-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URGENT bug: Unable to install, it shows an error, how shall I ask for help from developers to debug and fix this issue, please? #97
Comments
Update: I have done removing/commenting two lines of 'PostUp and PostDown' in .conf file associated with Wireguard configuration. I restarted the CentOS 7.5 x64, and the Wireguard shows as loaded+active as it's on the screenshot below, But not when CSF+LFD firewall enabled, nor when it's disabled when my android Wireguard official app connects to the server, I have no receive and just 2KB send? I don't know what else may be blocking these Wireguard from functioning? MAy please advise me on this? This guide is for IPtables, https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/#Setup_NAT_(MASQUERADE)_rules but as I'm on different firewall CSF+LFD, how shall I proceed in this case and what shall I check? I can send a screenshot of the error codes if you give me a debug code if required? Tnx and best of luck |
See #95 (comment) for the iptables rules and https://blackonsole.org/how-to-add-nat-iptables-rules-with-csf/ for the csf integration. |
Hiya @randomshell Thanks for your input. I couldn't fix the issue. I removed the PostUp+PostDown from that config file and added a couple of lines to CSFpre.sh and it worked. I believe this is no solution as Wireguard shall be able to open and close the port by this PostUp+PostDown procedure, but I don't know how? Will this solve my issue or this code needs to be modified besides the $SERVER_WG_NIC and $SERVER_PUB_NIC to be work in my case? Tnx and best of luck |
Hiya @randomshell May please advise me on my last comment wherever you are free? Tnx and best of luck |
CSF handles all the rules so I don't think you can manually change iptables rules or use firewalld. What you did it's OK, you can use this method.
Since you're using CSF their forums may be more helpful on how to proceed. Anyway you can just leave the WireGuard process running so the ports are always used.
I don't understand your question, you said it worked when you duplicated the lines from the OpenVPN settings. |
Hiya @randomshell Thanks for your reply. Regarding
Tnx and best of luck |
The only security risk is when the port of a vulnerable service is opened to the World. Having the port opened in the firewall but no service using it it's not an issue, so you can keep using
For WireGuard you would need to use the iptables command and PostUp+PostDown options as explained in #95 (comment). If it doesn't conflict with CSF then use this, otherwise use For OpenVPN we create a service at EDIT: we configured OpenVPN to drop elevated privileges and run as nobody, so we can't change iptables rules later with |
Thanks. If it's ok, give me some time and I'll update you with results about this later on my next priority project after TLS 1.3 on OpenVPN is fully implemented. Thanks :)
Thanks. If you instruct me. I'll implement this and I will report back here as well. But I'm not so sure where shall I begin, please? Tnx and best of luck |
I tried it but the code becomes more complex to allow support of multiple servers so I dropped the idea. It's OK to stick with another service managing the iptables of openvpn as it's done now. |
Hiya,
Below is the error that is shown when I'm getting a status report. Also, this is originally happened while installation. Update/upgraded the OS doesn't work.
Error code:
https://prnt.sc/tez2zj
OS: CentOS 7.5 x64
Note: I have OpenVPN(community edition) installed different ports(through your auto-installer script associated). And these two are the only applications installed on the VPS.
Please developers and gurus would you help me fix this error?
Note: 'Firewalld' is disabled as I have CSF+LFD installed instead. I also shall mention that I do all the tests and get the error code while the CSF+LFD was Off.
Note: I don't want to enable the 'Firewalld' and looking for a way to make this Wireguard that is installed on a different UDP port that OpenVPN and this UDP port is allowed on the CSF+LFD works alongside of OpenVPN?
Note: I disabled the IPv6 in the CSF+LFD and also the installation of Wireguard has some IPv6 sections, I assume it can work only on the IPv4 as I disabled the IPv6 in the virtual ethernet card of VPS and also I disabled the IPv6 on the CSF+LFD as well.
I believe I have provided fair amount of information that helps you troubleshoot this issue and help me fix it whenever you are free, please? Also please do ask me to provide any information about my setup or any report form VPS, if it helps you debug this error. Also, I shall mention that I disabled the all possible logs in the VPS for privacy concerns, and if any error can be duplicated on the terminal, please ask me to run the code and screenshot the error code to you with posting it here?
If possible, I appreciate it if you please prioritize this debug whenever if there is a possibility?
Tnx and best of luck
The text was updated successfully, but these errors were encountered: