iptables v1.8.9 (nf_tables): unknown option "--key"

[Mincubus]

I did the commands as written, but an error appeared. Debian 12

[infinet]

Has the kernel module been loaded? What is the output of lsmod | grep WGOBFS?

[lirigorm]

Hi, i use openwrt, but i have the same problem.
output of lsmod | grep WGOBFS:

x_tables 24576 15 nft_compat,iptable_mangle,iptable_filter,ipt_REJECT,ip_tables,xt_time,xt_tcpudp,xt_multiport,xt_mark,xt_mac,xt_limit,xt_comment,xt_WGOBFS,xt_TCPMSS,xt_LOG
xt_WGOBFS 12288 0

[romanrm]

It looks like you may have forgot to put libxt_WGOBFS.so into the correct place. On my system it is at /usr/lib/x86_64-linux-gnu/xtables/libxt_WGOBFS.so. Adjust for your distro accordingly. Easiest is to run "find / 2> /dev/null | grep libxt_" and that way to determine where other iptables libs live. This additional one needs to be at the same location. Except OpenWRT may have no "other" libs, so on that one try simply /usr/lib/.

[infinet]

I agree with @romanrm, perhaps libxt_WGOBFS.so is missing. On Debian 12,
make install shall copy libxt_WGOBFS.so to the correct location. Also please make sure the kernel module is loaded.

On OpenWrt, the build generates two pakcages, kmod-ipt-wgobfs_xxx.ipk and iptables-mod-wgobfs_xxx.ipk. Double check both are installed. The latest OpenWrt I tested was 22.03.3.

[lirigorm]

I'm sure the packages are installed.
opkg list-installed | grep wgobfs:

iptables-mod-wgobfs - 0.4.1-1
kmod-ipt-wgobfs - 5.15.118+0.4.1-1

I also searched *wgobfs* and found the following files in the system:

/usr/lib/iptables/libxt_WGOBFS.so
/usr/lib/opkg/info/kmod-ipt-wgobfs.control
/usr/lib/opkg/info/kmod-ipt-wgobfs.postinst
/usr/lib/opkg/info/kmod-ipt-wgobfs.prerm
/usr/lib/opkg/info/kmod-ipt-wgobfs.list
/usr/lib/opkg/info/iptables-mod-wgobfs.control
/usr/lib/opkg/info/iptables-mod-wgobfs.postinst
/usr/lib/opkg/info/iptables-mod-wgobfs.prerm
/usr/lib/opkg/info/iptables-mod-wgobfs.list
/sys/module/xt_WGOBFS
/sys/module/x_tables/holders/xt_WGOBFS
/lib/modules/5.15.118/xt_WGOBFS.ko
/etc/modules.d/ipt-wgobfs

After that i try to add iptables rule iptables -t mangle -I INPUT -p udp -m udp --dport 6789 -j WGOBFS --key mysecretkey --unobfs and got the following result:

iptables v1.8.8 (nf_tables): unknown option "--key"
Try `iptables -h' or 'iptables --help' for more information.

What is the problem?

I'm trying to run this on openwrt versions 23.05.0-rc1 and 23.05.0-rc2.

[infinet]

Error messages such as unknown option "--key", unknown option "--obfs", unknown option "--unobfs" happens when the kernel module is not loaded, or libxt_WGOBFS.so is missing.

I've only tested it up to OpenWrt 22.03. If you're on 23.05 or later, I'm afraid I might not be able to help you directly.

[lirigorm]

I tried it on openwrt version 22.03.5. Works. But how to make it work on version 23.05? I did everything the same as on 22.03.5, but it does not work.

[infinet]

It may be related a bug that was fixed by #15. I have packaged a new version. Please try the latest openwrt/package/Makefile.

[lirigorm]

I tested the new version. It works on openwrt 23.05.

[infinet]

Great! Glad it works. I am closing this issue.

[lirigorm]

Thanks @infinet !