How to run wireguard in OpenVZ?

I have a bunch of old LES OpenVZ servers from Inception and wanted to run wireguard there (servers, although in wireguard everyone's a peer). However, when I try to run wireguard, I get

# wg-quick up wg0
[#] ip link add wg0 type wireguard
RTNETLINK answers: Operation not supported
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"

Is it impossible to run wireguard in these containers or is it a PEBKAC issue? Do you recommend any of the userspace wireguard implementations and, if so, which?

Comments

  • IIRC enable TAP/TUN in SolusVM, wait for reboot, then run the script made by @Nyr ... πŸ˜‡ B)

    Thanked by (1)Nyr
  • edited July 30

    @ataribasementcluster said:
    when I try to run wireguard, I get

    # wg-quick up wg0
    [#] ip link add wg0 type wireguard
    RTNETLINK answers: Operation not supported
    Unable to access interface: Protocol not supported
    [#] ip link delete dev wg0
    Cannot find device "wg0"
    

    Most likely the node doesn't have the WireGuard kernel module loaded, try asking if they can get it loaded?

    Do you recommend any of the userspace wireguard implementations and, if so, which?

    If you just want plain WG, there's wireguard-go; if you want a bit more, there's Tailscale.

  • @jmgcaguicla said:
    Most likely the node doesn't have the WireGuard kernel module loaded, try asking if they can get it loaded?

    Hey, @InceptionHosting, is it ok to request for a LES offer?

    @flips said:
    IIRC enable TAP/TUN in SolusVM, wait for reboot, then run the script made by @Nyr ... πŸ˜‡ B)

    I was smart enpough to enable TUN! And I installed wireguard plus I already have the config for it.

    Do you mean this script?

  • @ataribasementcluster said:
    I was smart enpough to enable TUN! And I installed wireguard plus I already have the config for it.

    Do you mean this script?

    Yes, that script. I doubt the OpenVZ kernel is new enough to include Wireguard support. The script will pull in the userspace version... (At least it did for my debian VM's.)

    Thanked by (1)ataribasementcluster
  • edited July 30

    Yeah, it pulls BoringTun. Which is fine because it works.

    For future reference, in addition to turning on tun, I had to do the inception magic to enable proper iptables by touch /option.netfilter and waiting half an hour.

    Very cool script, @Nyr.

    Thanked by (1)Nyr
Sign In or Register to comment.