should be
firewall-cmd --permanent --add-port=51822/udp
is corrected
not quite true. Number 3. modprobe ip_tables has to be done also.
hint/suggestion: a command (which could be translated into a button) for generate a tunnel and a comand (also translable into button) to download keys/config file for wireguard?
Most of the code should be the same currently available for ācontainer relatedā wiregard config generation.
@mz05er looks like our prayers have been answerd stephdl Ā· GitHub
Il be patient and wait for the module officially, no need to begin tinkering on my server, and potentially break things.
Hello,
please test wg-easy for NS8:
EDIT:
Usable environment variables: GitHub - wg-easy/wg-easy: The easiest way to run WireGuard VPN + Web-based Admin UI.
For now you can manage them in the environment file by running
runagent -m wg-easy1 nano environment
and restarting the service:
runagent -m wg-easy1 systemctl --user restart wg-easy
I just used the variables to make it workable. All traffic is routed to the server, you need to add WG_ALLOWED_IPS to only route specific networks to the VPN and to browse the web locally.
Please tell me which variables are important to add to the server manager UI.
Please also check the license (non-commercial) that unfortunately I noticed too late.
4 Likes
Wow Markuz, thank you for thisā¦
1 Like
I noticed that the Env variables you mentioned have not been defined in your module.
from my understanding ths far, these migh tnot be persistent, you might need to actually define them in the module itselfā¦
you can just take the most important ones and pre-define those, the rest could be added with subsequent updates, if members reuire them.
i think these are the most important ones.
the rest maybe very secondary.
in these above, there are those you can have pr-defined with defaults.
1 Like
Thanks for your feedback.
In ../systemd/user/wg-easy-app.service the line --env-file=%S/state/environment adds the environment file variables, they should be persistent AFAIK.
WEBUI_HOST defines the web UI binding, it didnāt work using localhost so Iād keep the default. Wrong URLs are filtered by traefik anyway.
PASSWORD and WG_HOST are already implemented in the web UI.
As regards WG_DEVICE, I donāt think we need to change the network device in the containerā¦
The WG_PORT and WG_DEFAULT_ADDRESS variables could also be interesting to have more instances on one node but Iād put it to advanced settings in the UI. Same for WG_DEFAULT_DNS.
WG_ALLOWED_IP seems really important as it sets the VPN client routes.
A language selector would be niceā¦
The UI_TRAFFIC_STATS are already implemented and set to true. This way the traffic transferred in total is shown.
1 Like
Thanks for the work !!
I installed Wg-Easy from you repo.
Unfortunately it is not starting.
Error log below:
2024-05-12T18:03:09+02:00 [1:wg-easy2:systemd] Started Podman wg-easy-app.service.
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] 2024-05-12T16:03:09.594Z Server Listening on http://0.0.0.0:51821
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] 2024-05-12T16:03:09.596Z WireGuard Loading configuration...
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] 2024-05-12T16:03:09.603Z WireGuard Configuration loaded.
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] 2024-05-12T16:03:09.604Z WireGuard Config saving...
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] 2024-05-12T16:03:09.605Z WireGuard Config saved.
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] $ wg-quick down wg0
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] $ wg-quick up wg0
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] Error: Command failed: wg-quick up wg0
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#]
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#] ip link add wg0 type wireguard
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#] wg setconf wg0 /dev/fd/63
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#] ip -4 address add 10.8.0.1/24 dev wg0
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#] ip link set mtu 1420 up dev wg0
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#] iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] iptables v1.8.10 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] Perhaps iptables or your kernel needs to be upgraded.
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] [#] ip link delete dev wg0
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app]
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] at ChildProcess.exithandler (node:child_process:422:12)
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] at ChildProcess.emit (node:events:517:28)
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] at maybeClose (node:internal/child_process:1098:16)
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] at ChildProcess._handle.onexit (node:internal/child_process:303:5) {
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] code: 3,
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] killed: false,
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] signal: null,
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] cmd: 'wg-quick up wg0'
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy-app] }
2024-05-12T18:03:09+02:00 [1:wg-easy2:systemd] wg-easy-app.service: Main process exited, code=exited, status=1/FAILURE
2024-05-12T18:03:09+02:00 [1:wg-easy2:wg-easy2] 16052c52ee8aa8431de654c0933be1f9d70f9904235e28f43e614599e407ea17
2024-05-12T18:03:09+02:00 [1:wg-easy2:systemd] wg-easy-app.service: Failed with result 'exit-code'.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] wg-easy-app.service: Scheduled restart job, restart counter is at 15.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] Stopped Podman wg-easy-app.service.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] Stopping Podman wg-easy.service...
2024-05-12T18:03:10+02:00 [1:wg-easy2:podman] ccc600ea10caf827b76f1bb14e84aacc66dff9d2caebd72191433ced4289de67
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] Removed slice cgroup user-libpod_pod_ccc600ea10caf827b76f1bb14e84aacc66dff9d2caebd72191433ced4289de67.slice.
2024-05-12T18:03:10+02:00 [1:wg-easy2:podman] ccc600ea10caf827b76f1bb14e84aacc66dff9d2caebd72191433ced4289de67
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] Stopped Podman wg-easy.service.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] wg-easy.service: Start request repeated too quickly.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] wg-easy.service: Failed with result 'start-limit-hit'.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] Failed to start Podman wg-easy.service.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] Dependency failed for Podman wg-easy-app.service.
2024-05-12T18:03:10+02:00 [1:wg-easy2:systemd] wg-easy-app.service: Job wg-easy-app.service/start failed with result 'dependency'.
The errors above disappeared by running at the command line:
- modprobe ip_tables
- modprobe iptable_filter
- modprobe iptable_nat
Iām not sure if all 3 commands are needed. I will check this and let you know.
After the installation i was not able to open the WG-Easy Web UI.
The Firewall setting at the cluster shows 51821 UDP.
I guess for the WG-Easy Web UI it should be TCP.
Again Thanks for your work.
1 Like
Thanks for testing!
IIRC I didnāt need them during testingā¦which distro are you using for NS8?
I need to recheckā¦
Thanks in advance!
It should be reachable under the hostname/FQDN you set in the app settings like https://wg-easy.domain.tld
The WireGuard VPN uses port 51820 UDP so the firewall should open that port.
The wg-easy container publishes port 51821 TCP for the web UI.
If you need to use another wireguard vpn port than the default 51820/udp you can define something like WG_PORT=23232 but youād need to open the right firewall port manually.
Iām going to add the port to the UI so itās changeable if already in use.