Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Wireguard preshared key gets picked up only through environment variable and not through wg0.conf #2339

Closed
emsknock opened this issue Jun 27, 2024 · 3 comments
Closed

Bug: Wireguard preshared key gets picked up only through environment variable and not through wg0.conf #2339

emsknock opened this issue Jun 27, 2024 · 3 comments

Comments

@emsknock
Copy link

emsknock commented Jun 27, 2024
edited
Loading

Is this urgent?

No

Host OS

Ubuntu 22.04.4 LTS

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version v3.38.0 built on 2024-03-25T15:53:33.983Z (commit b3ceece)

What's the problem 🤔

When I bind /gluetun/wireguard/wg0.conf to a Wireguard configuration file through docker-compose, the Presharedkey value seems to get ignored. This does not happen when the Wireguard configuration is passed through environment variables.

I have tested the Wireguard configuration file in question outside of Gluetun and verified that it works, so it doesn't seem like the config file is the problem.

There's also a "Target IP address" value that appears when I pass in the settings through the environment but I don't know what that relates to — I don't know Wireguard internals very well.

Share your logs (at least 10 lines)

When the volumes key in docker-compose.yaml has ./wg.conf:/gluetun/wireguard/wg0.conf:

VPN settings:
├── VPN provider settings:
|   ├── Name: custom
|   └── Server selection settings:
|       ├── VPN type: wireguard
|       └── Wireguard selection settings:
|           ├── Endpoint IP address: xxx.xxx.xxx.xxx
|           ├── Endpoint port: 443
|           └── Server public key: 5...k=
└── Wireguard settings:
    ├── Private key: 8...o=
    ├── Interface addresses:
    |   └── xxx.xxx.xxx.xxx/xx
    ├── Allowed IPs:
    |   ├── 0.0.0.0/0
    |   └── ::/0
    └── Network interface: tun0
        └── MTU: 1400

When the above file is not mounted but instead the configuration is given through docker-compose.yaml's environment key (WIREGUARD_PUBLIC_KEY etc):

VPN settings:
├── VPN provider settings:
|   ├── Name: custom
|   └── Server selection settings:
|       ├── VPN type: wireguard
|       ├── Target IP address: xxx.xxx.xxx.xxx # ← ~~~~~ ! This line is new !
|       └── Wireguard selection settings:
|           ├── Endpoint IP address: xxx.xxx.xxx.xxx
|           ├── Endpoint port: 443
|           └── Server public key: 5...k=
└── Wireguard settings:
    ├── Private key: 8...o=
    ├── Pre-shared key: h...I= # ← ~~~~~~~~~~~~~~~~~~~~~ ! This line is new !
    ├── Interface addresses:
    |   └── xxx.xxx.xxx.xxx/xx
    ├── Allowed IPs:
    |   ├── 0.0.0.0/0
    |   └── ::/0
    └── Network interface: tun0
        └── MTU: 1400

Share your configuration

# docker-compose.yaml:
services:
  gluetun:
    image: qmcgaw/gluetun:v3
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - /srv/gluetun:/gluetun
      #
      # 1: This does not work!
      #    Contents pasted after this block.
      #
      # - /srv/gluetun/wg.conf:/gluetun/wireguard/wg0.conf
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      #
      # 2: These settings do work!
      #    Exact values redacted.
      #
      # - VPN_ENDPOINT_IP=xxx.xxx.xxx.xxx
      # - VPN_ENDPOINT_PORT=443
      # - WIREGUARD_PUBLIC_KEY=5...k=
      # - WIREGUARD_PRIVATE_KEY=8...o=
      # - WIREGUARD_PRESHARED_KEY=h...I=
      # - WIREGUARD_ADDRESSES=xxx.xxx.xxx.xxx/xx
# /srv/gluetun/wg.conf:
[Interface]
PrivateKey = 8...o=
Address = xxx.xxx.xxx.xxx/xx

[Peer]
Presharedkey = h...I=
PublicKey = 5...k=
Endpoint = xxx.xxx.xxx.xxx:443
@github-actions GitHub Actions
Copy link
Contributor

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@qdm12
Copy link
Owner

qdm12 commented Jun 28, 2024

Hi there, thanks for the detailed issue! Presharedkey should be PresharedKey that's why 😉
Although this is a silly limitation, so I changed it to read fields with case insentivity in fe05521 (latest image). Thanks!

@qdm12 qdm12 closed this as completed Jun 28, 2024
@github-actions GitHub Actions
Copy link
Contributor

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qdm12 @emsknock