Configuration is not applied on ArchLinux
vx3r opened this issue · comments
Describe the bug
Configuration is not applied on Archlinux
uname -a
Linux squanchy 5.4.8-arch1-1 #1 SMP PREEMPT Sat, 04 Jan 2020 23:46:18 +0000 x86_64 GNU/Linux
To Reproduce
My docker-compose.yml
wireguard-ui:
image: embarkstudios/wireguard-ui:latest
container_name: wireguard-ui
restart: unless-stopped
networks:
br_docker:
ipv6_address: fd9f::10:0:0:37
ipv4_address: 10.0.0.37
expose:
- "8080/tcp"
- "5555/tcp"
volumes:
- /mnt/raid-lv-data/docker-persistent-data/wireguard-ui:/data
command: --data-dir=/data --log-level=debug --client-ip-range=10.6.6.0/24 --nat-device=eno1 --wg-endpoint=wireguard.127-0-0-1.fr:123 --wg-dns=10.0.0.2 --wg-device-name=wg1
privileged: true
wg command on host is not showing anything.
How wireguard-ui is supposed to configure host from docker ? Can you please elaborate in documentation ?
Hi @vx3r,
Thank you for creating an issue. The wireguard-ui is only a ui, meaning that you need to have wireguard installed on the host for it to be able to configure anything. As the flag privileged is set to true, this means that the container will be able to perform actions on the host that it otherwise could not (see. https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities).
I will add an internal ticket to clarify the docs and close this issue.
I’ve been having the same issue, and ended up not using it at all sadly.
Basically no interaction between WireGuard-ui docker and WireGuard on the host
Hi @freddd
I have WireGuard installed on host and working with static files configuration.
Do I need to install some other packages to allow wireguard-ui modify wireguard configs ?
I will open up the issue again. I'm running it on both Ubuntu and OSX without any additional packages. I will ask my colleagues running other OS's to see if they are experiencing issues. @N0jja, what OS are you running?
I'm running on
- Debian 10.2
- Wireguard 0.0.20191219
- Docker 19.03.5, build 633a0ea838
@vx3r and @N0jja, is it possible for you to run it and paste the log in this issue? I'm thinking if it could be related to #8 (comment)
Some infos:
#modinfo wireguard
filename: /lib/modules/5.4.13-arch1-1/extramodules/wireguard.ko.xz
alias: net-pf-16-proto-16-family-wireguard
alias: rtnl-link-wireguard
version: 0.0.20200105
author: Jason A. Donenfeld <Jason@zx2c4.com>
description: WireGuard secure network tunnel
license: GPL v2
srcversion: 319AA8C917930DE57B7D593
depends: udp_tunnel,ip6_udp_tunnel
retpoline: Y
name: wireguard
vermagic: 5.4.13-arch1-1 SMP preempt mod_unload
#docker-compose up wireguard-ui
wireguard-ui is up-to-date
Attaching to wireguard-ui
wireguard-ui | time="2020-01-20T08:23:29Z" level=info msg=Starting
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="ipAddr: 10.6.6.0 ipNet: 10.6.6.0/24"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Read server config from file: /data/config.json"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Configuration loaded with public key: E7aDoVPjZqdVGqNclNvwLnzEMd6PSjEcJQhr+HGe6Bs="
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Server initialized: /data"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Adding wireguard device: wg1"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Adding ip address to wireguard device: 10.6.6.0/24"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Bringing up wireguard device: wg1"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Adding NAT / IP masquerading using nftables"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Flushing nftable rulesets"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Setting up nftable rules for ip masquerading"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Reconfiguring wireguard interface wg1"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Adding wireguard private key"
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.6.6.1 ffffffff}]" client=1 key="ACWh02+f/TBWKdWglpOhm388F3eFwJL+8pVt5tDMmi0=" user=anonymous
wireguard-ui | time="2020-01-20T08:23:29Z" level=debug msg="Serving static assets embedded in binary"
wireguard-ui | time="2020-01-20T08:23:29Z" level=info msg="Starting server" listenAddr=":8080"
wireguard-ui | time="2020-01-20T08:33:10Z" level=info msg=Starting
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="ipAddr: 10.6.6.0 ipNet: 10.6.6.0/24"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Read server config from file: /data/config.json"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Configuration loaded with public key: E7aDoVPjZqdVGqNclNvwLnzEMd6PSjEcJQhr+HGe6Bs="
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Server initialized: /data"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Adding wireguard device: wg1"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Adding ip address to wireguard device: 10.6.6.0/24"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Bringing up wireguard device: wg1"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Adding NAT / IP masquerading using nftables"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Flushing nftable rulesets"
wireguard-ui | time="2020-01-20T08:33:10Z" level=debug msg="Setting up nftable rules for ip masquerading"
wireguard-ui | time="2020-01-20T08:33:11Z" level=debug msg="Reconfiguring wireguard interface wg1"
wireguard-ui | time="2020-01-20T08:33:11Z" level=debug msg="Adding wireguard private key"
wireguard-ui | time="2020-01-20T08:33:11Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.6.6.1 ffffffff}]" client=1 key="ACWh02+f/TBWKdWglpOhm388F3eFwJL+8pVt5tDMmi0=" user=anonymous
wireguard-ui | time="2020-01-20T08:33:11Z" level=debug msg="Serving static assets embedded in binary"
wireguard-ui | time="2020-01-20T08:33:11Z" level=info msg="Starting server" listenAddr=":8080"
and wg is showing nothing, no interface has been created
The compiled binary works from host but not from container. Wireguard-ui need wg command (or any lib) to work properly ?
After running the binary from host i discover that wireguard-ui is flushing all existing nftables rules. It should be configurable wheater touch nftable ruleset or not.
same thing
wireguard working on host, i can use host as a vpn server
but can change config via UI
Debian 10 at DO
Linux mc-vpn 4.19.0-8-cloud-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 GNU/Linux
wireguard-tools v1.0.20200206 - https://git.zx2c4.com/wireguard-tools/
Docker version 19.03.8, build afacb8b7f0
docker image has:
privileged: yes
capabilities:
- NET_ADMIN
- SYS_ADMIN
Same problem for me on:
- ArchLinux
- Kernel 5.6.10
- Docker version 19.03.8-ce, build afacb8b7f0
# modinfo wireguard
filename: /lib/modules/5.6.10-arch1-1/kernel/drivers/net/wireguard/wireguard.ko.xz
alias: net-pf-16-proto-16-family-wireguard
alias: rtnl-link-wireguard
version: 1.0.0
author: Jason A. Donenfeld <Jason@zx2c4.com>
description: WireGuard secure network tunnel
license: GPL v2
srcversion: 0DD380162CD80B77F6B9585
depends: libblake2s,udp_tunnel,curve25519-x86_64,libchacha20poly1305,ip6_udp_tunnel,libcurve25519-generic
retpoline: Y
intree: Y
name: wireguard
vermagic: 5.6.10-arch1-1 SMP preempt mod_unload
@vx3r @N0jja @nestyurkin @djesionek
Could you show me the output of ip a executed on the host and the container? I'm ready to reproduce the errors.
I'm having the same issue with Debian 10
Linux vpn 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux
I can create configs and wireguard is installed on the host. I've been using wireguard as a vpn on the host for a few days and it works fine but wg-ui doesn't do anything.
output from docker-compose
magsurveys@vpn:~/wg-ui$ docker-compose up
Creating network "wg-ui_default" with the default driver
Creating wireguard-ui ... done
Attaching to wireguard-ui
wireguard-ui | time="2020-07-20T16:18:11Z" level=info msg=Starting
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="ipAddr: 10.10.50.0 ipNet: 10.10.50.0/24"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Read server config from file: /data/config.json"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Configuration loaded with public key: 0gWOuELfafwQLAIDy/NRpd+lSS5hWylB45L4MPv5Tig="
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Server initialized: /data"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding wireguard device: wg0"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding ip address to wireguard device: 10.10.50.0/24"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Bringing up wireguard device: wg0"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Reconfiguring wireguard interface wg0"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding wireguard private key"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.10.50.1 ffffffff}]" client=1 key="VJ5v37kXYPdqlt+u/LfKah/m4y5hNjPxvH7PJaPOTnY=" user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Serving static assets embedded in binary"
wireguard-ui | time="2020-07-20T16:18:11Z" level=info msg="Starting server" listenAddr=":8080"
wireguard-ui | time="2020-07-20T16:18:36Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:36Z" level=debug msg=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:36Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg=CreateClient user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="user config: &main.UserConfig{Name:"f.pope-carter@######.co.uk", Clients:map[string]*main.ClientConfig{"1":(*main.ClientConfig)(0xc00014e180)}}"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Allocated IP: 10.10.50.2"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg=Reconfiguring
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Reconfiguring wireguard interface wg0"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Adding wireguard private key"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.10.50.2 ffffffff}]" client=2 key="+QwyQSNDSXmBoMTFkGXI6yHqG/42R7atMQRhcZsITE8=" user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.10.50.1 ffffffff}]" client=1 key="VJ5v37kXYPdqlt+u/LfKah/m4y5hNjPxvH7PJaPOTnY=" user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
ip a from host
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 8e:45:a9:71:fc:b5 brd ff:ff:ff:ff:ff:ff
inet 10.10.0.250/24 brd 10.10.0.255 scope global dynamic ens18
valid_lft 69090sec preferred_lft 69090sec
inet6 fe80::8c45:a9ff:fe71:fcb5/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b5:7a:3a:36 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:b5ff:fe7a:3a36/64 scope link
valid_lft forever preferred_lft forever
42: br-57c672935e1d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:dc:96:c3:58 brd ff:ff:ff:ff:ff:ff
inet 172.22.0.1/16 brd 172.22.255.255 scope global br-57c672935e1d
valid_lft forever preferred_lft forever
inet6 fe80::42:dcff:fe96:c358/64 scope link
valid_lft forever preferred_lft forever
44: vetha1d30c7@if43: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-57c672935e1d state UP group default
link/ether 0a:d1:d2:54:5a:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::8d1:d2ff:fe54:5a5d/64 scope link
valid_lft forever preferred_lft forever
i can't run ip from the container?
magsurveys@vpn:~/wg-ui$ docker exec -it 8835abb07e3a ip a
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: "ip": executable file not found in $PATH": unknown
I'm having the same issue with Debian 10
Linux vpn 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/LinuxI can create configs and wireguard is installed on the host. I've been using wireguard as a vpn on the host for a few days and it works fine but wg-ui doesn't do anything.
output from docker-compose
magsurveys@vpn:~/wg-ui$ docker-compose up
Creating network "wg-ui_default" with the default driver
Creating wireguard-ui ... done
Attaching to wireguard-ui
wireguard-ui | time="2020-07-20T16:18:11Z" level=info msg=Starting
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="ipAddr: 10.10.50.0 ipNet: 10.10.50.0/24"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Read server config from file: /data/config.json"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Configuration loaded with public key: 0gWOuELfafwQLAIDy/NRpd+lSS5hWylB45L4MPv5Tig="
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Server initialized: /data"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding wireguard device: wg0"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding ip address to wireguard device: 10.10.50.0/24"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Bringing up wireguard device: wg0"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Reconfiguring wireguard interface wg0"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding wireguard private key"
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.10.50.1 ffffffff}]" client=1 key="VJ5v37kXYPdqlt+u/LfKah/m4y5hNjPxvH7PJaPOTnY=" user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:11Z" level=debug msg="Serving static assets embedded in binary"
wireguard-ui | time="2020-07-20T16:18:11Z" level=info msg="Starting server" listenAddr=":8080"
wireguard-ui | time="2020-07-20T16:18:36Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:36Z" level=debug msg=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:36Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg=CreateClient user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="user config: &main.UserConfig{Name:"f.pope-carter@######.co.uk", Clients:map[string]*main.ClientConfig{"1":(*main.ClientConfig)(0xc00014e180)}}"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Allocated IP: 10.10.50.2"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg=Reconfiguring
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Reconfiguring wireguard interface wg0"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Adding wireguard private key"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.10.50.2 ffffffff}]" client=2 key="+QwyQSNDSXmBoMTFkGXI6yHqG/42R7atMQRhcZsITE8=" user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Adding wireguard peer" allowedIPs="[{10.10.50.1 ffffffff}]" client=1 key="VJ5v37kXYPdqlt+u/LfKah/m4y5hNjPxvH7PJaPOTnY=" user=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg=f.pope-carter@######.co.uk
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"
wireguard-ui | time="2020-07-20T16:18:45Z" level=debug msg="Auth required"ip a from host
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 8e:45:a9:71:fc:b5 brd ff:ff:ff:ff:ff:ff
inet 10.10.0.250/24 brd 10.10.0.255 scope global dynamic ens18
valid_lft 69090sec preferred_lft 69090sec
inet6 fe80::8c45:a9ff:fe71:fcb5/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b5:7a:3a:36 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:b5ff:fe7a:3a36/64 scope link
valid_lft forever preferred_lft forever
42: br-57c672935e1d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:dc:96:c3:58 brd ff:ff:ff:ff:ff:ff
inet 172.22.0.1/16 brd 172.22.255.255 scope global br-57c672935e1d
valid_lft forever preferred_lft forever
inet6 fe80::42:dcff:fe96:c358/64 scope link
valid_lft forever preferred_lft forever
44: vetha1d30c7@if43: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-57c672935e1d state UP group default
link/ether 0a:d1:d2:54:5a:5d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::8d1:d2ff:fe54:5a5d/64 scope link
valid_lft forever preferred_lft foreveri can't run ip from the container?
magsurveys@vpn:~/wg-ui$ docker exec -it 8835abb07e3a ip a
OCI runtime exec failed: exec failed: container_linux.go:349: starting container process caused "exec: "ip": executable file not found in $PATH": unknown
So you want to control wg0 on host. This need container and host are in same network namespace.
Maybe you can try host network_mode. https://docs.docker.com/compose/compose-file/#network_mode
I'v egot this working on Arch linux using docker-compose with this config:
wireguard-ui:
image: embarkstudios/wireguard-ui:latest
container_name: wireguard-ui
restart: always
environment:
- WIREGUARD_UI_LOG_LEVEL=debug
- WIREGUARD_UI_DATA_DIR=/data
- WIREGUARD_UI_LISTEN_ADDRESS=:8820
- WIREGUARD_UI_NAT=true
- WIREGUARD_UI_NAT_DEVICE=enp1s0
- WIREGUARD_UI_CLIENT_IP_RANGE=192.168.89.0/24
- WIREGUARD_UI_AUTH_USER_HEADER="X-Forwarded-User"
- WIREGUARD_UI_MAX_NUMBER_OF_CLIENT_CONFIGS=64
- WIREGUARD_UI_WG_LISTEN_PORT=23427
- WIREGUARD_UI_WG_ENDPOINT=remote.domain.com:23427
- WIREGUARD_UI_WG_ALLOWED_IPS=0.0.0.0/0
- WIREGUARD_UI_WG_DNS=192.168.88.1
volumes:
- /opt/docker/wireguard-ui:/data
entrypoint: "/wireguard-ui"
privileged: true
network_mode: "host"
Maybe some of the env vars are unecessary because the are equal to the default.
My Arch is Linux horus 5.7.6-arch1-1 #1 SMP PREEMPT Thu, 25 Jun 2020 00:14:47 +0000 x86_64 GNU/Linux
Hope that helps some of you guys
Hi,
i have the same problem. When i run wg-ui regularly dockerized as it is documented, the config does not seem to be applied. Active tunnels do not work, no traffic is received by the client. I cannot debug anything since the container does not have the ip command installed.
When run with host network mode, wg-ui is apparently able to configure the host's wg0 interface, since after deleting the config.json and let wg-ui create a new keypair, the output of wg show on the host indicates that the wg0 is configured with the new keypair. However, i cannot create client configs in this mode. After entering a client's name and label a click on the "Create" button does nothing. I do not even see any debug lines hinting for any error.
I have now spent a few hours trying to reproduce this problem without any success at all.
Versions:
Debian 11
docker-ce 5:20.10.10~3-0~debian-bullseye
docker-compose 1.25.0-1
wireguard 1.0.20210223-1
wireguard-tools 1.0.20210223-1
Composer config:
version: "3.7"
services:
app:
image: embarkstudios/wireguard-ui:latest
entrypoint: "/wireguard-ui"
privileged: true
network_mode: "host"
volumes:
- /opt/wireguard-ui:/data
environment:
- WIREGUARD_UI_LISTEN_ADDRESS=:8080
- WIREGUARD_UI_LOG_LEVEL=debug
- WIREGUARD_UI_DATA_DIR=/data
- WIREGUARD_UI_WG_LISTEN_PORT=51820
- WIREGUARD_UI_WG_ENDPOINT=PUBLIC.IP.ADDRESS:51820
- WIREGUARD_UI_CLIENT_IP_RANGE=192.168.10.0/24
- WIREGUARD_UI_WG_DNS=1.1.1.1
- WIREGUARD_UI_NAT=true
- WIREGUARD_UI_NAT_DEVICE=ens192
- WIREGUARD_UI_WG_ALLOWED_IPS=0.0.0.0/0
# - WIREGUARD_UI_WG_DEVICE_NAME=wg0
restart: always
From my point of view this seems to be a local problem rather than a wg-ui issue.