pivpn: [BUG] WireGuard installation fails on Raspberry Pi 2
In raising this issue, I confirm the following:
- I have read and understood the contributors guide.
- The issue I am reporting can be replicated.
- The issue I am reporting can be is directly related to the pivpn installer script.
- The issue I am reporting isn’t a duplicate (see FAQs, closed issues, and open issues).
Describe the bug My VPN isn’t functioning because WireShark was unable to be started.
To Reproduce
- Use Raspberry Pi 2, running the Sep 2019 version of Raspbian Lite, plugged into router via ethernet cable.
- Install
pivpnusing the recommended source athttps://install.pivpn.dev. - Select mostly the default options, including WireGuard.
- I assigned a public DNS name rather than a public IP.
Expected behavior For the VPN to be correctly functioning and routing traffic.
Actual behavior Attempting to connect to the VPN from another computer results in no successful network traffic. WireGuard is not able to start on my Pi.
Debug Commands
$ pivpn debug
:::: PiVPN debug ::::
=============================================
:::: Latest commit ::::
commit 4a49787b28650a9ad84867f3cc11ea70303a7c4e (grafted, HEAD -> master, origin/test, origin/master, origin/HEAD)
Author: Orazio <orazioedoardo@users.noreply.github.com>
Date: Tue Jan 21 15:54:20 2020 +0100
Changed variable name, corrected rm typo
=============================================
:::: Installation settings ::::
PLAT=Raspbian
OSCN=buster
USING_UFW=0
IPv4dev=eth0
dhcpReserv=1
IPv4addr=192.168.1.189
IPv4gw=192.168.1.1
install_user=pi
install_home=/home/pi
VPN=wireguard
pivpnPORT=9337
pivpnDNS1=1.1.1.1
pivpnDNS2=1.0.0.1
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
UNATTUPG=1
TO_INSTALL=(iptables-persistent qrencode raspberrypi-kernel-headers wireguard wireguard-tools wireguard-dkms unattended-upgrades)
=============================================
:::: Server configuration shown below ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
ListenPort = 9337
# begin andy
[Peer]
PublicKey = andy_pub
PresharedKey = psk
AllowedIPs = 10.6.0.2/32
# end andy
=============================================
:::: Client configuration shown below ::::
[Interface]
PrivateKey = andy_priv
Address = 10.6.0.2/24
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = server_pub
PresharedKey = psk
Endpoint = REDACTED:9337
AllowedIPs = 0.0.0.0/0
=============================================
:::: Recursive list of files in ::::
:::: [4m/etc/wireguard shown below ::::
/etc/wireguard:
configs keys wg0.conf
/etc/wireguard/configs:
andy.conf clients.txt
/etc/wireguard/keys:
andy_priv andy_pub psk server_priv server_pub
=============================================
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [ERR] WireGuard is not running, try to start now? [Y/n] y
Job for wg-quick@wg0.service failed because the control process exited with error code.
See "systemctl status wg-quick@wg0.service" and "journalctl -xe" for details.
Done
:: [OK] WireGuard is enabled (it will automatically start on reboot)
:: [ERR] WireGuard is not listening, try to restart now? [Y/n] y
Job for wg-quick@wg0.service failed because the control process exited with error code.
See "systemctl status wg-quick@wg0.service" and "journalctl -xe" for details.
Done
[INFO] Run pivpn -d again to see if we detect issues
=============================================
:::: WARNING: This script should have automatically masked sensitive ::::
:::: information, however, still make sure that PrivateKey, PublicKey ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this: ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::
=============================================
:::: Debug complete ::::
$ systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2020-01-22 20:15:05 EST; 12s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 1050 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
Main PID: 1050 (code=exited, status=1/FAILURE)
Jan 22 20:15:04 raspberrypi systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Jan 22 20:15:04 raspberrypi wg-quick[1050]: [#] ip link add wg0 type wireguard
Jan 22 20:15:04 raspberrypi wg-quick[1050]: RTNETLINK answers: Operation not supported
Jan 22 20:15:05 raspberrypi wg-quick[1050]: Unable to access interface: Protocol not supported
Jan 22 20:15:05 raspberrypi wg-quick[1050]: [#] ip link delete dev wg0
Jan 22 20:15:05 raspberrypi wg-quick[1050]: Cannot find device "wg0"
Jan 22 20:15:05 raspberrypi systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Jan 22 20:15:05 raspberrypi systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Jan 22 20:15:05 raspberrypi systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
$ wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"
$ sudo modprobe wireguard
modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.19.75-v7+
$ lsmod | grep wire
$ sudo apt --fix-broken install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
$ uname -a
Linux raspberrypi 4.19.75-v7+ #1270 SMP Tue Sep 24 18:45:11 BST 2019 armv7l GNU/Linux
$ cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
Desktop (please complete the following information):
- VPN Protocol: WireGuard
- OS: Raspbian Lite
- Version: September 2019, kernel ver 4.19
If there’s any other information I can provide, please let me know~!
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 38 (10 by maintainers)
I’ve got the same error as @acarl005 and the workaround from @orazioedoardo throws
You cannot add the same module/version combo more than once.like @jameshope87. So I tried to uninstall and remove first, like this:Afterwards I run
pivpn debugand I was possible to start wireguard:And now I’m able to connect to my vpn!
@alexschomb @metriics Since all packages seem to be installed I think the issue reduces to wireguard-dkms not actually compiling the kernel module.
As a workaround we could tell dkms to build and install the module:
pivpn debugand say yes to the self checkI’m not sure whether dkms will register a new wireguard module when the wireguard-dkms package is upgraded, so hold on, I’m trying to reproduce with a clean install to make sure it’s not an issue with wireguard-dkms version 0.0.20200121-2
Had the same issue on an installation which was already working for a few weeks. For me,
apt-get update && sudo apt-get install --reinstall raspberrypi-bootloader raspberrypi-kernelhelped. It reinstalled versions 1.20200811-1
I think the issue started after unattended-upgrades did updates on libraspberrypi-doc (1.20200811-1) over (1.20200723-1) libraspberrypi-dev (1.20200811-1) over (1.20200723-1) libraspberrypi-bin (1.20200811-1) over (1.20200723-1) libraspberrypi0 (1.20200811-1) over (1.20200723-1) raspberrypi-bootloader (1.20200811-1) over (1.20200723-1) raspberrypi-kernel (1.20200811-1) over (1.20200723-1) raspberrypi-kernel-headers (1.20200811-1) over (1.20200723-1)
This also helped me. it is working now.
According to my own experience most issues start with broken upgrades of kernel. This article here helped me most of the times: https://github.com/pivpn/pivpn/wiki/WireGuard#how-to-i-fix-a-broken-wireguard-update As long as raspberrypi-kernel and raspberrypi-kernel-headers are properly installed (stable version), it should be possible to re-build wireguard using
dpkg-reconfigure wireguard-dkms. Additionally I blacklisted raspberrypi-kernel, raspberrypi-kernel-headers and raspberrypi-bootloader in unattended upgrades config to avoid further issues. In future, if any kernel update is pending I will run that manually. Will see if that helps in long term.@gtmartin69 yes, the steps mentioned works
@alexschomb Just tried to install wireguard on a fully updated Debian. I can confirm that wirguard-dkms 0.0.20200121-2 does not compile the module, in fact someone reported this in the bug tracker: link 1, link 2. Wait for wireguard-dkms version 0.0.20200121-3.