How to install a VPN on MrVM OpenVZ 6?
Hello, hopefully this is the right place to get help! I am trying to install a VPN (preferably Wireguard) on my NAT VPS from MrVM, but I have tried with every OS/Distro (Debian,CentOS,Ubuntu) they have using Nyr's scripts and nothing works, I think the main reason for this is that the server is apparently on OpenVZ 6 and my VPS has a old kernel because of this (?), which is not supported. And yes, I did remove the check to see if it would work, it doesn't, the script seems to work but then fails starting services with some old kernel-related error when I google it.
Is there any way to get either OpenVPN or Wireguard working??? I can't believe it is this difficult!
Some of what I said may not be correct though, I'm not entirely sure.
Comments
This is all you need
https://github.com/Nyr/wireguard-install
Oh, sorry. Now I see that you are using the script. Did you enable TUN?
Yep, TUN is enabled
The most "success" I have had is with wireguard on CentOS 7 (which is actually supported, with OVZ6 check removed of course), it seems to run fine until the end where it actually displays the QR code, but right above it is:
Created symlink from /etc/systemd/system/multi-user.target.wants/wg-iptables.ser vice to /etc/systemd/system/wg-iptables.service.
Job for wg-iptables.service failed because the control process exited with error code. See "systemctl status wg-iptables.service" and "journalctl -xe" for detai ls.
Created symlink from /etc/systemd/system/multi-user.target.wants/[email protected] rvice to /usr/lib/systemd/system/[email protected].
Job for [email protected] failed because the control process exited with erro r code. See "systemctl status [email protected]" and "journalctl -xe" for det ails.
When looking into the status:
Unable to modify interface: Protocol ...ed
Apr 07 20:47:58 server wg-quick[675]: Unable to access interface: Protocol ...ed
Apr 07 20:47:58 server wg-quick[675]: [#] ip link delete dev wg0
Apr 07 20:47:58 server wg-quick[675]: Cannot find device "wg0"
Apr 07 20:47:58 server systemd[1]: [email protected]: main process exite...RE
Apr 07 20:47:58 server systemd[1]: Failed to start WireGuard via wg-quick(8...0.
ip6tables v1.4.21: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Apr 07 20:47:58 server ip6tables[636]: Perhaps ip6tables or your kernel needs to be upgraded.
Apr 07 20:47:58 server systemd[1]: wg-iptables.service: main process exited, code=exited, status=3/NOTIMPLEMENTED
Apr 07 20:47:58 server systemd[1]: Failed to start wg-iptables.service.
When rebooting, same error with iptables, but a bit different on wg-quick:
Apr 07 20:56:46 server wg-quick[398]: Unable to modify interface: Protocol ...ed
Apr 07 20:56:46 server wg-quick[398]: Unable to access interface: Protocol ...ed
Apr 07 20:56:46 server wg-quick[398]: [#] ip link delete dev wg0
Apr 07 20:56:46 server systemd[1]: [email protected]: main process exite...RE
Apr 07 20:56:46 server systemd[1]: Failed to start WireGuard via wg-quick(8...0.
None of Nyr's scripts work on the OVZ6
@mikho is aware of this and fingers crossed its resolved soon
My installers can work in OVZ6 in some circumstances/distros where it is viable, but OVZ6 is extremely old by now and reached its EOL in November 2019, so unfortunately it is difficult/impossible to keep supporting it.
That said, editing the script to disable IPv6 and use iptables-legacy COULD help. This is of course 100% unsupported and will depend on the host node and the distribution being used in the container.
OpenVPN installer | WireGuard installer
Oh ok, hopefully it does get resolved , in the meantime I'll try doing what you said, thanks!
Nor should support an EOL platform......
This is easily fixed by building wireguard-go using the instructions on its github page, then replacing boringtun with it and rebooting (I found this out thanks to a helpful issue on the wireguard-install github repo!):
mv wireguard-go /usr/local/sbin/boringtun
As for wg-iptables, I just disabled ipv6 on the entire server, rebooted, and now it starts just fine too.
Works great now on CentOS 7! (Only change in the script was to disable the OVZ6 check)
Well, it's working for you now, so no rush; but you could politely ask your kind hoster to transfer you to OVZ7.
Didn't know that OV6 is still being used today despite EOL.
https://microlxc.net/