• [6.12.3] Wireguard docker network configuration issue

    FayeInMay

    By FayeInMay

      • Minor

    Hello,

     

    I've been struggling with my other issue below, but maybe found a specific bug/fix for it. Therefor this new issue because it might not even fix the other one.

     

    It seems like line 166 in rc.d/rc.docker is not entirely correct. 

    "[[ -n $NETWORK ]] && nsenter -n -t $PID ip -4 route add $NETWORK via $THISIP dev br0 2>/dev/null"

    translates to 

    nsenter -n -t 9439 ip -4 route add 10.253.0.0 via 192.168.0.231 dev br0

     

    If I understand it correctly, it attaches to the container process and adds a static route for wireguard. In my case 10.253.0.0/24 to 192.168.0.231. But it uses the br0 interface. This interface is not available within the docker container. The available interface is eth0. Therefor the command failes and the static route does not get created. The only thing I do not know is why this only happens on unraid/docker startup The static route will be added upon container restart. I believe the scripts doing both actions (initial startup / container restart) are not the same and that might explain it.

     

    Go to reports Stable Releases

    User Feedback

    Recommended Comments

    bonienl

    This is indeed a bug, since routes should be added to either br0 or eth0 (depending on what is in use).

    I made a fix for this for upcoming 6.13 version (might get backported to 6.12).

    Thanks

     

    • Like 1
    Link to comment
    FayeInMay

    Hi @bonienl,

    as requested in the support ticket, I'm doing the follow-up in this thread.

    It seems like the issue was not fixed in 6.12.8. After rebooting unraid and waiting for all containers to start-up, I still need to manually restart containers to fix their routes. This can be seen in this video: https://www.youtube.com/watch?v=G8H5YaxdO8c

     

    I also included diagnostics from after rebooting unraid (1153) and from after restarting the containers manually after the reboot (1155).

     

    For further information maybe also see https://forums.unraid.net/bug-reports/stable-releases/6123-issue-with-wireguard-integration-and-docker-routing-r2594/

    nass-diagnostics-20240219-1153.zip nass-diagnostics-20240219-1155.zip

    Edited by FayeInMay
    Link to comment
    FayeInMay

    Hi @bonienl,

    another weird addition to the issue description:

    Restarting the container with "docker restart <br0_container>" does not fix the Wireguard route. Only using the restart button in the unraid UI fixes the routes.

    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.

    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.