FORUMS
Remove All Ads from XDA

WireGuard Kernel/ROM Integration

198 posts
Thanks Meter: 799
 
Post Reply Email Thread
Announcement from zx2c4: WireGuard available for custom Kernel/ROM integration
15th September 2019, 04:47 PM |#251  
h4waii's Avatar
Senior Member
Thanks Meter: 83
 
More
Quote:
Originally Posted by PacoBell

Got rid of my hyphen. Still giving me that error code 64. Are you using the kernel module version of wireguard or user-space? Donenfeld's Android TODO list does mention "Google play store with kernel wireguard fails." Is there another Wireguard APK I should be running instead?

I'm running the kernel module, version v0.0.20190708 from F-Droid. Unsure if your issue is the same as mine. What is the name of your tunnel and the redacted contents of the interface config?
16th September 2019, 04:04 AM |#252  
TheImpulson's Avatar
Recognized Developer / Recognized Contributor
Flag Bhilai, India
Thanks Meter: 2,246
 
More
Hey!
Not sure if someone came across this yet, but if you pick kernel integration and try to compile it in a Android Q environment i.e. inline, it fails the build with this error
Code:
"flock" is not allowed to be used. See https://android.googlesource.com/pla....md#PATH_Tools for more information.
This line in the fetch script seems to be the trigger: https://git.zx2c4.com/android_kernel...ee/fetch.sh#n6
Can you take a look at it whenever you are free.
22nd September 2019, 09:06 AM |#253  
Member
Thanks Meter: 6
 
More
Quote:
Originally Posted by h4waii

I'm running the kernel module, version v0.0.20190708 from F-Droid. Unsure if your issue is the same as mine. What is the name of your tunnel and the redacted contents of the interface config?

Sorry about the long delay in responding. I've tried both the Q/10 version of the Sultan kernel as well as the latest ElementalX kernel. Tried the same Wireguard app version from both Play Store and F-Droid. I called my tunnel "mullvadus2" and the following is my fairly simple config:

Code:
[Interface]
PrivateKey = <PrivateKey>
Address = x.x.x.x/32,x:x:x:x::x:x/128
DNS = x.x.x.x

[Peer]
PublicKey = <PublicKey>
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = x.x.x.x:x
That's it.
24th September 2019, 10:09 AM |#254  
Junior Member
Thanks Meter: 5
 
More
Quote:
Originally Posted by PacoBell

Got rid of my hyphen. Still giving me that error code 64. Are you using the kernel module version of wireguard or user-space? Donenfeld's Android TODO list does mention "Google play store with kernel wireguard fails." Is there another Wireguard APK I should be running instead?

Error code 64 is a problem with DNS on Android 10. If you remove the DNS from your android client config, the error goes away.

The problem occurs because the app tries to run a command like "ndc resolver setnetdns $table '0.0.0.0' 'your.pre.set.dns'. It fails because Android 10 deprecated "ndc resolver"

Cant paste links but here is where it gets removed from thw source. android.googlesource.com/platform/system/netd/+/7720e4a569eacecce3d8c02ecdc023907e6c4c87%5E%21/
The Following 5 Users Say Thank You to Androiddofus For This Useful Post: [ View ] Gift Androiddofus Ad-Free
1st October 2019, 01:33 AM |#255  
Recognized Developer / Recognized Contributor
Thanks Meter: 10,483
 
Donate to Me
More
Quote:
Originally Posted by Androiddofus

Error code 64 is a problem with DNS on Android 10. If you remove the DNS from your android client config, the error goes away.

The problem occurs because the app tries to run a command like "ndc resolver setnetdns $table '0.0.0.0' 'your.pre.set.dns'. It fails because Android 10 deprecated "ndc resolver"

Cant paste links but here is where it gets removed from thw source. android.googlesource.com/platform/system/netd/+/7720e4a569eacecce3d8c02ecdc023907e6c4c87%5E%21/

Thanks, that's a good catch. When I remove the dns, Wireguard connects fine but I don't have internet access. I guess it's because there is no "default" dns server, so removing it from the config breaks internet.

Any idea how to work around that? The userspace implementation works just fine, but I'd rather use the kernel module if possible.

Thanks!
1st October 2019, 03:23 AM |#256  
Junior Member
Thanks Meter: 5
 
More
The kernel module is not working for me either. It completes the handshake, showing a connection is made but data can only be sent in one direction.

Through tcpdump, I can see the server send data packets and Android gets the data. However, packets sent from android enters the wireguard tunnel on the phone but never shows up on the server's end.
9th October 2019, 10:47 PM |#257  
Member
Thanks Meter: 17
 
More
Quote:
Originally Posted by PacoBell

Code:
14773 D WireGuard/WgQuickBackend: Changing tunnel mullvad-us2 to state UP
09-14 00:00:11.232 17704 14773 V WireGuard/RootShell: executing: cat /sys/module/wireguard/version && wg-quick up '/data/user/0/com.wireguard.android/cache/tmp/mullvad-us2.conf'
09-14 00:00:11.252 17704 14773 V WireGuard/RootShell: stdout: 0.0.20190702
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link add mullvad-us2 type wireguard
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] wg setconf mullvad-us2 /proc/self/fd/0
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link set up dev mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link set down dev mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc interface setcfg mullvad-us2 '10.64.82.159' 32
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc interface ipv6 mullvad-us2 enable
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip -6 addr add 'fc00:bbbb:bbbb:bb01::1:529e/128' dev mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] wg set mullvad-us2 fwmark 0x20000
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -I INPUT 1 -p udp --dport 40195 -j ACCEPT -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -I INPUT 1 -p udp --dport 40195 -j DROP -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc interface setcfg mullvad-us2 up
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc network create 56154 vpn 1 1
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc network interface add 56154 mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc resolver setnetdns 56154 '' '193.138.218.74'
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link del mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -D INPUT -p udp -m udp --dport 40195 -m comment --comment "wireguard rule mullvad-us2" -j ACCEPT
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -D OUTPUT -m mark --mark 0x20000 -m comment --comment "wireguard rule mullvad-us2" -j ACCEPT
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -D INPUT -p udp -m udp --dport 40195 -m comment --comment "wireguard rule mullvad-us2" -j DROP
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -D OUTPUT -m mark --mark 0x20000 -m comment --comment "wireguard rule mullvad-us2" -j ACCEPT
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc network destroy 56154
09-14 00:00:11.955 17704 14773 V WireGuard/RootShell: stderr: Error: 500 0 Command not recognized
09-14 00:00:11.955 17704 14773 V WireGuard/RootShell: stderr: 
09-14 00:00:11.955 17704 14773 V WireGuard/RootShell: exit: 64
09-14 00:00:11.964 17704 17704 E WireGuard/BaseFragment: Error bringing up tunnel: Unable to configure tunnel (wg-quick returned 64)
Any pointers for me? Running Android 10 stable on a P2XL (Taimen).

---------- Post added at 07:25 AM ---------- Previous post was at 07:15 AM ----------


Did you ever find a resolution to this error? Was it a file-name-as-interface bug?

I have the exact same issue. My logs look exactly the same.

Pixel 3XL Android 10 October update
ElementalX-P3-2.06
WireGuard for Android v0.0.20190708
Kernel module backend v0.0.20190913

Any resolution? I tried removing the hyphen from the filename. It did not help.

FWIW, everything was working until i upgraded to Android 10. So this issue must be Android 10 specific.
10th October 2019, 12:43 PM |#258  
Member
Thanks Meter: 3
 
More
One random thing I noticed when adding a Wireguard profile on a rooted device was that when you name the profile "default", it's unable to connect (the error returned is wg-quick returned 2)

Is the profile name not escaped when attempting to connect?
12th October 2019, 04:40 PM |#259  
zx2c4's Avatar
OP Recognized Developer
Flag Paris
Thanks Meter: 799
 
Donate to Me
More
Quote:
Originally Posted by PacoBell

Code:
14773 D WireGuard/WgQuickBackend: Changing tunnel mullvad-us2 to state UP
09-14 00:00:11.232 17704 14773 V WireGuard/RootShell: executing: cat /sys/module/wireguard/version && wg-quick up '/data/user/0/com.wireguard.android/cache/tmp/mullvad-us2.conf'
09-14 00:00:11.252 17704 14773 V WireGuard/RootShell: stdout: 0.0.20190702
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link add mullvad-us2 type wireguard
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] wg setconf mullvad-us2 /proc/self/fd/0
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link set up dev mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link set down dev mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc interface setcfg mullvad-us2 '10.64.82.159' 32
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc interface ipv6 mullvad-us2 enable
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip -6 addr add 'fc00:bbbb:bbbb:bb01::1:529e/128' dev mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] wg set mullvad-us2 fwmark 0x20000
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -I OUTPUT 1 -m mark --mark 0x20000 -j ACCEPT -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -I INPUT 1 -p udp --dport 40195 -j ACCEPT -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -I INPUT 1 -p udp --dport 40195 -j DROP -m comment --comment "wireguard rule mullvad-us2"
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc interface setcfg mullvad-us2 up
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc network create 56154 vpn 1 1
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc network interface add 56154 mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc resolver setnetdns 56154 '' '193.138.218.74'
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip link del mullvad-us2
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -D INPUT -p udp -m udp --dport 40195 -m comment --comment "wireguard rule mullvad-us2" -j ACCEPT
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] iptables -D OUTPUT -m mark --mark 0x20000 -m comment --comment "wireguard rule mullvad-us2" -j ACCEPT
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -D INPUT -p udp -m udp --dport 40195 -m comment --comment "wireguard rule mullvad-us2" -j DROP
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ip6tables -D OUTPUT -m mark --mark 0x20000 -m comment --comment "wireguard rule mullvad-us2" -j ACCEPT
09-14 00:00:11.953 17704 14773 V WireGuard/RootShell: stdout: [#] ndc network destroy 56154
09-14 00:00:11.955 17704 14773 V WireGuard/RootShell: stderr: Error: 500 0 Command not recognized
09-14 00:00:11.955 17704 14773 V WireGuard/RootShell: stderr: 
09-14 00:00:11.955 17704 14773 V WireGuard/RootShell: exit: 64
09-14 00:00:11.964 17704 17704 E WireGuard/BaseFragment: Error bringing up tunnel: Unable to configure tunnel (wg-quick returned 64)
Any pointers for me? Running Android 10 stable on a P2XL (Taimen).

---------- Post added at 07:25 AM ---------- Previous post was at 07:15 AM ----------


Did you ever find a resolution to this error? Was it a file-name-as-interface bug?


Fixed in the version I just posted online.
The Following 2 Users Say Thank You to zx2c4 For This Useful Post: [ View ]
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes