Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unable to connect, keys mismatch and no easy debug #48

Open
roberto-sebastiano opened this issue Mar 3, 2024 · 1 comment
Open

unable to connect, keys mismatch and no easy debug #48

roberto-sebastiano opened this issue Mar 3, 2024 · 1 comment

Comments

@roberto-sebastiano
Copy link

Hello,

I'm having issue with this chart.

From what I see, the keys present in the POD are different from those specified in the yaml file.
kubectl get logs reports

wgrs-wireguard-xqvv9 sysctls net.ipv4.ip_forward = 1
wgrs-wireguard-xqvv9 sysctls net.ipv4.conf.all.forwarding = 1
wgrs-wireguard-xqvv9 wireguard [#] ip link add wg0 type wireguard
wgrs-wireguard-xqvv9 wireguard [#] wg setconf wg0 /dev/fd/63
wgrs-wireguard-xqvv9 wireguard [#] ip -4 address add 172.32.32.1/24 dev wg0
wgrs-wireguard-xqvv9 wireguard [#] ip link set mtu 1290 up dev wg0
wgrs-wireguard-xqvv9 wireguard [#] wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s 172.32.32.0/24 -o eth0 -j MASQUERADE
wgrs-wireguard-xqvv9 wireguard Public key 'dRH4Ms/h+H3BmT/J.....'

But in the yaml file, I specified:

wireguard:
  serverAddress: 172.32.32.1/24
  serverCidr: 172.32.32.0/24
  natAddSourceNet: true
  allowWan: false
  clients:
    - AllowedIPs: 172.32.32.2/32
      PublicKey: cbrG5zpfV1BIZZk...
      PresharedKey: KmkotoRaR1B...

wg show wg0 shows

interface: wg0
public key: cbrG5zpfV1BIZZkJNb3OYIilOg4Xdvp/juMNS27/6zA=
private key: (hidden)
listening port: 35008

Another things I note, is that the pod is very hard to debug, I can't get to any shell and kubectl exec gives errors in reading /etc/wireguard

The project seems promising but more focus should be put into documentation (also a way to debug)

--
Roberto
@bryopsida
Copy link
Owner

bryopsida commented Mar 4, 2024
edited
Loading

Another things I note, is that the pod is very hard to debug, I can't get to any shell and kubectl exec gives errors in reading /etc/wireguard

What kubernetes version and kubernetes distribution are you using? Does your cluster have something applying role bindings impacting kubectl exec permissions? Or are you using a different wireguard container image?

The default image is alpine based and has a shell included so there shouldn't be anything from the image or chart preventing shell access through kubectl.

image

Containers:
  wireguard:
    Container ID:   containerd://a32c61963c1c2d94fa103f547193d13daa7fcf5158b0dc38c5f8ded523229617
    Image:          ghcr.io/bryopsida/wireguard:main
    Image ID:       ghcr.io/bryopsida/wireguard@sha256:500ae22c9f4a0a3ed50c1d7b165b2caf1036dacfd61d893ceeb94f13b93fa2f0
    Port:           51820/UDP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bryopsida @roberto-sebastiano