The officially official Devuan Forum!

You are not logged in.

#1 Re: Other Issues » Wireguard (VPN) Kernel Modul » 2019-02-16 18:52:38

KatolaZ wrote:

You need matching kernel headers for wireguard-dkms to work.

And which are matching? I've installed with

# apt install linux-headers-$(uname -r)

so I think that are all that are availible?

#2 Re: Other Issues » Wireguard (VPN) Kernel Modul » 2019-02-11 13:29:34

Could it be possible that there is the wrong kernel(-headers)?
uname -r:
4.17.0

But its: Linux devuan 4.17.0 armv7l GNU/Linux

I've installed:
devuan_ascii_2.0.0_armhf_sunxi.img.xz with orangepi_zero_defconfig.bin

But maybe something went wrong and it's not the right kernel??

I've installed linux-headers-4.17.0 but i think the right must be linux-headers-sun8i

#3 Other Issues » Wireguard (VPN) Kernel Modul » 2019-02-10 14:24:01

Phoen7x
Replies: 4

Hello everybody,
What about devuan with wireguard support?
I have implemented the following instructions and successfully installed wireguard.

# echo "deb https://ftp.fau.de/devuan/merged/ unstable main" > /etc/apt/sources.list.d/unstable.list
# printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
# apt update
# apt install wireguard

If i want to add a new interface i get

# ip link add dev wg0 type wireguard
RTNETLINK answers: Operation not supported

If I modeprobe wireguard:
modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.17.0

If I want to install wireguard from source:

$ make
make[1]: *** /lib/modules/4.17.0/build: Datei oder Verzeichnis nicht gefunden.  Schluss.
Makefile:36: die Regel für Ziel „module“ scheiterte
make: *** [module] Fehler 2

Seems there is a problem with the kernelmodul?
Device is an OrangePi Zero.

#4 Re: Hardware & System Configuration » Equivalent to Systemd Service Unit/Socket » 2018-11-28 23:11:01

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

i realized through iptables-persistent.

But for the Systemd Socket for Erlang Port Mapper Daemon (epmd) a haven't got a solution. sad

#5 Re: Hardware & System Configuration » Devuan + iptables » 2018-11-28 23:08:21

After a reinstallation of iptables-persistent, this solution worked for me.
I think my script failed because of the -nat -mangle parameters.

#6 Re: Hardware & System Configuration » Devuan + iptables » 2018-11-24 16:31:02

arnaiz wrote:

To allow resolve DNS, you must add a line accepting UDP output conections, since DNS protocol uses querys throw UDP:

Oh sorry, i've forgotten to write. I'm runnig an unbound resolver wich forward all traffic to another resolver via DNS-over-TLS (-dport 853), the rule is therefore obsulete.

about the script exec problem, also you can debug inserting a previous echo by each iptables command, so you can check on which its failing.

This is an good idea!

#7 Re: Hardware & System Configuration » Equivalent to Systemd Service Unit/Socket » 2018-11-24 12:56:38

ralph.ronnquist wrote:

What do you mean by that?

Oh sorry, i mean in the shell:

$ sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

if i check with

$ sudo iptables -t nat -L

they were applied.
I write them into a skript in /etc/network/if-pre-up.d/ but after a reboot its flushed.

#!/bin/sh
set -e
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

Which is "more complicated" than what here?

Excuse me, I've been working with Devuan for less time, so it's a bit more complicated than systemd. However, I really wanted to get rid of systemd!
My intention is only to secure my ejabberd server against empd.

#8 Re: Hardware & System Configuration » Equivalent to Systemd Service Unit/Socket » 2018-11-23 23:42:22

Thank you for your response.
When I write the first few lines in my firewall script, they are not executed. The second seems a bit more complicated?
Can you explain that in more detail?

#9 Re: Hardware & System Configuration » Devuan + iptables » 2018-11-23 19:36:26

Thank you for your advice.

You mean I should move my script into the folder /etc/init.d? I have not quite understood the order and the dependencies?
In my script I'm just releasing ports.

#10 Hardware & System Configuration » Equivalent to Systemd Service Unit/Socket » 2018-11-23 19:26:01

Phoen7x
Replies: 6

Hello everybody,
I would like to realize the following service unit with SysV Init, or with a shell skript. Unfortunately, I could not find any help on the net. Is this possible at all?

First:

nano /etc/systemd/system/xmpp-port-redirection.service
[Unit]
Description=Port redirection rules for XMPP
After=network.target

[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223
ExecStop=/sbin/iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 5223

Second:
i would like to have something like a Systemd Socket for Erlang Port Mapper Daemon (epmd).

nano /etc/systemd/system/epmd.socket.d/listen-on-localhost.conf
[Socket]
ListenStream=127.0.0.1:4369

Is that possible with SysV Init?

Thank you. smile

#11 Re: Hardware & System Configuration » Devuan + iptables » 2018-11-23 19:11:31

Thank you for answering.

Thats the errormessage:

iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
Bad argument ` '
Try `iptables -h' or 'iptables --help' for more information.
Bad argument ` '
Try `iptables -h' or 'iptables --help' for more information.

but if i type in every rule, there is no error. ??

The same skript runs finde on my debian/raspbian

#12 Hardware & System Configuration » Devuan + iptables » 2018-11-23 15:25:16

Phoen7x
Replies: 10

Hello everybody,
so far I had used Debian.
There I put my iptables rules in a script in the directory /etc/network/if-up.d/iptables_on, like on this page.
Unfortunately, this method does not work with Devuan, there I always get an error message.
How should I ideally apply my iptables rules?

Board footer

Forum Software