Skip to content

main/linux-postmarketos-allwinner: Wireguard's `wg-quick` fails when using IPv4 addresses

Describe your issue

What's the expected behaviour?

wg-quick up (from the package wireguard-tools) works regardless of the IP protocol used in its configuration file(s).

What's the current behaviour?

When IPv4 addresses are used in Wireguard's configuration file (/etc/wireguard/*.conf), it fails during the execution of [#] ip -4 rule add not fwmark 51820 table 51820.

How to reproduce your issue?

Install pmOS and use the linux-postmarketos-allwinner kernel. It works as expected in QEMU as it uses upstream kernel (I suppose).

What device are you using?

pine64-pinephone (Hardware: pmOS convergence edition [revision 1.2a])

On what postmarketOS version did you encounter the issue?

  • edge (master branch)
  • stable (v20.05 branch) Important: last time I tried this on stable was 2 months ago

On what environment did you encounter the issue?

Phone environments

  • Phosh
  • Plasma Mobile
  • Sxmo

Other

  • No environment
  • GNOME
  • KDE Plasma
  • Kodi
  • MATE
  • Shelli
  • Sway
  • Weston
  • Xfce4
  • fbkeyboard
  • i3wm

How did you get postmarketOS image?

What's the build date of the image? (in yyyy-mm-dd format)

2020-12-23

Additional information

Log output from wg-quick up wg0:

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.200.200.2/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
RTNETLINK answers: Address family not supported by protocol
[#] resolvconf -d wg0 -f
[#] ip link delete dev wg0

Some remarks:

Contradictory to the behavior described in this issue, wg-quick never worked for me with IPv4 addresses. After the associated MR it still failed at the same point, but changed its output from RTNETLINK answers: Not supported to RTNETLINK answers: Address family not supported by protocol. I suspect that we just need to enable the IPv4 equivalent for the changed IPv6 parameter: CONFIG_IP_MULTIPLE_TABLES (which I think depends on CONFIG_IP_ADVANCED_ROUTER)? But I'm not entirely sure about that.

Edited by Administrator
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information