Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installation on Rocky Linux 9.1 is broken #390

Open
Rebelllious opened this issue Apr 17, 2023 · 5 comments
Open

Installation on Rocky Linux 9.1 is broken #390

Rebelllious opened this issue Apr 17, 2023 · 5 comments

Comments

@Rebelllious
Copy link
Contributor 

Would you like to expire the peer after a certain period of time?
  1) Every Year (Recommended)
  2) No
Automatic config expire [1-2]:2
Last metadata expiration check: 0:03:58 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
No match for argument: openresolv
**Error: Unable to find a match: openresolv**
Last metadata expiration check: 0:03:58 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
Last metadata expiration check: 0:03:59 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
No match for argument: kmod-wireguard
**Error: Unable to find a match: kmod-wireguard**
Last metadata expiration check: 0:03:59 ago on Mon 17 Apr 2023 11:11:54 PM CEST.
**No match for argument: unbound-host
No match for argument: unbound-anchor**
Error: Unable to find a match: unbound-host unbound-anchor
/usr/local/bin/wireguard-manager.sh: line 1144: unbound-anchor: command not found
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3311  100  3311    0     0   6912      0 --:--:-- --:--:-- --:--:--  6912
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  6204    0  6204    0     0   5869      0 --:--:--  0:00:01 --:--:--  5869
/usr/local/bin/wireguard-manager.sh: line 1224: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1225: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1227: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1228: wg: command not found
/usr/local/bin/wireguard-manager.sh: line 1233: wg: command not found
Created symlink /etc/systemd/system/multi-user.target.wants/nftables.service → /usr/lib/systemd/system/nftables.service.
Failed to enable unit: Unit file wg-quick@wg0.service does not exist.
Failed to enable unit: Unit file unbound.service does not exist.
Failed to restart unbound.service: Unit unbound.service not found.
/usr/local/bin/wireguard-manager.sh: line 1307: qrencode: command not found
# https://www.wireguard.com
@Rebelllious
Copy link
Contributor Author

Notes:

  • in Rocky Linux 9, qrencode is available via EPEL, unlike in Rocky Linux 8.
  • unbound-anchor is installed as part of unbound-libs, which is a dependency for installing unbound. Thus, no separate command for unbound-anchor is required. unbound-host is also installed as part of unbound/unbound-libs installation.

Will test the adjusted code and push a commit later.

@Rebelllious
Copy link
Contributor Author

Required repositories:
yum install epel-release elrepo-release -y
Enabling wireguard in the kernel before installing wireguard-tools (no kmod-wireguard is required):
modprobe wireguard
PostUp and PostDown actions in /etc/wireguard/wg0.conf fail to execute IP forwarding commands with the below errors:

Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: Warning: '/etc/wireguard/wg0.conf' is world accessible
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip link add wg0 type wireguard
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] wg setconf wg0 /dev/fd/63
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip -4 address add 10.0.0.1/8 dev wg0
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip -6 address add fd00:00:00::1/8 dev wg0
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip link set mtu 1420 up dev wg0
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1; nft add table inet wiregua>
Apr 21 21:34:44 localhost.localdomain wg-quick[25975]: sysctl: cannot stat /proc/sys/net/ipv4/ip_forward: Permission denied
Apr 21 21:34:44 localhost.localdomain wg-quick[25946]: [#] ip link delete dev wg0
Apr 21 21:34:44 localhost.localdomain systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE

Not sure about the nature of this "permission denied" yet, haven't dug too deep into it so far. When running the same commands manually, it all worked. Removing them from the PostUp PostDown commands did the trick and the VPN server is fully functional.

@Rebelllious
Copy link
Contributor Author

Rebelllious commented Apr 21, 2023
edited by Prajwal-Koirala
Loading

@Prajwal-Koirala is there any specific reason why we issue the sysctl --write net.ipv4.ip_forward=1; sysctl --write net.ipv6.conf.all.forwarding=1 commands as part of bringing up the Wireguard interface as opposed to performing this just once when configuring the server?

@Rebelllious
Copy link
Contributor Author

Rebelllious commented Apr 23, 2023
edited by Prajwal-Koirala
Loading

@Prajwal-Koirala sorry, DJI is not something I am currently interested in. Also, I don't want to keep things half baked like in case with this script at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rebelllious and others