Hi,
anyone managed to bring up a wireguard interface in an unpriviliged container? Thus far been only ending up with
warning: wg0: pre-up cmd ‘ip link add wg0 type wireguard’ failed: returned 2 (RTNETLINK answers: Operation not supported
Yes, I have used wireguard in an unprivileged container running OpenWrt. Is the wireguard module loaded on the host? You may want to insert it manually if it isn’t already loaded. (On my system it’s loaded automatically when a container executes ‘ip link add wg0 type wireguard’ anyway.)
1 Like
Revomed WG from the container and installed it on the host and the WG iface in the container gets up.
But then there are no wg-tools inside the container and if needed it requires installation of its dependencies as well
* dkms
* linux-headers-x
* linux-headers-x-generic
* linux-headers-generic
* wireguard-dkmsThe kernel module (wireguard.ko) needs to be installed on the host. The container should only need the user space tools, such as “wg”.
But then there are no wg-tools inside the container and if needed it requires installation of its dependencies as well
Those packages aren’t required by wireguard-utils, at least not in the ubuntu ppa I’m using. They are recommended, and by default recommended packages are installed but it can be changed for example with --no-install-recommends.
2 Likes
Note that you can set linux.kernel_modules=wireguard to have LXD load that module for you when the container starts.
1 Like
Wow, that is just great! Works like a charm (also on LXC) 
ppa:wireguard/wireguard
Thanks for that great tip (--no-install-recommends), saved 257 MB 
