synology-wireguard: Not working with DSM 7.1.1-42962 Update 1

Hi, I have a DS 220j and with the recent upgrade to 7.1.1-42962 Update 1, WireGuard stopped working. I rebuilt the package and installed it again, but without success.

The intended (and previously working) use case is a VPN client inside a home network (behind NAT) that connects to a server running WireGuard. When I tcpdump on the server, I can see packets coming from the client and responses going out, but according to the WireGuard logs, the handshake never completes. It’s strange that the port number of the client’s endpoint entry is reported as 0 (which is not a valid UDP port). When I tcpdump on the client, I can see ICMP messages that the packets to the invalid UDP port 0 are dropped (these are the server responses, apparently) and the RX counter of wg show stays at zero.

Moreover, once setup the wg0 interface cannot be brought down, as ip link del dev wg0 segfaults. Then the entire system slowly becomes unresponsive and a forced shutdown is the only option.

Has anyone experienced a similar issue? Or can someone give some pointers on where to dig further?

About this issue

Most upvoted comments

Working well for me on 918+ with both 7.1.1 Update 1 and 7.1.1 Update 2.

How did you compile your version then?

We used a workflow for Github actions: https://github.com/vegardit/synology-wireguard/blob/master/.github/workflows/build.yml Images can be found here: https://github.com/vegardit/synology-wireguard/releases

+3
spielmap on Nov 14, 2022

@AlexeyGG, I couldn’t find a solution to this issue, but I managed to find a workaround by using the userspace version of WireGuard

Here are the steps to follow:

  1. Compile the ARM version of WireGuard-Go from the repository https://github.com/WireGuard/wireguard-go.
  2. Copy the wireguard-go binary to /var/packages/WireGuard/target/wireguard (same folder with wg-quick file)
  3. Remove or rename the wireguard.ko file in the same folder.
  4. Verify that the tun module is loaded by running lsmod | grep tun. If it’s not loaded, you can load it using insmod tun.
  5. Now you can try to use WireGuard as usual.

This workaround is a bit clumsy, but I can try to publish a fork in the next couple of days to simplify the process.

+2
stpkys on Jun 20, 2023

Same issue on DS720+ with DSM 7.1.1-42962 Update 2, wg-quick up wg0 fails.

Have you solved your problem yet? My version is DS920+ with DSM 7.1.1-42962 Update 2. When I run the “wg-quick up wg0”, the system also crashes. here are the error reports root@NAS0:~# sudo wg-quick up wg0 【#】 ip link add wg0 type wireguard 【#】 wg setconf wg0 /dev/fd/63 /usr/local/bin/wg-quick: line 30: 26382 Segmentation fault “$@”

+1
small-whiter on Dec 14, 2022

Hello, I have DS 220j with upgrade DSM 7.1-42661 Update 4

Compiled manually with params docker run --rm --privileged --env PACKAGE_ARCH=rtd1296 --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild

Installed as mentioned in the guide, everything works fine for me.

+1
sergey-brutsky on Oct 26, 2022
Read more comments on GitHub
← synology-wireguard: DSM 7.0 41882 compile failed
synology-wireguard: Synology DSM 6.2.2-24922 breaking WireGuard? →