WireGuard on Docker

WireGuard on Docker

[Mohammad Amir Heshmatkhah]

[-- Attachment #1: Type: text/plain, Size: 1989 bytes --]

Hi,
I want to run WireGuard on a docker container as server,
I try difrent base Images but  I get this error message every time:

[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"

Here is 3 Dokerfiles I tried:

FROM alpine:3.7
RUN apk upgrade --update \
&& echo http://dl-cdn.alpinelinux.org/alpine/edge/testing >>
/etc/apk/repositories \
&& apk add --no-cache bash wireguard-tools

ENTRYPOINT [ "wg-quick", "up", "wg0" ]

————————————-

FROM ubuntu:16.04
RUN apt-get update && apt-get install -y software-properties-common
apt-utils \
&& add-apt-repository ppa:wireguard/wireguard \
&& apt-get update \
&& apt-get install -y iproute linux-headers-$(uname -r) wireguard-dkms
wireguard-tools wireguard

ENTRYPOINT [ "wg-quick", "up", "wg0" ]

————————————-

FROM debian:9
RUN echo "deb http://deb.debian.org/debian/ unstable main" >
/etc/apt/sources.list.d/unstable.list \
&& printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >
/etc/apt/preferences.d/limit-unstable \
&& apt-get update && apt-get install -y wireguard

ENTRYPOINT [ "wg-quick", "up", "wg0" ]

————————————-

I run this containers with:

sudo docker run -it -v $(pwd)/config:/etc/wireguard/ -v  /dev:/dev  -v
/lib/modules:/lib/modules  --cap-add=ALL --privileged <image name here>

where wg0.conf is located in " $(pwd)/config/wg0.conf" on host machine

————————————-

and here is my wg0.conf file:

[Interface]
Address = 172.26.10.1/24
SaveConfig = true
PrivateKey = <server private key here>
ListenPort = 40540

[Peer]
PublicKey = <client public key here>
AllowedIPs = 172.26.10.2/32

————————————-

So, How can I fix this "*Unable to access interface: Protocol not supported*"
error?

[-- Attachment #2: Type: text/html, Size: 8802 bytes --]

Re: WireGuard on Docker

[logcabin]

[-- Attachment #1: Type: text/plain, Size: 2422 bytes --]

I'm wondering if the kernel module is loaded:

# modinfo wireguard


On Tue, Jul 10, 2018, at 4:16 AM, Mohammad Amir Heshmatkhah wrote:
> Hi,
> I want to run WireGuard on a docker container as server,
> I try difrent base Images but  I get this error message every time:
> 
> [#] ip link add wg0 type wireguard
> RTNETLINK answers: Operation not supported
> Unable to access interface: Protocol not supported
> [#] ip link delete dev wg0
> Cannot find device "wg0"
> 
> Here is 3 Dokerfiles I tried:
> 
> FROM alpine:3.7
> RUN apk upgrade --update \
> && echo http://dl-cdn.alpinelinux.org/alpine/edge/testing >>
> /etc/apk/repositories \> && apk add --no-cache bash wireguard-tools
> 
> ENTRYPOINT [ "wg-quick", "up", "wg0" ]
> 
> ————————————-
> 
> FROM ubuntu:16.04
> RUN apt-get update && apt-get install -y software-properties-common
> apt-utils \> && add-apt-repository ppa:wireguard/wireguard \
> && apt-get update \
> && apt-get install -y iproute linux-headers-$(uname -r) wireguard-dkms
> wireguard-tools wireguard> 
> ENTRYPOINT [ "wg-quick", "up", "wg0" ]
> 
> ————————————-
> 
> FROM debian:9
> RUN echo "deb http://deb.debian.org/debian/ unstable main" >
> /etc/apt/sources.list.d/unstable.list \> && printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >
> /etc/apt/preferences.d/limit-unstable \> && apt-get update && apt-get install -y wireguard
> 
> ENTRYPOINT [ "wg-quick", "up", "wg0" ]
> 
> ————————————-
> 
> I run this containers with:
> 
> sudo docker run -it -v $(pwd)/config:/etc/wireguard/ -v  /dev:/dev
> -v  /lib/modules:/lib/modules  --cap-add=ALL --privileged <image
> name here>> 
> where wg0.conf is located in " $(pwd)/config/wg0.conf" on host machine> 
> ————————————-
> 
> and here is my wg0.conf file:
> 
> [Interface]
> Address = 172.26.10.1/24
> SaveConfig = true
> PrivateKey = <server private key here>
> ListenPort = 40540
> 
> [Peer]
> PublicKey = <client public key here>
> AllowedIPs = 172.26.10.2/32
> 
> ————————————-
> 
> So, How can I fix this "*Unable to access interface: Protocol not
> supported*" error?> _________________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard


[-- Attachment #2: Type: text/html, Size: 9862 bytes --]

Re: WireGuard on Docker

[Zsolt Hegyi]

[-- Attachment #1: Type: text/plain, Size: 2781 bytes --]

CC'ing the list as well.

On Sun, 22 Jul 2018, 08:43 Zsolt Hegyi, <hegyi.mokka@gmail.com> wrote:

> Hi Mohammad,
>
> You need to load the WireGuard kernel module on your host OS, not inside
> the containers. All containers "share" and run on the same kernel as the
> host OS does.
>
> Best regards,
> Zsolt
>
>
> On Sat, 21 Jul 2018, 23:34 Mohammad Amir Heshmatkhah, <
> maheshmatkhah.soft@gmail.com> wrote:
>
>> Hi,
>> I want to run WireGuard on a docker container as server,
>> I try difrent base Images but  I get this error message every time:
>>
>> [#] ip link add wg0 type wireguard
>> RTNETLINK answers: Operation not supported
>> Unable to access interface: Protocol not supported
>> [#] ip link delete dev wg0
>> Cannot find device "wg0"
>>
>> Here is 3 Dokerfiles I tried:
>>
>> FROM alpine:3.7
>> RUN apk upgrade --update \
>> && echo http://dl-cdn.alpinelinux.org/alpine/edge/testing >>
>> /etc/apk/repositories \
>> && apk add --no-cache bash wireguard-tools
>>
>> ENTRYPOINT [ "wg-quick", "up", "wg0" ]
>>
>> ————————————-
>>
>> FROM ubuntu:16.04
>> RUN apt-get update && apt-get install -y software-properties-common
>> apt-utils \
>> && add-apt-repository ppa:wireguard/wireguard \
>> && apt-get update \
>> && apt-get install -y iproute linux-headers-$(uname -r) wireguard-dkms
>> wireguard-tools wireguard
>>
>> ENTRYPOINT [ "wg-quick", "up", "wg0" ]
>>
>> ————————————-
>>
>> FROM debian:9
>> RUN echo "deb http://deb.debian.org/debian/ unstable main" >
>> /etc/apt/sources.list.d/unstable.list \
>> && printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' >
>> /etc/apt/preferences.d/limit-unstable \
>> && apt-get update && apt-get install -y wireguard
>>
>> ENTRYPOINT [ "wg-quick", "up", "wg0" ]
>>
>> ————————————-
>>
>> I run this containers with:
>>
>> sudo docker run -it -v $(pwd)/config:/etc/wireguard/ -v  /dev:/dev  -v
>> /lib/modules:/lib/modules  --cap-add=ALL --privileged <image name here>
>>
>> where wg0.conf is located in " $(pwd)/config/wg0.conf" on host machine
>>
>> ————————————-
>>
>> and here is my wg0.conf file:
>>
>> [Interface]
>> Address = 172.26.10.1/24
>> SaveConfig = true
>> PrivateKey = <server private key here>
>> ListenPort = 40540
>>
>> [Peer]
>> PublicKey = <client public key here>
>> AllowedIPs = 172.26.10.2/32
>>
>> ————————————-
>>
>> So, How can I fix this "*Unable to access interface: Protocol not
>> supported*" error?
>>
>> _______________________________________________
>> WireGuard mailing list
>> WireGuard@lists.zx2c4.com
>> https://lists.zx2c4.com/mailman/listinfo/wireguard
>>
>

[-- Attachment #2: Type: text/html, Size: 10074 bytes --]