0

My situation is similar to this post, however, none of the given solutions work for me.

I am also trying to load the wireguard module by

modprobe wireguard

but I get the error

modprobe: ERROR: could not insert 'wireguard': Operation not permitted

According to the post mentioned above, that has to do with secure boot. Unfortunately, this is a virtual server I do not have physical access to, so I cannot just go into UEFI and disable secure boot. Also, the accepted solution to do

echo 1 > /proc/sys/kernel/sysrq
echo x > /proc/sysrq-trigger

did not work, because I get permission denied (even as root).

I don't know how important that is to the situation, but before I got the current error I got this error

modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.15.0

when trying to modprobe wireguard. So I checked and found out that not only the file /lib/modules/4.15.0/kernel/wireguard/wireguard.ko was missing. The whole directory /lib/modules/4.15.0/kernel wasn't present. However, there is another directory, /lib/modules/4.15.0-128-generic, which had everything including the wireguard.ko. So I just copied the directory kernel as well as the files modules.order and modules.builtin from /lib/modules/4.15.0-128-generic to /lib/modules/4.15.0. Now, modprobe is able to find the module, which leads to the problem explained above.

Does anyone have a hint on how I could proceed from here?

OS: Ubuntu 18.04 LTS

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
NoThanks93330
  • 33
  • 1
  • 2
  • 4
  • 1
    Is this a _real_ virtual machine, or a lightweight "virtual server"? Some of the cheaper virtual server providers share a single kernel instance, e.g. using OpenVZ or similar, and so you can't load modules. – Stephen Harris Dec 28 '20 at 14:01
  • it's a "Linux V-Server" from Strato, so the latter I guess? is there a way to find out for sure? – NoThanks93330 Dec 28 '20 at 14:51
  • The easiest would be to install the package `virt-what`and run `virt-what` as root. – A.B Dec 28 '20 at 14:53
  • Anyway, from https://www.strato.de/server/linux-vserver/ it's Virtuozzo which probably means openvz (and falls under "I don't own the kernel"). But just in case, run `virt-what`. – A.B Dec 28 '20 at 14:56
  • workaround (never tested): userland wireguard over tun in rust: https://github.com/cloudflare/boringtun . There's also an implementation in go: https://git.zx2c4.com/wireguard-go/about/ – A.B Dec 28 '20 at 15:05
  • `virt-what` says `openvz lxc` so your assumptions seem to be correct. Thanks also for the workarounds, I'll check them out. Is one of them preferable over the other? And do you maybe know how much slower they are compared to using the kernel module? – NoThanks93330 Dec 28 '20 at 15:28
  • No idea, but first you'll have to concentrate on using the development environment for either rust or go. Once you get it working, you could answer your question with what you did. – A.B Dec 28 '20 at 15:31
  • Only root is allowed to use modprobe. Did you run the command with superuser privileges?! – Sebi2020 Dec 28 '20 at 17:48
  • I forgot that `/dev/net/tun` has to be enabled in container-like environments. You can check this by using the socat command: `socat tun,tun-name=tuntest -` . If it stays waiting and you can see in an other terminal that a tuntest interface temporarily appeared that's ok, if you get an error, using a tun device might not be available either. – A.B Dec 28 '20 at 18:48
  • Yes, I ran the command as root. – NoThanks93330 Dec 28 '20 at 18:50
  • `socat tun,tun-name=tuntest -` stays waiting. Where can I see the tempory tuntest interface?. I logged in another ssh session on the server and looked for changes in the output of `ifconfig`, is that what you mean? There were no changes though. – NoThanks93330 Dec 28 '20 at 19:00
  • Forget about ifconfig. It's obsolete on Linux. Use `ip link`. Anyway this means tun interfaces are available. – A.B Dec 28 '20 at 19:38
  • Oh, I didn't know it's obsolete, thanks. Ok, so tun interfaces are available. How does that help me? – NoThanks93330 Dec 28 '20 at 19:46
  • You can proceed with boringtun or wireguard-go which require tun. – A.B Dec 28 '20 at 19:47

0 Answers0