Segmentation fault
furrybanana opened this issue ยท 34 comments
Hi there,
tried to follow your Tutorial but stuck on generating keys on a raspberry pi 2.
pi@raspberrypi:~/wgkeys $ wg genkey > server_private.key
Segmentation fault
/edit:
Enable ipv4 forwarding then reboot to make changes active
pi@raspberrypi:~ $ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
does not work, i had to edit myself with nano.
Hi furrybanana,
Thanks for reporting this.
Segfault means that it was compiled for another architecture.
Please uninstall sudo apt-get remove wireguard.
And install manually:
Enable ipv4 forwarding then reboot to make changes active
Did you run this command before?
pi@raspberrypi:~ $ sudo sed -ir 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
pi@raspberrypi:~ $ sudo reboot
If yes, do you remember what whas the original value?
It should replace:
#net.ipv4.ip_forward=1
or
#net.ipv4.ip_forward=0
to
net.ipv4.ip_forward = 1
also segfaulting on a raspberry pi 1. From memory they're the same architecture?
Yep, Pi Zero/ 1 /2 are the same, except the Pi 2 v1.2(it was released in late 2016).
Hi and thank you for the fast answer.
the same microsd card works in a raspberry pi 3. I could generate keys in an instant.
i did apply the command before and it returned:
net.ipv4.ip_forward=0
i hat to edit #net.ipv4.ip_forward=0 --> net.ipv4.ip_forward=1
Did you rebooted too? You should. But maybe I am going to remove this from guide, because manual method is the best.
yes i always rebooted like mentioned in the tutorial.
Thanks, I try to reproduce and fix then.
Seems the issue is the build is for ARMv8, might need to upgrade the guide to recommend a 2 v1.2 or greater.
Thank you, i will try another Pi 2, as i got all of them (expect the newest 3).
Please run on fresh install:
pi@raspberrypi:~ $ sudo sed -r 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
It should not rewrite the file, but show the result in terminal. So we can check if it has been replaced.
@Syd Done. If there is an other way to install on these older architectures, let me know. I'll try to find other method.
so i tested another pi 2 v1.1 and it works. don't know why one is not working. same sdcard, power supply, network cable, genkey now works.
maybe that pi it is dead or something went corrupt.
for fun i tried a Pi Model B+ V1.2 (2014) - throws Segmentation fault
so confirmed working on:
Pi 2 Model B V1.1 (2014)
Pi 3 Model B V1.2 (2015)
Hmm, that's weird.
What
pi@raspberrypi ~ $ cat /proc/cpuinfo
is showing? It is same for both pi 2?
My conclusion: 2B should work, because of ARMv7 architecture?
ARMv6 (1, Zero, ZeroW) pretty sure needs manual compiling.
I updated the guide, no need for rpi-source:
It's actually pretty simple to compile manually. Yes, upgrade requires one more step, like a simple apt-get update/upgrade.
Please run on fresh install:
pi@raspberrypi:~ $ sudo sed -r 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
It should not rewrite the file, but show the result in terminal. So we can check if it has been replaced.@Syd Done. If there is an other way to install on these older architectures, let me know. I'll try to find other method.
so after
pi@raspberrypi:~ $ sudo sed -r 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
I see
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward = 1
and reboot, I get:
pi@raspberrypi:~ $ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
after opening sudo nano /etc/sysctl.conf
it is still commented with a #
Wait, sed -r just showing the output in terminal, but at least we know that it is working.
Please do one more test with -i command, which overwrite the file:
pi@raspberrypi:~ $ sudo sed -r 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
shoot, already manual'd my way. will try on another pi later.
Wait, sed -r just showing the output in terminal, but at least we know that it is working.
Please do one more test with -i command, which overwrite the file:
pi@raspberrypi:~ $ sudo sed -r 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
tried it, still after reboot it is showing
sysctl net.ipv4.ip_forward
it still did not remove the # from sysctl.conf
Oh man, I forgot to include -i in that command. I don't want you to stress to check one more time. :(
pi@raspberrypi:~ $ sudo sed -ir 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
Nope, still
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
Good question, what is happening here. I try to do more research.
Other question:
Do I have to set an Endpoint in my server wg0.conf ?
[Interface]
Endpoint = myDNSadress.com:51820
Address = 10.0.1.1/24
ListenPort = 51820
PrivateKey = KEYKEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
#Client1
PublicKey = YEKYEK
AllowedIPs = 10.0.1.2/32
No, it just for clients.
I was able to reproduce bug, this should work
sudo perl -pi -e 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
Starting key was:
#net.ipv4.ip_forward=0
Thank you, will try it again later.
i am trying to get this to run on a rapsberry pi 1 with this link: https://github.com/adrianmihalko/raspberrypiwireguard/wiki/Install-WireGuard-on-Raspberry-Pi-1,-2-(not-v1.2),-Zero,-Zero-W
i could generate keys but cant connect. do i have to do the other stuff too?
pi@raspberrypi:~ $ echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list
pi@raspberrypi:~ $ sudo apt-get install dirmngr
pi@raspberrypi:~ $ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
pi@raspberrypi:~ $ printf 'Package: *\nPin: release a=unstable\nPin-Priority: 150\n' | sudo tee --append /etc/apt/preferences.d/limit-unstable
No, you do not need this if you compiled manually. After you compiled, verify it works by running sudo wg. You should not get any error after that.
Then your next step is to start configuring.
2. Configuring WireGuard and the rest.
Double check your keys (if they are on right place). This is the main reason it won't work.
Tomorrow there will be a live stream about setting up WireGuard by DrZzs, watch it:
ok did that, i have setup server, client and ios but i fail to ping the server from client.
/edit: wooops, forgot to delete the old port forward so my fritz was giving it a different port.
BTW check this guide too, it helps a lot in configuring multiple users, mobile clients:
Coool! I am glad it works.
I wanted to thank you again. Great work.
Now i only need to find out, why it does only work if Allowed IPs is set to 0.0.0.0/0 - can't get my own working
On mobile? If you set 0.0.0.0/0 in client, you should fill DNS too (example: 8.8.8.8). If it still not working, you can always ask help in Wireguard IRC channel:
http://webchat.freenode.net?randomnick=1&channels=%23wireguard&uio=d4
yes ios and android only works with 0.0.0.0/0
thank you again ๐
Oh I see now, sorry. What's your local subnet? In the example I showed config for 192.168.1.x
With the setup from the example you can access devices in the 192.168.1.x range + the WG server at 192.168.99.1.
One more important thing, remote subnet and your local subnet can't be the same. So if you are on remote Wifi, which has same 192.168.1.x, you cannot access your home devices, even when you are connected to VPN.
router 192.168.178.1
subnet 255.255.255.0
wireguard server 10.0.0.1
on mobile i could get to my printer, but it won't work with printername.local:port
Oh, good question, but I don't think you can use hostnames on VPN. Ask it for sure on IRC, I am not sure in this.
I was able to reproduce bug, this should work
sudo perl -pi -e 's/#{1,}?net.ipv4.ip_forward ?= ?(0|1)/net.ipv4.ip_forward = 1/g' /etc/sysctl.confStarting key was:
#net.ipv4.ip_forward=0
can confirm, works now.
can be closed, went way to offtopic. thank you very much @adrianmihalko ๐ฅ
Cool, thank you.