HA seems not accessible from inside vpn #32
Description
Problem/Motivation
I installed latest version of Hassio in my raspberry pi2. I tried to install the addon from HA store using your repo and compiled config as it was before (I already had a HA installation on this rpi2 using docker image). If I try to run the plugin it says that it can't set a variable and it deletes link to route and iptables rules added
Expected behavior
It connect to my wireguard server on my vps and it's accessible from my vpn
Actual behavior
It turns off the connection because it can't set a variable and it says this
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
sysctl: error setting key 'net.ipv4.conf.all.src_valid_mark': Read-only file system
This is the complete log
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing...
-----------------------------------------------------------
Add-on: WireGuard Client
Fast, modern, secure Wireguard tunnel (client)
-----------------------------------------------------------
Add-on version: 0.2.2
You are running the latest version of this add-on.
System: Home Assistant OS 11.1 (armv7 / raspberrypi2)
Home Assistant Core: 2023.11.2
Home Assistant Supervisor: 2023.11.3
-----------------------------------------------------------
Please, share the above information when looking for help
or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing...
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] config.sh: executing...
[21:07:31] INFO: Ended to write Wireguard configuration into: [/etc/wireguard/wg0.conf]
[cont-init.d] config.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[21:07:32] INFO: Starting WireGuard Client...
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add y.y.y.y/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
sysctl: error setting key 'net.ipv4.conf.all.src_valid_mark': Read-only file system
[#] resolvconf -d wg0 -f
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev wg0
[21:08:02] INFO: Requesting current status from WireGuard Client...
[21:08:32] INFO: Requesting current status from WireGuard Client...
Steps to reproduce
I simply run the addon with this config
interface:
private_key: <hidden>
address: y.y.y.y
dns:
- y.y.y.z
post_up: >-
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; iptables -A FORWARD -p
tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
post_down: >-
iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; iptables -D FORWARD -p
tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
mtu: 1420
peers:
- public_key: <hidden>
pre_shared_key: <hidden>
endpoint: x.x.x.x:51830
allowed_ips:
- 0.0.0.0/0
persistent_keep_alive: "25"The old config file was
[Interface]
PrivateKey = <hidden>
Address = y.y.y.y/24,<ipv6 address>/64
DNS = y.y.y.z
[Peer]
PublicKey = <hidden>
PresharedKey = <hidden>
Endpoint = x.x.x.x:51830
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepAlive = 25