View previous topic :: View next topic |
Author |
Message |
saski4711 Apprentice
Joined: 24 Jun 2004 Posts: 176
|
Posted: Tue Dec 05, 2023 10:57 am Post subject: Wireguard Kernel trouble |
|
|
Hello,
I'm trying to get a Wireguard connection to Nordvpn to work for days and now I'm out of ideas.
Code: |
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.5.0.2/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63
/dev/fd/63:1:1-26: Error: Could not process rule: Operation not supported
/dev/fd/63:2:14-25: Error: No such file or directory; did you mean chain ‘preraw’ in table ip ‘wg-quick-wg0’?
/dev/fd/63:3:14-25: Error: No such file or directory; did you mean chain ‘premangle’ in table ip ‘wg-quick-wg0’?
/dev/fd/63:4:14-25: Error: No such file or directory; did you mean chain ‘postmangle’ in table ip ‘wg-quick-wg0’?
/dev/fd/63:5:13-24: Error: Could not process rule: No such file or directory
/dev/fd/63:6:13-24: Error: Could not process rule: No such file or directory
/dev/fd/63:7:13-24: Error: Could not process rule: No such file or directory
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
|
It seems that the kernel config is incomplete but I cannot see what's missing. Here is my kernel config:
https://pastebin.com/09pPLg4E
Any help would be much apprechiated. |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 4160 Location: Bavaria
|
Posted: Tue Dec 05, 2023 1:09 pm Post subject: |
|
|
oops ... it is a Linux/x86 6.7.0-rc4 ... not a Gentoo kernel ... but maybe we can solve it nevertheless.
If you look into https://wiki.gentoo.org/wiki/Wireguard there is a link to a "Working kernel config" =>
https://gitlab.com/vitaly-zdanevich-configs/linux-kernel-thinkpad-t430/-/blob/e0190d62ab1c0f798e6e98b742578c2ffec9899e/.config
What I always recommend when working with netfilter modules: Enable EVERYTHING in submenu [*] Network packet filtering framework (Netfilter) --->
as <M>odule ... later you can see with "lsmod" which modules are really necessary ... BUT ... be aware that some netfilter-modules depend on other options. For example:
You will never get CONFIG_NETFILTER_XT_TARGET_SECMARK=y WITHOUT enabling this BEFORE: # CONFIG_NETWORK_SECMARK is not set
So, what I would recommend:
Make sure you have the same networking options enabled as you will see in lines 788 - 864 of the "Working kernel config" ... AND ... enable all netfilter as module (and do a "lsmod" later). _________________ https://wiki.gentoo.org/wiki/User:Pietinger |
|
Back to top |
|
|
saski4711 Apprentice
Joined: 24 Jun 2004 Posts: 176
|
Posted: Tue Dec 05, 2023 3:26 pm Post subject: |
|
|
pietinger wrote: | oops ... it is a Linux/x86 6.7.0-rc4 ... not a Gentoo kernel ... but maybe we can solve it nevertheless.
If you look into https://wiki.gentoo.org/wiki/Wireguard there is a link to a "Working kernel config" =>
https://gitlab.com/vitaly-zdanevich-configs/linux-kernel-thinkpad-t430/-/blob/e0190d62ab1c0f798e6e98b742578c2ffec9899e/.config
What I always recommend when working with netfilter modules: Enable EVERYTHING in submenu [*] Network packet filtering framework (Netfilter) --->
as <M>odule ... later you can see with "lsmod" which modules are really necessary ... BUT ... be aware that some netfilter-modules depend on other options. For example:
You will never get CONFIG_NETFILTER_XT_TARGET_SECMARK=y WITHOUT enabling this BEFORE: # CONFIG_NETWORK_SECMARK is not set
So, what I would recommend:
Make sure you have the same networking options enabled as you will see in lines 788 - 864 of the "Working kernel config" ... AND ... enable all netfilter as module (and do a "lsmod" later). |
Sweet! Didin't know that there is a config for gentoo kernels. Will try as you suggested. Thanks a bunch! |
|
Back to top |
|
|
|