Kernel module doesn't load on Fedora/CentOS

[angristan]

[root@fedora-2gb-nbg1-1 ~]# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2019-08-08 22:30:55 CEST; 31s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
  Process: 1056 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=1/FAILURE)
 Main PID: 1056 (code=exited, status=1/FAILURE)

Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: [#] ip link add wg0 type wireguard
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: Error: Unknown device type.
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: Unable to access interface: Protocol not supported
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: [#] ip link delete dev wg0
Aug 08 22:30:55 fedora-2gb-nbg1-1 wg-quick[1056]: Cannot find device "wg0"
Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=1/FAILURE
Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Aug 08 22:30:55 fedora-2gb-nbg1-1 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
[root@fedora-2gb-nbg1-1 ~]#
[root@fedora-2gb-nbg1-1 ~]# lsmod | grep wireguard
[root@fedora-2gb-nbg1-1 ~]#

[root@centos-2gb-nbg1-1 ~]# systemctl status wg-quick@wg0.service
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2019-08-08 22:32:32 CEST; 13s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
 Main PID: 22401 (code=exited, status=1/FAILURE)

Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: [#] ip link add wg0 type wireguard
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: RTNETLINK answers: Operation not supported
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: Unable to access interface: Protocol not supported
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: [#] ip link delete dev wg0
Aug 08 22:32:32 centos-2gb-nbg1-1 wg-quick[22401]: Cannot find device "wg0"
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service: main process exited, code=exited, status=1/FAILURE
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: Unit wg-quick@wg0.service entered failed state.
Aug 08 22:32:32 centos-2gb-nbg1-1 systemd[1]: wg-quick@wg0.service failed.
[root@centos-2gb-nbg1-1 ~]# 
[root@centos-2gb-nbg1-1 ~]# lsmod | grep wireguard
[root@centos-2gb-nbg1-1 ~]# 

[angristan]

I'm following https://www.wireguard.com/install/ so I wonder what could be missing.

[angristan]

Though:

[root@fedora-2gb-nbg1-1 ~]# dkms status
wireguard, 0.0.20190702: added

[angristan]

[root@centos-2gb-nbg1-1 ~]# dkms build wireguard/0.0.20190702
Error! echo
Your kernel headers for kernel 3.10.0-957.21.3.el7.x86_64 cannot be found at
/lib/modules/3.10.0-957.21.3.el7.x86_64/build or /lib/modules/3.10.0-957.21.3.el7.x86_64/source.

But the headers are here.

[root@centos-2gb-nbg1-1 ~]# yum install kernel-headers
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.wiuwiu.de
 * epel: mirror.wiuwiu.de
 * extras: mirror.eu.oneandone.net
 * updates: mirror.ratiokontakt.de
Package kernel-headers-3.10.0-957.27.2.el7.x86_64 already installed and latest version
Nothing to do

[angristan]

OK, the kernel and headers were not the same version:

[root@centos-2gb-nbg1-1 ~]# yum list | grep kernel-headers
kernel-headers.x86_64                   3.10.0-957.27.2.el7            @updates
[root@centos-2gb-nbg1-1 ~]# uname -a
Linux centos-2gb-nbg1-1 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[root@fedora-2gb-nbg1-1 ~]# dnf list | grep kernel-headers
kernel-headers.x86_64                                                  5.2.5-200.fc30                                             @updates
[root@fedora-2gb-nbg1-1 ~]#
[root@fedora-2gb-nbg1-1 ~]# uname -a
Linux fedora-2gb-nbg1-1 5.1.16-300.fc30.x86_64 #1 SMP Wed Jul 3 15:06:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

[angristan]

SOLUTION: Running dnf update or yum update to get an up-to-date kernel and matching headers solves the issue.

[FreedomBen]

Having the same problem on Fedora 29, but my kernel headers and active kernel are the same. It seems to be failing because DKMS can't find the file:

[#] ip link add wg0-client-test type wireguard
Error: Unknown device type.
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0-client-test
Cannot find device "wg0-client-test"
[ben@localhost ~]$ 
[ben@localhost ~]$ dkms status
Error! Could not locate dkms.conf file.
File: /var/lib/dkms/wireguard/0.0.20190702/source/dkms.conf does not exist.

Looks like it's trying to follow a broken symlink:

[ben@localhost ~]$ ll /var/lib/dkms/wireguard/0.0.20190702/source
lrwxrwxrwx. 1 root root 31 Jul  8 12:18 /var/lib/dkms/wireguard/0.0.20190702/source -> /usr/src/wireguard-0.0.20190702```

the symlink shouldn't be broken tho as the target exists:

```[ben@localhost ~]$ ll /usr/src/wireguard-0.0.20190905/
total 268K
drwxr-xr-x.  6 root root 4.0K Sep 10 09:28 .
drwxr-xr-x.  5 root root 4.0K Sep 10 09:28 ..
-rw-r--r--.  1 root root  11K Sep  9 14:44 allowedips.c
-rw-r--r--.  1 root root 1.8K Sep  9 14:44 allowedips.h
...

I manually removed the broken link and recreated it:
sudo ln -s /usr/src/wireguard-0.0.20190905/ /var/lib/dkms/wireguard/0.0.20190702/source

Now DKMS is happy. I rebuilt the modules:
sudo dkms autoinstall

Checked status:

wireguard, 0.0.20190702, 5.2.11-100.fc29.x86_64, x86_64: built
wireguard, 0.0.20190905, 5.2.11-100.fc29.x86_64, x86_64: installed

And it still doesn't work.

lsmod shows it isn't actually loaded. Loading it fails:

modprobe: ERROR: could not insert 'wireguard': Operation not permitted

No idea why it's failing.

[dan-eicher]

It broke for me on a dnf upgrade a couple days ago on Fedora 30

uname --kernel-release

5.2.13-200.fc30.x86_64

rpm -q kernel-headers

kernel-headers-5.2.13-200.fc30.x86_64

Did a:

sudo rm -r /var/lib/dkms/wireguard/0.0.20190702

sudo ln -s /usr/src/wireguard-0.0.20190905/ /var/lib/dkms/wireguard/0.0.20190905/source

sudo dkms autoinstall

and it works again.

...though this seems odd:

dkms status

wireguard, 0.0.20190905, 5.2.13-200.fc30.x86_64, x86_64: installed
wireguard, 0.0.20190905, 5.2.7-200.fc30.x86_64, x86_64: installed

[angristan]

Thanks for the feedback guys, although this seems related to Wireguard packaging on Fedora

[valentt]

I have similar problem, but get different verbose output from modprobe:

# modprobe -vvv wireguard
modprobe: INFO: custom logging function 0x55cf4e172a20 registered
insmod /lib/modules/5.3.11-300.fc31.x86_64/kernel/net/wireguard.ko.xz  
modprobe: INFO: Failed to insert module '/lib/modules/5.3.11-300.fc31.x86_64/kernel/net/wireguard.ko.xz': Operation not permitted
modprobe: ERROR: could not insert 'wireguard': Operation not permitted
modprobe: INFO: context 0x55cf4eb9b4c0 released

Any ideas how to get wireguard module loaded? I removed it and rebuild it without success:

dkms remove -m wireguard -v 0.0.20191012 -k 5.3.11-300.fc31.x86_64
dkms install -m wireguard -v 0.0.20191012

Any help us much appreciated.

[angristan]

dnf reinstall wireguard-dkms might help

[angristan]

I added a warning in the script that detects if the machine is running on Fedora or CentOS && wireguard not running and tells the user the command to update its machine. Should be better!

[Yakashimoto]

i have also big problem with CentOS 7, it dont work. i have some wireguards working fine with kernel wireguard, 0.0.20200215, 3.10.0-1062.12.1.el7.x86_64, x86_64: installed

but now i try on an another VPS, but it dont work...

Your kernel headers for kernel 3.10.0-1062.12.1.el7.x86_64 cannot be found at
/lib/modules/3.10.0-1062.12.1.el7.x86_64/build or /lib/modules/3.10.0-1062.12.1.el7.x86_64/source.

[chanyshev]

It also doesn't work. CentOS Linux release 7.8.2003 (Core)

[root@gw ~]# uname -a
Linux 3.10.0-1127.13.1.el7.x86_64

[root@gw ~]# yum list | grep kernel-headers
kernel-headers.x86_64                     3.10.0-1127.13.1.el7           @updates

[root@gw ~]# dkms status
wireguard, 1.0.20200623, 3.10.0-1127.13.1.el7.x86_64, x86_64: installed

[randshell]

@Yakashimoto I was on that kernel version too and I had the same problem. Here is what I did #95 (comment)

@chanyshev thanks for the detailed information. Your output looks good, try to reboot. If it doesn't work paste the output of systemctl status wg-quick@wg0.service

[chanyshev]

@randomshell

journalctl -xe
-- Unit wg-quick@wg0.service has begun starting up.
Jul 08 03:32:34 gw.company.internal wg-quick[20217]: [#] ip link add wg0 type wireguard
Jul 08 03:32:34 gw.company.internal NetworkManager[740]: <info>  [1594193554.2405] manager: (wg0): new WireGuard device (/org/freedesktop/NetworkManager/Devices/10)
Jul 08 03:32:34 gw.company.internal wg-quick[20217]: [#] wg setconf wg0 /dev/fd/63
Jul 08 03:32:34 gw.company.internal wg-quick[20217]: Unable to parse IP address: `'
Jul 08 03:32:34 gw.company.internal wg-quick[20217]: Configuration parsing error
Jul 08 03:32:34 gw.company.internal wg-quick[20217]: [#] ip link delete dev wg0
Jul 08 03:32:34 gw.company.internal systemd[1]: wg-quick@wg0.service: main process exited, code=exited, status=1/FAILURE
Jul 08 03:32:34 gw.company.internal systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
-- Subject: Unit wg-quick@wg0.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit wg-quick@wg0.service has failed.
--
-- The result is failed.
Jul 08 03:32:34 gw.company.internal systemd[1]: Unit wg-quick@wg0.service entered failed state.
Jul 08 03:32:34 gw.company.internal systemd[1]: wg-quick@wg0.service failed.
Jul 08 03:32:34 gw.company.internal polkitd[641]: Unregistered Authentication Agent for unix-process:20211:6658902 (system bus name :1.99, object path /org/freedesktop/PolicyKit1/AuthenticationA
Jul 08 03:32:36 gw.company.internal unix_chkpwd[20250]: password check failed for user (root)

[randshell]

Jul 08 03:32:34 gw.company.internal wg-quick[20217]: Unable to parse IP address: `'
Jul 08 03:32:34 gw.company.internal wg-quick[20217]: Configuration parsing error

@chanyshev Open /etc/wireguard/wg0.conf and /etc/wireguard/params and check the IP addresses. If you aren't sure, I think you can delete the folder /etc/wireguard and run the script again.

[aliasmee]

some issue. not found wireguard module

[randshell]

@aliasmee You can see the other comments for a solution. If it doesn't work for you provide the necessary info to debug please.

[joshghent]

Just wanted to chime in here and say that I resolved this on Amazon Linux 2 by running yum reinstall kernel and then restarted wireguard