteserver. I need a KVM VPS from them.
Any way to run Wireguard on OpneVZ?
l-n-s
changed the title
Interface wg0 not found
OpenVZ is not supported. Script needs to detect it.
Jan 31, 2019
You can install a userspace version of Wireguard, but it performs a lot worse than the kernel module. I’d suggest changing your VPS plan to KVM.
No, it’s not. This instruction is for hosting providers, not for clients.
If I configure host and container, I can run a wireguard server I think
Home » General » Support » *SOLVED* vps not working
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
|||||||||||||
|
Goto Forum:
Current Time: Thu Feb 09 14:56:35 GMT 2023
Total time taken to generate the page: 0.01415 seconds
There are a lot of great setup guides, but many seemed to have something missing. These are the steps I took to get WG working in this environment (note: this was all as «root’):
apt-get update && apt-get -y upgrade
apt-get -y install nano bash-completion wget git
apt-get -y install software-properties-common
add-apt-repository ppa:wireguard/wireguard
apt-get update && apt-get -y upgrade
apt install wireguard-tools --no-install-recommends
Then, to enable forwarding:
nano /etc/sysctl.conf
And uncomment the following lines:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
Once saved, reboot. You could «sysctl -p», but just makes sure all updates/upgrades/changes are in place properly
reboot
And just for giggles. I recommend this because I did have things not complete fully in one case — so better safe than sorry.
apt-get update && apt-get -y upgrade
Now, we are going to use wireguard-go, so need to install «go». I used 1.13.4, but just change «go1.13.4» in each of the following lines if wish to try a differen version:
cd /tmp
wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz
tar zvxf go1.13.4.linux-amd64.tar.gz
mv go /opt/go1.13.4
ln -s /opt/go1.13.4/bin/go /usr/local/bin/go
Now, download and install wireguard-go itself
cd /usr/local/src
git clone https://git.zx2c4.com/wireguard-go
cd wireguard-go
make
cp wireguard-go /usr/local/bin
Reboot to ensure everything is clean
reboot
Check to see if working/version
wireguard-go --version
Generate private and public keys
cd /etc/wireguard/
umask 077
wg genkey | tee privatekey | wg pubkey > publickey
#write down the public key:
cat publickey
#write down the private key:
cat privatekey
Define wg0 interface by creating «wg.conf».
cd /etc/wireguard/
nano wg0.conf
And copy the following into the file (changing private key and address as appropriate). An example address would be 10.100.1.1/24. One note, you may need to change venet0 to your proper interface (eth0 as an example — venet0 works well for the OpenVZ node I installed this on):
[Interface]
PrivateKey = <Private Key>
Address = ###.###.###.1/24
ListenPort = 51820
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o venet0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o venet0 -j MASQUERADE
SaveConfig = true
Modify the service to support wireguard-go:
nano /lib/systemd/system/wg-quick@.service
Find the line «Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity» and add:
Environment=WG_I_PREFER_BUGGY_USERSPACE_TO_POLISHED_KMOD=1
Enable and start the service
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
Now, for each client, execute the following on the server. The address would exist in the /24 range noted above. For example, 10.100.1.2/32 would be appropriate here:
wg set wg0 peer <peer public key> allowed-ips ###.###.###.###/32
Assuming your client is set up correctly, all should flow. Depending on the environment, you may need the following to enable and configure the firewall (ufw firewall):
ufw allow 22/tcp
ufw allow 51820/udp
ufw enable
You also may need to add the following if the default firewall policy is to REJECT:
iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --sport 51820 -j ACCEPT
And finally, if you are running this on OpenVZ, you may need to (at the host level — so need to talk to your service provider):
vzctl set $CTID --netfilter full --save
Once all this is done, reboot and you should be set. You can verify wireguard is running and its configuration with:
wg
or
wg show
And you should see something like:
root@vps-wg:~# wg show
interface: wg0
public key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
private key: (hidden)
listening port: 51820
peer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
endpoint: 111.111.111.:57805
allowed ips: 10.100.1.3/32
latest handshake: 6 hours, 5 minutes, 23 seconds ago
transfer: 4.60 MiB received, 16.87 MiB sent
peer: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
allowed ips: 10.100.202.2/32
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
-
Holmes.Sherlock
- OpenVPN User
- Posts: 40
- Joined: Wed Jul 06, 2011 4:51 am
OpenVZ kernel does not support TUN/TAP devices
Hi,
It’s me posting in this forum after a long time.
I registered for a free OpenVZ based VPS (Virtual Private Server) yesterday & tried to configure OpenVPN on it. Earlier, I did the same with a Xen based VPS solution. Everything worked like a charm. When I attempted to start VPN server, below is the error I encountered:
Tue May 22 01:04:47 2012 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Tue May 22 01:04:47 2012 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Tue May 22 01:04:47 2012 Cannot allocate TUN/TAP dev dynamically
Tue May 22 01:04:47 2012 Exiting
I didn’t find any TUN/TAP adapter by issuing
To load the TUN module manually, I did this, but nothing was loaded.
Then I tried to find whether any TUN related module is present in the kernel
No result returned.
I did all the steps listed here
Code: Select all
Enter mknod /dev/net/tun c 10 200
Enter chmod 600 /dev/net/tun
Enter cat /dev/net/tun to test whether the TUN/TAP device is available:
If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use
If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created: contact VPSLink Support for assistance
Please note that the TUN/TAP device will be removed if you reinstall your operating system template.
But no luck.
At this point I am sure that the OpenVZ kernel is not complied with the support for required modules. What I am asking is whether there any alternative to having native support for TUN/TAP drivers, i.e. can any third-party drivers be installed for creation of TUN/TAP devices to be used in conjunction with OpenVPN?
Reference 1
Reference 2
Reference 3
OpenVZ-Users-Guide: Page 69
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Mimiko » Wed May 23, 2012 5:56 am
TUN devices a somekind standart. You can search for sources and compile them. Better ask the hosters of VPS to help, as they have power to add such devices.
-
Holmes.Sherlock
- OpenVPN User
- Posts: 40
- Joined: Wed Jul 06, 2011 4:51 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Holmes.Sherlock » Wed May 23, 2012 6:49 am
Hi Mimiko, good to see you again. Few months back, I was immensely helped by you & janjust
Mimiko wrote:TUN devices a somekind standart.
I didn’t get you. Means?
Better ask the hosters of VPS to help, as they have power to add such devices.
Even having root access, can’t I add the TUN/TAP support?
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Mimiko » Wed May 23, 2012 6:56 am
The TUN device is a standart device like NUL or COM in the meaning of working. But source code may differ.
In a VPS even if you have root access, the real kernel is protected and for VPS host perspective, for each VPS a clone (or a module) is running, not the real kernel. TUN devices must be closed to kernel, so you can’t use it in the VPS without the admins of the VPS host including them in base kernel and allow to share to guest VPS.
-
Holmes.Sherlock
- OpenVPN User
- Posts: 40
- Joined: Wed Jul 06, 2011 4:51 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Holmes.Sherlock » Wed May 23, 2012 7:01 am
Mimiko wrote:
In a VPS even if you have root access, the real kernel is protected and for VPS host perspective, for each VPS a clone (or a module) is running, not the real kernel.
I think, with my little knowledge, that whatever you have written about kernel sharing, is applicable to OpenVZ based virtualization solution, i.e. fits my case.
Xen based platforms, probably, works in a different way where a dedicated kernel is allocated per VM.
-
yzkwkw
- OpenVpn Newbie
- Posts: 1
- Joined: Thu May 24, 2012 8:54 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by yzkwkw » Thu May 24, 2012 9:03 am
I had almost the same problem. I set up a vps days ago, and i asked the provider to enable tun/tap and they did. after that i installed openvpn on the vps and it worked fine. but yesterday wanted to set the pptpd too, and i asked the provider to enable the ppp module and they also enable it. but then problem came, my openvpn service could not start anymore. the openvpn.log showed that:
——
Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Cannot allocate TUN/TAP dev dynamically
Exiting
———-
but i cat the /dev/net/tun it returned:
[root@-]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
———
which meaned it seems to work fine, and the vps tech support did not provide further support.
I could not figure out why. i think maybe there are some bugs in the openvpn? after reenable the tun, it can’t regonize it again? or maybe the tun module just not enabled correctly? but the tech support insisted it worked fine.
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Mimiko » Sat May 26, 2012 6:34 am
yzkwkw, ask provider to disable ppp interface, and see what is happening.
When OpenVPN was working only with tun adapter enabled on host, did you ever restarted your VPS? After a restart did tun initialized correctly?
-
manuel19
- OpenVpn Newbie
- Posts: 18
- Joined: Thu Jun 14, 2012 10:39 pm
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by manuel19 » Wed Jul 25, 2012 11:25 pm
You have to ask your Linux VPS provider to install the TUN/TAP drivers.
I was using an OpenVZ server, it doesn’t have the TUN/TAP drives, so I wrote a ticket to the Support and they install the TUN/TAP drivers for me.
Hope this help you.
Regards, Manuel.
-
Holmes.Sherlock
- OpenVPN User
- Posts: 40
- Joined: Wed Jul 06, 2011 4:51 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Holmes.Sherlock » Thu Jul 26, 2012 9:37 am
manuel19 wrote:You have to ask your Linux VPS provider to install the TUN/TAP drivers.
I was using an OpenVZ server, it doesn’t have the TUN/TAP drives, so I wrote a ticket to the Support and they install the TUN/TAP drivers for me.
Which VPS service are you using?
-
manuel19
- OpenVpn Newbie
- Posts: 18
- Joined: Thu Jun 14, 2012 10:39 pm
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by manuel19 » Thu Jul 26, 2012 1:44 pm
It doesn’t matters. Your VPS Provider have the obligation to install something you really want and that is not installed by default in the servers they sell.
If i bought a car to you, the car obliously need 4 tires to run. If the car only have 3, you (the seller) need to buy the other tire, because you are buying a functional car. Any car will run correctly with 3 tires.
So, you provider need to install for you the tire #4, in this case, the TUN/TAP driver.
A normal VPS machine in Linux, need to have installed the TUN/TAP without any extra cost.
-
Jeroma11
- OpenVpn Newbie
- Posts: 2
- Joined: Thu May 08, 2014 8:04 am
Re: OpenVZ kernel does not support TUN/TAP devices
Post
by Jeroma11 » Thu May 08, 2014 8:05 am
This is very usefully for me