Cannot start wireguard-server, RTNETLINK answers: Operation not permitted

datax235 · December 27, 2021, 8:35pm

Hello friends,

I have a little problem with a newly created docker-container (wireguard).

I created a wireguard-container and Inow want to start the wireguard-server with the command
“wg-quick up wg0”.

If I try to execute the command above I get the following error message:
"RTNETLINK answers: Operation not permitted
Unable to access interface: Operation not permitted
[#] ip link delete dev wg0
Cannot find device “wg0”

Can somebody help my with this issue?

Best Regards

rimelek · December 27, 2021, 8:44pm

How did you create that container? What is the base image? Is it linuxserver/wireguard?

datax235 · December 27, 2021, 8:50pm

Hello.

The image is the “linuxserver/wireguard:latest”.

I created the container with a local installation of “portainer”.

I have added the following volumes (both are “bindings”) to the container while the process of container-creation:

container: /etc/wireguard host:/etc/wireguard

container: /lib/modules host:/etc/modules

rimelek · December 27, 2021, 8:53pm

Have you read the description of the image on Docker Hub? You have to add the required capabilities to the container.

datax235 · December 27, 2021, 9:00pm

I read the following page:

https://hub.docker.com/r/linuxserver/wireguard

There I just found that I also have to add a volume for the folder “/usr/src” which I just added.

I also installed the linux-kernel-headers on the host-machine with the following command:
apt install linux-headers-$(uname -r)

What did I fail to see?

rimelek · December 27, 2021, 9:12pm

I think I have to apoligize, since the description is not clear. I just saw the example at the end of the description but that is for running the container in site to site VPN mode. The error message still indicates that the container is trying to manage networks which requires either using a privileged container or NET_ADMIN capability. The site-to-site VPN mode also requires the SYS_MODULE capability according to the description. Try NET_ADMIN first.

datax235 · December 28, 2021, 5:15pm

I just solved the problem with the message “RTNETLINK answers: Operation not permitted”.

You already mentioned the right hints ;).

I had to add the capabilities “NET_ADMIN” and “SYS_MODULE” and I had to set some environment variables in the configuration of the wireguard-container. Now it is working and I can establish a vpn-connection to the wireguard-server without problems.

This was my first docker-installation. Because of that I needed some help to get it running ;).

Thank you very much for your help.