RTNETLINK answers: Permission denied
Opened this issue · 13 comments
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.xx.xx.131/32 dev wg0
[#] ip -6 address add fc00:bbbb:xxxx:xxxx::0:xxxx/128 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0
2021-03-22 10:39:49.130124 [INFO] VPN_ENABLED defined as 'yes'
2021-03-22 10:39:49.150408 [INFO] VPN_TYPE defined as 'wireguard'
2021-03-22 10:39:49.181265 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2021-03-22 10:39:49.204315 [INFO] VPN remote line defined as '185.xxx.xxx.70:51820'
2021-03-22 10:39:49.226832 [INFO] VPN_REMOTE defined as '185.xxx.xxx.70'
2021-03-22 10:39:49.249201 [INFO] VPN_PORT defined as '51820'
2021-03-22 10:39:49.270035 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2021-03-22 10:39:49.130124 [INFO] VPN_ENABLED defined as 'yes'
2021-03-22 10:39:49.150408 [INFO] VPN_TYPE defined as 'wireguard'
2021-03-22 10:39:49.181265 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2021-03-22 10:39:49.204315 [INFO] VPN remote line defined as '185.xxx.xxx.70:51820'
2021-03-22 10:39:49.226832 [INFO] VPN_REMOTE defined as '185.xxx.xxx.70'
2021-03-22 10:39:49.249201 [INFO] VPN_PORT defined as '51820'
2021-03-22 10:39:49.270035 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2021-03-22 10:39:49.295977 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0.
2021-03-22 10:39:49.322001 [INFO] LAN_NETWORK defined as '192.168.178.0/24'
2021-03-22 10:39:49.344897 [INFO] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'
2021-03-22 10:39:49.369305 [INFO] Adding 1.1.1.1 to resolv.conf
2021-03-22 10:39:49.392650 [INFO] Adding 1.0.0.1 to resolv.conf
2021-03-22 10:39:49.414332 [INFO] Starting WireGuard...
Warning: `/config/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.xx.xx.131/32 dev wg0
[#] ip -6 address add fc00:xxxx:xxxx:xxxx::0:5a82/128 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0
I am unable to start the container. After the Permission Error it just restarts.
Same issue as the user above:
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.69.183.235/32 dev wg0
[#] ip -6 address add fc00:bbbb:bbbb:bb01::6:b7ea/128 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0
2021-03-28 03:55:23.512295 [INFO] VPN_ENABLED defined as 'yes'
2021-03-28 03:55:23.558108 [INFO] VPN_TYPE defined as 'wireguard'
2021-03-28 03:55:23.609763 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2021-03-28 03:55:23.656457 [INFO] VPN remote line defined as '198.xxxxx:51820'
2021-03-28 03:55:23.695353 [INFO] VPN_REMOTE defined as '198.xxxxx'
2021-03-28 03:55:23.737439 [INFO] VPN_PORT defined as '51820'
2021-03-28 03:55:23.773759 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2021-03-28 03:55:23.811952 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0.
2021-03-28 03:55:23.864672 [INFO] LAN_NETWORK defined as '192.168.2.99/24'
2021-03-28 03:55:23.911732 [INFO] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'
2021-03-28 03:55:23.955980 [INFO] Adding 1.1.1.1 to resolv.conf
2021-03-28 03:55:23.996597 [INFO] Adding 1.0.0.1 to resolv.conf
2021-03-28 03:55:24.031224 [INFO] Starting WireGuard...
Warning: `/config/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.69.183.235/32 dev wg0
[#] ip -6 address add xxxxxxxxx:6:b7ea/128 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0
@xLogiiCx Wishful thinking, but did you ever figure out the issue?
@PuppyLover101 nope, sorry i only figured out it could be a issue with IPv6
Did you run the container privileged?
@PuppyLover101 nope, sorry i only figured out it could be a issue with IPv6
Has --sysctl net.ipv6.conf.all.disable_ipv6=1 worked for you? Doesn't work for me (unRAID)
Did you run the container privileged?
Yes, it's privileged (unRAID)
Has --sysctl net.ipv6.conf.all.disable_ipv6=1 worked for you? Doesn't work for me (unRAID)
No does not work for me sadly.
Did you run the container privileged?
Yes, i tried both.
@PuppyLover101 are you using a kill switch in your wireguard config file?
Btw. this is the command which i / unraid uses to start the container maybe that helps:
root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='passthroughvpn' --net='bridge' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'VPN_ENABLED'='yes' -e 'VPN_TYPE'='wireguard' -e 'VPN_USERNAME'='' -e 'VPN_PASSWORD'='' -e 'LAN_NETWORK'='192.168.178.0/24' -e 'ADDITIONAL_PORTS'='' -e 'RESTART_CONTAINER'='no' -e 'PUID'='99' -e 'PGID'='100' -e 'NAME_SERVERS'='1.1.1.1,1.0.0.1' -e 'UMASK'='002' -e 'HEALTH_CHECK_HOST'='one.one.one.one' -e 'HEALTH_CHECK_INTERVAL'='300' -e 'HEALTH_CHECK_SILENT'='1' -v '/mnt/user/appdata/passthroughvpn':'/config':'rw' --sysctl net.ipv6.conf.all.disable_ipv6=1 --restart unless-stopped 'dyonr/passthroughvpn'
Any Update?
@xLogiiCx What version of Unraid are you using?
Looking at the docker run command you posted, I really can not see anything wrong.
Mine is pretty much identical, but the exposed ports.
I just had this issue and I fixed it by removing the IPv6 address in my wireguard config file
I resolved this for my setup by ensuring that in the MVD generator I was using IPv4 only and that the killswitch was NOT checked.