You are here
mr.phil - Tue, 2021/09/21 - 20:53
I fully admit to being a relative novice when it comes to Linux, but I'm working on it.
Anyway, I'm trying to set up a Wireguard appliance on AWS. I have it installed and running, but when I attempt to use confconsole to create a client, I get the following:
wg-quick: `/etc/wireguard/wg0.conf' does not exist Traceback (most recent call last): File "/usr/local/bin/wireguard-addclient", line 171, in <module> add_client(args.client_name, args.allowed_ips) File "/usr/local/bin/wireguard-addclient", line 129, in add_client server_addr, server_port, taken_ips = parse_config('/etc/wireguard/wg0.conf') File "/usr/local/bin/wireguard-addclient", line 22, in parse_config with open(path, 'r') as fob: FileNotFoundError: [Errno 2] No such file or directory: '/etc/wireguard/wg0.conf'
I'm guessing that means I don't have the server side configured yet, but I don't see how to configure the server on AWS. The docs (what there is) says something about 'inithooks' but I never see anything that looks like it might be appropraite on the AWS installation.
Thanks in advance for any guidance.
Forum:
Hi Phil
Assuming that you launched from the TurnKey Hub, it looks like you've discovered a bug/oversight on our behalf, so thank you so much for posting!
The "inithooks" are the questions that asked at firstboot (including setting passwords, etc). However, when launched from the Hub, the inithooks are preseeded by the Hub and run silently in the background. However, it turns out that under specific circumstance (i.e. when launched from the Hub with security updates enabled) that it doesn't actually run as it should. We'll need to look at this one a bit more closely. As such, I've opened a bug report.
In the meantime, the workaround is to complete the Wireguard 'inithook' configuration interactively, like this:
For what it's worth, you could re-run through the whole initialisation process with the 'turnkey-init' command.
I hope that helps get you up and going. Please let me know if you need further elaboration and/or have further feedback or questions.
`wg-quick` missing in image?
Could you please double check?
Could you please double check? 'wireguard-tools' certainly should be installed!? See the manifest.
To double check inside the appliance:
The first command should return 'turnkey-wireguard-17.1-bullseye-amd64' and the second should return this:
If you can confirm that it's not installed - and you didn't uninstall it, then there is something weird going on! Something that requires further investigation.
"wireguard-tools" Not Included
Thanks for confirming.
Thanks for confirming. Following your post I double checked myself and you are both right!
I haven't spent much time on it yet, but my suspicion is that it gets removed when we remove the kernel (for the LXC build). I'll add 'wireguard-tools' as an explicit dependency and that should ensure that it remains after removing the kernel.
I have opened an issue on our tracker to track this.
July 2023
Hi Joe, yes it's a known issue
Hi Joe, yes it's a known issue that will be fixed in our next release.
FWIW we're really close to an 18.x RC (release candidate) and hopefully the updated v18.0 Wireguard appliance will be released in the not too distant future beyond that.
I am also having this issue.
Is there a way to download an older version that does work?
Just follow the instructions noted in the issue
Just follow the instructions noted in the issue.
I.e.:
Then it should work fine. Apologies that this still hasn't been resolved. We're a small team with a lot going on... Hopefully a new v18.x release won't be too far away.
PS - sorry I just realized that I didn't answer your explicit question. I still think that applying the "fix" to the latest appliance is your best path forward, but you can find older re;eases on our mirror network, you'll find ISOs here and Proxmox LXC builds here. The relevant hash files can be found within the metadata firectory.
ACK, THX
Will try that now.
So you're telling me after
So you're telling me after almost 2 entire years to the day, the WireGuard LXC container still doesn't include the necessary software to work out of the box?
https://www.merriam-webster.com/dictionary/turnkey.
How in the world can this major oversight go unresolved for 720 days?? What else has gone un-updated for this long that isn't immediately apparent?
No Dingus! 2 different issues a year and a half apart! :)
No Dingus! 2 different issues a year and a half apart - albeit both resulting in things not being as turnkey as they should be. Despite the fact that it's nowhere near as bad as you assumed, I'm still not super happy about it myself either. However, there are only so many hours in the day and saying "yes" to one thing, is essentially saying "no" to everything else.
The first bug, as you note was ~2 years ago (covered in Mr Phil's OP and my response) was specifically related to Wireguard launched from the TurnKey Hub. It affects v16.1 onwards and hasn't been resolved yet (there are technical limitations that are outside of my control; but I do hope to get addressed later this year, or early next year). The workaround is to re-run the firstboot scripts. The LXC Proxmox build was not affected.
Regardless, there were a number of other issues, and we patched those in a v16.2 rebuild (issues addressed specifically were this one, this one and this one).
The second bug (first noted above by baconmania earlier this year and the rest of this thread) - is the bug I assume bought you to this thread - the missing wireguard-tools package - that still exists in the currently available version. FWIW, this particular bug most likely first occurred in the v17.0 release, but there was a really nasty bug that affected everything, so we rebuilt everything immediately to v17.1.
We do basic "smoke tests" on all our appliances, but only the ISOs - not every different build format we provide. Generally that's fine as it will always pick up major software issues. The downside is that we miss build specific issues like both of these in our "smoke tests".
Once this issue came to light, I did contemplate doing (another...) rebuild. But I'd already started work on the new upcoming v18.0 release, it only affects the LXC build (the ISO is fine), plus the workaround is simple and really quick to apply. So I thought it best to push ahead and try to get v18.0 out the door ASAP.
As I should have perhaps expected, the v18.0 dev cycle has been much more involved than anticipated. And to add to the delays, we've simultaneously been automating some of the build time testing. The plan is that streamlining our build process a bit will make future development faster, easier and less labor intensive - that's the dream anyway. Unfortunately, whilst it should improve things in the future, it's slowed us down heaps this release.
Hmmm
Just stumbled on this myself.
Appreciate that you're a small team, FOSS, easy fix and all...
However the excuses for not having fixed this blows my mind quite frankly.
An absolutely crippling bug - one which is literally as simple as adding strict dep and rebuilding the kernel (your words) has escaped you for so long is just... amazing.
turnkey-wireguard, missing the wireguard part.
The irony, nay oxymoron is quite amusing really.
Won't be waiting for your 18 release, the sheer lack of care and upkeep in this project is not where users looking for a security app should be at.
to Jeremy Davis
There is a big difference between neglect and lack of resources.
There is a big difference between neglect and lack of resources. Especially when a user side fix is as simple as this one! Unfortunately we have insufficient resources and part of the issue is that we give our appliances away, so don't make much money...
And speaking of which, we have a money back guarantee! Let me know how much you paid and I'll authorize a full refund! :)
As for issues, I almost guarantee that there are issues with other appliances. I also guarantee that there are bugs in pretty much all software! It's more a case of what conditions that occur under and whether you find them or not.
As for TurnKey, all known issues - with workarounds when they are known - are listed on our bug tracker. When issues are security related and/or have complex fixes, then applying fixes and publishing updated appliances are prioritized.
FWIW we also provide a ISO and AWS AMI (all paying users - so always get highest priority) and neither of those were affected - only the LXC build on Proxmox.
As noted a few times in this thread, this particular issue had a super simple fix on your end, thus was considered low priority. Because we have tons of other stuff going on, only important things (and issues reported by paying users) get priority. It was also unclear why this issue was occurring from our end so required additional troubleshooting.
Since then we've discovered that the issue was related to removing the kernel. We were installing the 'wireguard' package, which depended on the kernel. The 'wireguard-tools' package was a dependency of 'wireguard', so when we removed the 'kernel' the whole chain of packages was being removed! Unfortunately it took quite a while to work out eaxctly where that was going wrong.
Now we've worked it out, an updated appliance has just been built, based on a newer version of Debian. But please feel free to not use it!
.
I've taken some time to reflect on our recent interaction, and I must express my profound regret for the way I approached our situation. It's clear to me now that my behavior was unjust and lacked the appreciation your hard work truly deserves. You were absolutely right; given that I haven't contributed in nay way to your project, it was unreasonable of me to issue any complaints. From the bottom of my heart, I apologize for my oversight and any distress it may have caused you.
I want to take a moment to acknowledge the incredible value that the open source community brings to individuals and organizations around the world. Your contributions are indispensable, and I am genuinely grateful for the opportunity to benefit from and participate in this community. Your dedication and hard work do not go unnoticed, and I admire your commitment to your projects.
Moving forward, I sincerely hope that you can navigate through your projects with success and that you continue to find fulfillment in your invaluable contributions to the open source community. I wish you nothing but the best in all your endeavors and hope for your understanding and forgiveness.
Thanks slimtown
Thanks slimtown
All is forgiven and no harm done. :)
IMO it takes a big person with self awareness to reflect and acknowledge that there were factors not considered. We all make mistakes and/or miss nuance in certain situations. I am guilty of that at times too, so would be a huge hypocrite to respond with anything but forgiveness and kindness to a post such as yours. I will never knock someone who recognizes their sub-optimal behavior and makes efforts to "fix" it. In my mind your words make you a person of quality and integrity, which I really value.
I also really appreciate your kind words and I too apologize if my previous response came across as a little passive aggressive. In fairness, if it did, that was because it was! :)
Seems to not function
Hello,
On Proxmox 8 the required files for Wireguard don't seem to be generated in client mode. I have confirmed that wireguard-tools is installed and working. The /etc/wireguard folders also exists, but wg0.conf doesn't seem to get generated from the wireguard.py script. Any attempt at adding a client results in the script complaining wg0.conf doesn't exist. Making an empty file manually doesn't help much either sadly.
Add new comment