If your container won’t start, run the following to get some helpful logging:
lxc-start -n 101 -F -l DEBUG -o /tmp/lxc-101.log
Tag: LXC
[Wireguard] Preparing Proxmox Host for Wireguard in LXC
I followed this guide for using Wireguard inside LXC on Proxmox. (Also helpfull)
echo "deb https://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable apt update apt install wireguard
But as i ran “modprobe wireguard” I just got:
modprobe: FATAL: Module wireguard not found in directory /lib/modules/5.0.15-1-pve
So I ran “dkms autoinstall”… but no success.
Error! Your kernel headers for kernel 5.0.15-1-pve cannot be found. Please install the linux-headers-5.0.15-1-pve package, or use the --kernelsourcedir option to tell DKMS where it's located
As I run “apt install pve-headers” it installed new pve-headers but for a different kernel:
pve-headers pve-headers-5.0 pve-headers-5.0.21-1-pve
As expected, “modprobe wireguard” still returned
modprobe: FATAL: Module wireguard not found in directory /lib/modules/5.0.15-1-pve
So i checked my current kernel with “uname –kernel-release” and since my last reboot was about two weeks ago, it was running on 5.0.15-1-pve. So I did a reboot, checked the kernel again and now it was on 5.0.21-1-pve. So I did “dkms autoinstall” again, now with success:
Kernel preparation unnecessary for this kernel. Skipping... Building module: cleaning build area... make -j4 KERNELRELEASE=5.0.21-1-pve -C /lib/modules/5.0.21-1-pve/build M=/var/lib/dkms/wireguard/0.0.20190702/build.......... cleaning build area... DKMS: build completed. wireguard.ko: Running module version sanity check. - Original module - No original module exists within this kernel - Installation - Installing to /lib/modules/5.0.21-1-pve/updates/dkms/ depmod.... DKMS: install completed.
“modprobe wireguard” now returned no error. I continued the guide with:
echo "wireguard" >> /etc/modules-load.d/modules.conf
Entered my already created Debian 10 container and followed the guide:
echo "deb https://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable apt update apt-get install --no-install-recommends wireguard-tools ip link add wg0 type wireguard
Edit: To get Wireguard working, I also had to add the TUN device to the containers config, like I did for OpenVPN as well.
You’ll find the config here: /etc/pve/lxc/container_name.conf
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.hook.autodev: sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
[OpenVPN] Installing OpenVPN in LXC
Append the following two lines to the lxc config file on your Proxmox host.
You’ll find the config here: /etc/pve/lxc/container_name.conf
Got this info from here and it works fine.
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.hook.autodev: sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
There is just one line necessary for the openVPN installation.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
If you want to add another profile, just run the installer again:
bash openvpn-install.sh