centos7 host based debian docker image failed to implement boringtun in usersapce #394
Description
For Host info:
OS: CentoS Linux 7 (Core) x86_64
Host: Google Compute Engine_64
Kernel: 3.10.0-1160.105.1.el7.x86_64
Uptime: 30 mins
Packages: 356 (rpm)
Shell: bash 4.2.46
Terminal: /dev/pts/0
CPU: Intel Xeon (1) @ 2.199GHz
Memory: 337M1B / 3534MiB
Run docker command:
sudo docker run --privileged --restart=always -itd \
--name warp \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
--cap-add NET_ADMIN --cap-add SYS_MODULE \
-p 9091:9091 \
-v /lib/modules:/lib/modules \
debian:bookwormInside container commands:
apt-get -qq update \
&& apt-get -qq install curl net-tools \
&& apt-get -qq install --no-install-recommends dante-server iproute2 procps iptables openresolv kmod wireguard \
&& apt-get -qq autoremove --purge && apt-get clean
IFACE=$(ip route show default | grep default | awk '{print $5}')
IPv4=$(ifconfig "$IFACE" | awk '/inet /{print $2}' | cut -d' ' -f2)
IPv6=$(ifconfig "$IFACE" | awk '/inet6 /{print $2}' | cut -d' ' -f2)
sed -i "/\[Interface\]/a PostDown = ip -6 rule delete from ${IPv6} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostUp = ip -6 rule add from ${IPv6} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from ${IPv4} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostUp = ip -4 rule add from ${IPv4} lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostDown = ip -4 rule delete from 127.0.0.1 lookup main" wgcf-profile.conf
sed -i "/\[Interface\]/a PostUp = ip -4 rule add from 127.0.0.1 lookup main" wgcf-profile.conf
userspace_wg="https://github.com/Mon-ius/boringtun/releases/download/v0.6.0/boringtun-cli-x86_64-unknown-linux-musl.tar.gz"
curl -fsSL "${userspace_wg}" | tar -xz -C /usr/bin
WG_QUICK_USERSPACE_IMPLEMENTATION=/usr/bin/boringtun-cli WG_SUDO=1 wg-quick up warpInside container error:
WG_QUICK_USERSPACE_IMPLEMENTATION=/usr/bin/boringtun-cli WG_SUDO=1 wg-quick up warp
[#] ip link add warp type wireguard
RTNETLINK answers: Operation not supported
[!] Missing WireGuard kernel module. Falling back to slow userspace implementation.
[#] /usr/bin/boringtun-cli warp
BoringTun started successfully
[#] wg setconf warp /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev warp
[#] ip -6 address add 2606:4700:110:8275:f99:f7ee:1969:ab37/128 dev warp
[#] ip link set mtu 1280 up dev warp
[#] resolvconf -a warp -m 0 -x
[#] wg set warp fwmark 51820
[#] ip -6 route add ::/0 dev warp table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
ip6tables-restore v1.8.9 (nf_tables):
line 3: TABLE_ADD failed (No such file or directory): table raw
[#] resolvconf -d warp -f
[#] ip -6 rule delete table 51820
[#] ip -6 rule delete table main suppress_prefixlength 0
[#] ip link delete dev warp