I have been using AlmaLinux for a number of months and among others, I could use Wireguard (packages installed : kmod-wireguard, wireguard-tools).
There were initially some installation challenges at some stage, but it has worked well over the last three months or so, but suddenly it stopped working : I am getting now the same issue that was reported last year on 8.4.
As I didn’t do any “breaking change” on the computer, wondering if it might be linked to a package update or something like that.
The VPN support team recommends to install the dkms-wireguard package instead of kmod (which didn’t work either), adding an additional step to build it into the kernel. Still, I am puzzled why the configuration & install that worked fine so far doesn’t work anymore.
Does anyone have a similar issue or could suggest an idea here?
kmod-wireguard.x86_64 3:1.0.20210424-1.el8_3.elrepo is for RHEL/AlmaLinux 8.3. I suggest you update both the kernel and kmod-wireguard to the latest version. By the way the current version of kmod-wireguard is 1.0.20211208-1.el8_5.elrepo.x86_64.rpm.
The kmod version you mention is indeed the one that is being installed ; the other was just part of the older ticket about 8.3 I quoted just because it is a similar problem that I encounter on Alma 8.5, although kmod & wireguard-tools are the current, updated versions.
Still getting the same problem, even after the big kernel update that occured a few days ago.
Actually, same for me : I installed a fresh AlmaLinux in 8.5 and was running wireguard smoothly for a number of month. The link about 8.3 was someone else’s issue but the “symptoms” today with my 8.5 are exactly the same.
What’s a bit odd is that wireguard broke at the same time on my AlmaLinux 8.5 and on my RHEL 8.5 where it was running too. Since, no way to make it work again.
When reinstalling wireguard, saw today an error with the kmod-wireguard module, but can’t find an answer online. Here is the faulty step in the install / reinstall of wireguard
Running scriptlet: kmod-wireguard-5:1.0.20210808-1.el8_5.elrepo.x86_64 2/4
depmod: ERROR: fstatat(4, wireguard.ko.xz): No such file or directory
Yes, indeed, it’s not the last version of the kmod-package but it’s because, just before writing that update on the forum, I tried a package downgrade, just in case… but it didn’t work either…
Anyway, I have reinstalled the latest version of the kmod-wireguard package and here is the uname:
Nb: I have re-installed the kernel earlier today as well, and I noticed some sort of error, as it happens with kmod (re)install. I can’t say if it happens always or randomly but it happened at the following step today:
Running scriptlet: kernel-modules-4.18.0-348.12.2.el8_5.x86_64 24/30
depmod: ERROR: fstatat(4, wireguard.ko.xz): No such file or directory
Please note that when this error occured during a kmod-wireguard (re)install, the message pointed at the same file name.
Would similar output for wireguard-tools module be helpful? (it’s a much longer output, so I didn’t put it here without knowing if it would be useful).
Well, I am all the more puzzled with this issue that it appeared around the same time on both the AlmaLinux 8.5 and the RHEL 8.5 used at home (and for instance, the results to these two above commands is the same, just the sorting order is different for the “find” output command).
This is just a short message to say that have collected the outputs for the 2 commands you mentioned and responded this morning - my response is just currently on hold, I suppose because it includes a number of technical items / lines.
So there is an issue with the first step : lsmod | grep wireguard returns nothing. I scrolled through the full list too, just in case of a typo and no wireguard there.
Just in case, I did the modprobe -r / modprobe and I got the following error message:
modprobe: ERROR: could not insert ‘wireguard’: Required key not available
Many thanks for tracking this issue down : indeed, Secure Boot is enabled.
So I will do that stuff tomorrow, just wondering though why did that issue come up, as I didn’t have to input a password with Elrepo before? Could something else that Secure Boot be causing this as well?
Sorry if I am asking obvious questions, but I can’t pretend to be a kernel pro…
You can install a kmod package just by importing ELRepo’s public key. Then the kernel driver (in your case wireguard.ko) needs to be loaded into the kernel.
If Secure Boot is enabled, the system checks to see whether the module is signed with the key approved by Microsoft. Because ELRepo’s kmods are signed with own Secure Boot key, not the Microsoft one, it is required to enroll ELRepo’s SB key into the system’s MOK list. The SecureBootKey article provides the details for the procedure.
