wireguard-install: Kernel module doesn't load on Fedora/CentOS

[root@fedora-2gb-nbg1-1 ~]# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2019-08-08 22:30:55 CEST; 31s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
  Process: 1056 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
 Main PID: 1056 (code=exited, status=1/FAILURE)

Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: [#] ip link add wg0 type wireguard
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: Error: Unknown device type.
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: Unable to access interface: Protocol not supported
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: [#] ip link delete dev wg0
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: Cannot find device "wg0"
Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
[root@fedora-2gb-nbg1-1 ~]#
[root@fedora-2gb-nbg1-1 ~]# lsmod | grep wireguard
[root@fedora-2gb-nbg1-1 ~]#

[root@centos-2gb-nbg1-1 ~]# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2019-08-08 22:32:32 CEST; 13s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
 Main PID: 22401 (code=exited, status=1/FAILURE)

Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: [#] ip link add wg0 type wireguard
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: RTNETLINK answers: Operation not supported
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: Unable to access interface: Protocol not supported
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: [#] ip link delete dev wg0
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: Cannot find device "wg0"
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service: main process exited, code=exited, status=1/FAILURE
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: Unit wg-quick@wg0.service entered failed state.
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service failed.
[root@centos-2gb-nbg1-1 ~]# 
[root@centos-2gb-nbg1-1 ~]# lsmod | grep wireguard
[root@centos-2gb-nbg1-1 ~]#

About this issue

Original URL
State: closed
Created 5 years ago
Comments: 19 (11 by maintainers)

Commits related to this issue

Add warning on Fedora/CentOS when WG is not running because of kernel versions mismatch cf https://github.com/angristan/wireguard-install/issues/30 — committed to angristan/wireguard-install by angristan 4 years ago

Most upvoted comments

SOLUTION: Running dnf update or yum update to get an up-to-date kernel and matching headers solves the issue.

angristan on Mar 4, 2020

Though:

[root@fedora-2gb-nbg1-1 ~]# dkms status
wireguard, 0.0.20190702: added

angristan on Aug 8, 2019

i have also big problem with CentOS 7, it dont work. i have some wireguards working fine with kernel wireguard, 0.0.20200215, 3.10.0-1062.12.1.el7.x86_64, x86_64: installed

but now i try on an another VPS, but it dont work…

Your kernel headers for kernel 3.10.0-1062.12.1.el7.x86_64 cannot be found at /lib/modules/3.10.0-1062.12.1.el7.x86_64/build or /lib/modules/3.10.0-1062.12.1.el7.x86_64/source.

Yakashimoto on Mar 24, 2020

I have similar problem, but get different verbose output from modprobe:

# modprobe -vvv wireguard
modprobe: INFO: custom logging function 0x55cf4e172a20 registered
insmod /lib/modules/5.3.11-300.fc31.x86_64/kernel/net/wireguard.ko.xz  
modprobe: INFO: Failed to insert module '/lib/modules/5.3.11-300.fc31.x86_64/kernel/net/wireguard.ko.xz': Operation not permitted
modprobe: ERROR: could not insert 'wireguard': Operation not permitted
modprobe: INFO: context 0x55cf4eb9b4c0 released

Any ideas how to get wireguard module loaded? I removed it and rebuild it without success:

dkms remove -m wireguard -v 0.0.20191012 -k 5.3.11-300.fc31.x86_64
dkms install -m wireguard -v 0.0.20191012

Any help us much appreciated.

valentt on Nov 25, 2019

Having the same problem on Fedora 29, but my kernel headers and active kernel are the same. It seems to be failing because DKMS can’t find the file:

[#] ip link add wg0-client-test type wireguard
Error: Unknown device type.
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0-client-test
Cannot find device "wg0-client-test"
[ben@localhost ~]$ 
[ben@localhost ~]$ dkms status
Error! Could not locate dkms.conf file.
File: /var/lib/dkms/wireguard/0.0.20190702/source/dkms.conf does not exist.

Looks like it’s trying to follow a broken symlink:

[ben@localhost ~]$ ll /var/lib/dkms/wireguard/0.0.20190702/source
lrwxrwxrwx. 1 root root 31 Jul  8 12:18 /var/lib/dkms/wireguard/0.0.20190702/source -> /usr/src/wireguard-0.0.20190702```

the symlink shouldn't be broken tho as the target exists:

```[ben@localhost ~]$ ll /usr/src/wireguard-0.0.20190905/
total 268K
drwxr-xr-x.  6 root root 4.0K Sep 10 09:28 .
drwxr-xr-x.  5 root root 4.0K Sep 10 09:28 ..
-rw-r--r--.  1 root root  11K Sep  9 14:44 allowedips.c
-rw-r--r--.  1 root root 1.8K Sep  9 14:44 allowedips.h
...

I manually removed the broken link and recreated it: sudo ln -s /usr/src/wireguard-0.0.20190905/ /var/lib/dkms/wireguard/0.0.20190702/source

Now DKMS is happy. I rebuilt the modules: sudo dkms autoinstall

Checked status:

wireguard, 0.0.20190702, 5.2.11-100.fc29.x86_64, x86_64: built
wireguard, 0.0.20190905, 5.2.11-100.fc29.x86_64, x86_64: installed

And it still doesn’t work.

lsmod shows it isn’t actually loaded. Loading it fails:

modprobe: ERROR: could not insert 'wireguard': Operation not permitted

No idea why it’s failing.

FreedomBen on Sep 10, 2019

OK, the kernel and headers were not the same version:

[root@centos-2gb-nbg1-1 ~]# yum list | grep kernel-headers
kernel-headers.x86_64                   3.10.0-957.27.2.el7            @updates
[root@centos-2gb-nbg1-1 ~]# uname -a
Linux centos-2gb-nbg1-1 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[root@fedora-2gb-nbg1-1 ~]# dnf list | grep kernel-headers
kernel-headers.x86_64                                                  5.2.5-200.fc30                                             @updates
[root@fedora-2gb-nbg1-1 ~]#
[root@fedora-2gb-nbg1-1 ~]# uname -a
Linux fedora-2gb-nbg1-1 5.1.16-300.fc30.x86_64 #1 SMP Wed Jul 3 15:06:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

angristan on Aug 8, 2019