Can't set up WireGuard

jemmima · Post by **jemmima** » 24 Aug 2022, 09:43

I'm trying to add RevPi Core module to a Wireguard network using these instructions
https://www.cyberciti.biz/faq/how-to-im ... -on-linux/.

I'm able to install wireguard successfully, but not able to execute the command to register the client config.

I was able to successfully install network manager and tried running this command to add the client config file as in the tutorial above:

Code: Select all

nmcli connection import type wireguard file client.conf

This gives the error:

Code: Select all

Error: failed to find VPN plugin for wireguard.

I tried reinstalling wireguard-dkms, but the reinstall failed due to missing kernal headers:

Code: Select all

Unpacking wireguard-dkms (1.0.20210606-1) over (1.0.20210606-1) ...
Setting up wireguard-dkms (1.0.20210606-1) ...
Loading new wireguard-1.0.20210606 DKMS files...
It is likely that 4.19.95-rt38 belongs to a chroot\'s host
Building for 4.19.95-rt38 and 4.19.95-rt38-v7
Module build for kernel 4.19.95-rt38 was skipped since the
kernel headers for this kernel does not seem to be installed.
Module build for kernel 4.19.95-rt38-v7 was skipped since the
kernel headers for this kernel does not seem to be installed.

Shall I install kernel headers? Is there another solution I'm not aware of to get the Pi on a Wireguard network?

I appreciate your help!

nicolaiB · Post by **nicolaiB** » 24 Aug 2022, 10:00

Yes, if you want to use dkms, you need to install the kernel headers. Otherwise there is nothing to build against. If you're not familiar with DKMS you can read more here: https://linuxhint.com/dkms-linux/

-Nicolai

jemmima · Post by **jemmima** » 24 Aug 2022, 10:14

That's a great article, thank you!

Is it necessary to use wireguard-dkms to use Wireguard on this pi? Or is there another possible reason for that error? Reinstalling wireguard succeeded without errors but didn't fix the problem, that is why I tried reinstalling wireguard-dkms, as it was another installed wireguard package that I suspected might be causing the error, but I don't actually know why I'm getting that error.

kjkoster · Post by **kjkoster** » 24 Aug 2022, 10:29

Dear all,

Here is how I documented the process for our own Revpi's. Installation on the Revolution Pi is not much different than installing a regular client. If you have not done so already, upgrade the Revolution Pi to Buster (or newer), as documented elsewhere on this forum. With that, install WireGuard and it’s dependencies.

Code: Select all

        sudo apt install -y raspberrypi-kernel-headers wireguard-dkms wireguard
        wg genkey | tee wg_privatekey | wg pubkey > wg_publickey
        sudo vi /etc/wireguard/wg0.conf

You can use the following as a template, filling in the private key for XXX and picking an unallocated IP address for YYY. Please be sure that the IP address is not in use for another client, or you may lock systems out. ZZZ is the IP address of the WireGuard server. Note how we use the IP address of the WireGuard server instead of its DNS name to reduce reliance on DNS and other network services. PPP is the public key of the WireGuard server.

Code: Select all

[Interface]
PrivateKey = XXX
Address = 10.0.2.YYY/32

[Peer]
PublicKey = PPP
AllowedIPs = 10.0.2.1/24
Endpoint = ZZZ:51820
PersistentKeepalive = 25

On the WireGuard server, add the same IP address, so that the server knows who the new client is.

The next step is to enable WireGuard as a service in systemd. Before rebooting, make sure that the client starts automatically.

Code: Select all

        sudo systemctl enable wg-quick@wg0
        sudo wg-quick up wg0
        sudo reboot

nicolaiB · Post by **nicolaiB** » 24 Aug 2022, 10:57

Thanks, Kees! That's the community spirit I like

-Nicolai

kjkoster · Post by **kjkoster** » 24 Aug 2022, 11:33

On the Revolution Pi, when upgrading the packages raspberrypi-kernel-headers and/or raspberrypi-kernel, WireGuard’s kernel module gets disabled. You will no longer have remote access (!)

After installing or upgrading raspberrypi-kernel-headers or raspberrypi-kernel, always reinstall the WireGuard kernel module, as shown below.

Code: Select all

sudo apt full-upgrade -y && sudo apt reinstall -y wireguard-dkms
sudo reboot

This should keep your system in working order, but can also be used to restore WireGuard to working order after a botched kernel upgrade.

nicolaiB · Post by **nicolaiB** » 24 Aug 2022, 12:53

afaik wireguard-dkms shouldn't be necessary with Kernel 5.10 as it was moved mainline with 5.6 ?

-Nicolai

jemmima · Post by **jemmima** » 25 Aug 2022, 10:17

The install worked correctly, but when I came to try and generate the I get an error "Segmentation fault".

Do you know what this means? All I can find online about it is that it means we have a file system corruption, but we have already re-imaged the system twice so I don't think this can be what's causing the error. Any ideas?

Code: Select all

pi@RevPi42678:~ $ sudo apt install -y raspberrypi-kernel-headers wireguard-dkms wireguard
Reading package lists... Done
Building dependency tree
Reading state information... Done
wireguard is already the newest version (1.0.20210914-1).
wireguard-dkms is already the newest version (1.0.20210606-1).
raspberrypi-kernel-headers is already the newest version (1:9.20220322-4.19.95+revpi1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
pi@RevPi42678:~ $ sudo wg genkey | tee wg_privatekey | wg pubkey > wg_publickey
Segmentation fault

jemmima · Post by **jemmima** » 29 Aug 2022, 16:08

kjkoster wrote: ↑24 Aug 2022, 11:33 On the Revolution Pi, when upgrading the packages raspberrypi-kernel-headers and/or raspberrypi-kernel, WireGuard’s kernel module gets disabled. You will no longer have remote access (!)

After installing or upgrading raspberrypi-kernel-headers or raspberrypi-kernel, always reinstall the WireGuard kernel module, as shown below.
Code: Select all
sudo apt full-upgrade -y && sudo apt reinstall -y wireguard-dkms
sudo reboot
This should keep your system in working order, but can also be used to restore WireGuard to working order after a botched kernel upgrade.

I have tried to reinstall wireguard kernel module as you suggest.
When I try this I get an error: "Error! Bad return status for module build on kernel: 4.19.95-rt38 (armv6l)"

Here is the full output from the command:

Code: Select all

pi@RevPi42678:~ $ sudo apt full-upgrade -y && sudo apt install --reinstall -y wireguard-dkms
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 1 not upgraded.
Need to get 254 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://deb.debian.org/debian unstable/main armhf wireguard-dkms all 1.0.20210606-1 [254 kB]
Fetched 254 kB in 0s (507 kB/s)
apt-listchanges: Can't set locale; make sure $LC_* and $LANG are correct!
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = (unset),
	LC_CTYPE = "UTF-8",
	LC_TERMINAL_VERSION = "3.4.16",
	LC_TERMINAL = "iTerm2",
	LANG = "en_GB.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("en_GB.UTF-8").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
(Reading database ... 127128 files and directories currently installed.)
Preparing to unpack .../wireguard-dkms_1.0.20210606-1_all.deb ...

------------------------------
Deleting module version: 1.0.20210606
completely from the DKMS tree.
------------------------------
Done.
Unpacking wireguard-dkms (1.0.20210606-1) over (1.0.20210606-1) ...
Setting up wireguard-dkms (1.0.20210606-1) ...
Loading new wireguard-1.0.20210606 DKMS files...
It is likely that 4.19.95-rt38 belongs to a chroot's host
Building for 4.19.95-rt38 and 4.19.95-rt38-v7
Building initial module for 4.19.95-rt38
Error! Bad return status for module build on kernel: 4.19.95-rt38 (armv6l)
Consult /var/lib/dkms/wireguard/1.0.20210606/build/make.log for more information.

kjkoster · Post by **kjkoster** » 29 Aug 2022, 16:27

Dear Jemmima,

The instructions I posed are for Buster. What OS release are you on, please?

Code: Select all

$ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

Kees Jan