You are here
mr.phil - Tue, 2021/09/21 - 20:53
I fully admit to being a relative novice when it comes to Linux, but I'm working on it.
Anyway, I'm trying to set up a Wireguard appliance on AWS. I have it installed and running, but when I attempt to use confconsole to create a client, I get the following:
wg-quick: `/etc/wireguard/wg0.conf' does not exist
Traceback (most recent call last):
File "/usr/local/bin/wireguard-addclient", line 171, in <module>
add_client(args.client_name, args.allowed_ips)
File "/usr/local/bin/wireguard-addclient", line 129, in add_client
server_addr, server_port, taken_ips = parse_config('/etc/wireguard/wg0.conf')
File "/usr/local/bin/wireguard-addclient", line 22, in parse_config with open(path, 'r') as fob:
FileNotFoundError: [Errno 2] No such file or directory: '/etc/wireguard/wg0.conf'
I'm guessing that means I don't have the server side configured yet, but I don't see how to configure the server on AWS. The docs (what there is) says something about 'inithooks' but I never see anything that looks like it might be appropraite on the AWS installation.
Thanks in advance for any guidance.
Forum:
Hi Phil
Assuming that you launched from the TurnKey Hub, it looks like you've discovered a bug/oversight on our behalf, so thank you so much for posting!
The "inithooks" are the questions that asked at firstboot (including setting passwords, etc). However, when launched from the Hub, the inithooks are preseeded by the Hub and run silently in the background. However, it turns out that under specific circumstance (i.e. when launched from the Hub with security updates enabled) that it doesn't actually run as it should. We'll need to look at this one a bit more closely. As such, I've opened a bug report.
In the meantime, the workaround is to complete the Wireguard 'inithook' configuration interactively, like this:
For what it's worth, you could re-run through the whole initialisation process with the 'turnkey-init' command.
I hope that helps get you up and going. Please let me know if you need further elaboration and/or have further feedback or questions.
`wg-quick` missing in image?
Could you please double check?
Could you please double check? 'wireguard-tools' certainly should be installed!? See the manifest.
To double check inside the appliance:
The first command should return 'turnkey-wireguard-17.1-bullseye-amd64' and the second should return this:
wireguard-tools: Installed: 1.0.20210223-1 Candidate: 1.0.20210223-1 Version table: *** 1.0.20210223-1 500 500 http://deb.debian.org/debian bullseye/main amd64 Packages 100 /var/lib/dpkg/statusIf you can confirm that it's not installed - and you didn't uninstall it, then there is something weird going on! Something that requires further investigation.
"wireguard-tools" Not Included
Thanks for confirming.
Thanks for confirming. Following your post I double checked myself and you are both right!
I haven't spent much time on it yet, but my suspicion is that it gets removed when we remove the kernel (for the LXC build). I'll add 'wireguard-tools' as an explicit dependency and that should ensure that it remains after removing the kernel.
I have opened an issue on our tracker to track this.
July 2023
Hi Joe, yes it's a known issue
Hi Joe, yes it's a known issue that will be fixed in our next release.
FWIW we're really close to an 18.x RC (release candidate) and hopefully the updated v18.0 Wireguard appliance will be released in the not too distant future beyond that.
I am also having this issue.
Is there a way to download an older version that does work?
Just follow the instructions noted in the issue
Just follow the instructions noted in the issue.
I.e.:
Then it should work fine. Apologies that this still hasn't been resolved. We're a small team with a lot going on... Hopefully a new v18.x release won't be too far away.
PS - sorry I just realized that I didn't answer your explicit question. I still think that applying the "fix" to the latest appliance is your best path forward, but you can find older re;eases on our mirror network, you'll find ISOs here and Proxmox LXC builds here. The relevant hash files can be found within the metadata firectory.
ACK, THX
Will try that now.
So you're telling me after
So you're telling me after almost 2 entire years to the day, the WireGuard LXC container still doesn't include the necessary software to work out of the box?
https://www.merriam-webster.com/dictionary/turnkey.
How in the world can this major oversight go unresolved for 720 days?? What else has gone un-updated for this long that isn't immediately apparent?
No Dingus! 2 different issues a year and a half apart! :)
No Dingus! 2 different issues a year and a half apart - albeit both resulting in things not being as turnkey as they should be. Despite the fact that it's nowhere near as bad as you assumed, I'm still not super happy about it myself either. However, there are only so many hours in the day and saying "yes" to one thing, is essentially saying "no" to everything else.
The first bug, as you note was ~2 years ago (covered in Mr Phil's OP and my response) was specifically related to Wireguard launched from the TurnKey Hub. It affects v16.1 onwards and hasn't been resolved yet (there are technical limitations that are outside of my control; but I do hope to get addressed later this year, or early next year). The workaround is to re-run the firstboot scripts. The LXC Proxmox build was not affected.
Regardless, there were a number of other issues, and we patched those in a v16.2 rebuild (issues addressed specifically were this one, this one and this one).
The second bug (first noted above by baconmania earlier this year and the rest of this thread) - is the bug I assume bought you to this thread - the missing wireguard-tools package - that still exists in the currently available version. FWIW, this particular bug most likely first occurred in the v17.0 release, but there was a really nasty bug that affected everything, so we rebuilt everything immediately to v17.1.
We do basic "smoke tests" on all our appliances, but only the ISOs - not every different build format we provide. Generally that's fine as it will always pick up major software issues. The downside is that we miss build specific issues like both of these in our "smoke tests".
Once this issue came to light, I did contemplate doing (another...) rebuild. But I'd already started work on the new upcoming v18.0 release, it only affects the LXC build (the ISO is fine), plus the workaround is simple and really quick to apply. So I thought it best to push ahead and try to get v18.0 out the door ASAP.
As I should have perhaps expected, the v18.0 dev cycle has been much more involved than anticipated. And to add to the delays, we've simultaneously been automating some of the build time testing. The plan is that streamlining our build process a bit will make future development faster, easier and less labor intensive - that's the dream anyway. Unfortunately, whilst it should improve things in the future, it's slowed us down heaps this release.
Hmmm
Just stumbled on this myself.
Appreciate that you're a small team, FOSS, easy fix and all...
However the excuses for not having fixed this blows my mind quite frankly.
An absolutely crippling bug - one which is literally as simple as adding strict dep and rebuilding the kernel (your words) has escaped you for so long is just... amazing.
turnkey-wireguard, missing the wireguard part.
The irony, nay oxymoron is quite amusing really.
Won't be waiting for your 18 release, the sheer lack of care and upkeep in this project is not where users looking for a security app should be at.
Add new comment