New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
innernet-server deb should depend on and modprobe wireguard #5
Comments
Ah right - this is an issue for anyone with Linux kernels < 5.6. I'm also not sure of the canonical way packages solve this - I'll have to look for other examples out there. If other packages just add a file |
Sounds reasonable. Congrats on the launch, btw. |
Thanks, and thanks so much for trying it out and testing it! I appreciate you opening the issue. |
Appears to be an issue on 5.11 too,
|
Dropping in a > pacman -Fx '^etc/modules-load\.d/.+'
etc/modules-load.d/i2c_dev.conf is owned by community/deepin-daemon 5.12.52-1
etc/modules-load.d/deepin-screen-recorder.conf is owned by community/deepin-screen-recorder 5.8.1-1
etc/modules-load.d/zfs.conf is owned by archzfs/zfs-utils 2.0.4-1
etc/modules-load.d/zfs.conf is owned by archzfs/zfs-utils-git 2021.03.26.r6649.g38280c352-1
etc/modules-load.d/zfs.conf is owned by archzfs/zfs-utils-rc 2.0.0_rc7-1 |
I've opted for calling I'm going to re-open this though since I'd like for If the current solution is problematic in some other way I'm unaware of, please let me know. |
It doesn't work in containers with kernel wg implementation. This makes it impossible to start innernet in containers with kernel wireguard implementation because of this exists() check, as both operations it does are guaranteed to fail there, even though e.g. Bypassing it completely with something like:
...allows both server and client to work without issues. I'd suggest adding e.g |
Thanks @mk-fg, that modprobe is very much duct tape that needs to be peeled off - I had also planned on removing it as part of the rootless change work 🙂. I like the idea of forcing a backend via a CLI flag. Is there any reliable way within containers to detect the existence of a kernel module in the host? |
Aside from the obvious "try creating wg interface", I'm afraid I don't know - /sys/modules would be the way, but it's not there, and while /proc/modules is present, it's definitely not reliable, as built-in modules won't show up there. I think such details might not be exposed by design though, as pretty much main purpose of containers is reproducible setup, and if you auto-flip various behaviors depending on what system container runs on top of, then you negate that completely - container will run in one mode on one system, and will work differently with diff quirks, bugs and whatever behavior on another. |
I'm going to implement this option, I like the idea of having a Will also look into what the |
The latest innernet neither runs modprobe internally nor does it do existence checks for the kernel module since it's too unreliable across different environments. Instead, you can manually specify This behavior feels more similar to how WireGuard itself supports the userspace implementation on Linux - it's not recommended and only advanced users should be relying on it (this applies in the context of a container, too, for example). |
I needed to
modprobe wireguard
(andapt install wireguard
) in order forinnernet-server serve
to work.Not sure what the most morally correct way is to do this persistently. I wound up doing
echo wireguard > /etc/modules-load.d/wireguard.conf
.The text was updated successfully, but these errors were encountered: