-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect WireGuard in Containers, and allow install. #185
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did a Rundown for you, so you know exactly what I did in the code :)
I'm sure you would deduce all of this on your own. But I thought it would save you some time :)
if ip link add wg999 type wireguard 2> /dev/null ; then | ||
echo "OpenVZ is not supported, but it seems to have correct kernel modules." | ||
ip link del wg999 | ||
read -rp "Press enter to continue at your own risk, or CTRL-C to quit." | ||
Container=1 | ||
else | ||
echo "OpenVZ is not supported" | ||
exit 1 | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Tests for the WireGuard Module, and allows the install of the script at the users risk. As I have not tested OpenVZ.
The Test works by creating a Wireguard Interface of wg999, and if successful, the Wireguard Kernel module exists and works. Then it deletes that interface.
if ip link add wg999 type wireguard 2> /dev/null ; then | ||
ip link del wg999 | ||
echo "LXC is currently in Beta." | ||
echo "WireGuard can technically run in an LXC container," | ||
echo "but the kernel module has to be installed on the host," | ||
echo "the container has to be run with some specific parameters" | ||
echo "and only the tools need to be installed in the container." | ||
echo "The Kernel seems to support Wireguard." | ||
read -rp "Press enter to continue at your own risk, or CTRL-C to quit." | ||
Container=1 | ||
else | ||
echo "Your LXC host does not have the WireGuard Kernel Module." | ||
echo "If you have access to the host, try installing wireguard-dkms on it." | ||
exit 1 | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This Tests for WireGuard, and allows user to continue. I have tested this on my own LXD Ubuntu 20.04 server with Centos 7/8, Fedora 32/22, Debian 10, Ubuntu 16.04/18.04/20.04, and ArchLinux.
It the Kernel module isn't there, It exits, and suggests to install it to the Host, if user has access to it. Doesn't help if they are using a VPS that they can't change.
The Test works by creating a Wireguard Interface of wg999, and if successful, the Wireguard Kernel module exists and works. Then it deletes that interface.
if [[ $Container == 1 ]]; then | ||
apt-get install -y -t buster-backports wireguard-tools --no-install-recommends | ||
else | ||
apt-get install -y -t buster-backports wireguard | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Install only wireguard-tools for Debian, as that is all that is needed when Kernel Module works.
if [[ $Container != 1 ]]; then | ||
dnf install -y wireguard-dkms | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If not a Container, then install wireguard-dkms. Not needed if it is in Kernel with a container.
if [[ $Container == 1 ]]; then | ||
yum -y install wireguard-tools iptables qrencode | ||
else | ||
yum -y install kmod-wireguard wireguard-tools iptables qrencode | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Install only wireguard-tools for Centos, as that is all that is needed when Kernel Module works.
apt-get autoremove --purge -y wireguard qrencode | ||
apt-get autoremove --purge -y wireguard wireguard-tools qrencode | ||
elif [[ ${OS} == 'debian' ]]; then | ||
apt-get autoremove --purge -y wireguard qrencode | ||
apt-get autoremove --purge -y wireguard wireguard-tools qrencode |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added wireguard-tools to the uninstall, as it is installed either way, but not purged if a container.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That looks pretty good, thanks!
Co-authored-by: Stanislas <[email protected]>
Strangely on Hostinger VPS, OPENVZ is running with 5.4.0 kernel, but this command fails, while |
I can delete interface, but can not create. what is this sorcerry? |
I have tested this on my Ubuntu 20.04 server that has native Wireguard in its Kernel running LXD 4.10.
I have tested the following Unprivileged Containers:
I have not tested on OpenVZ