Bug: Radxa Rock 5 ARM64 fails to initialize wg tunnel pod

[henryabra]

Please provide a clear and concise description of the issue you are experiencing with GuardLlama.

While trying to install GuardLLama on a Rock 5 (raspberry pi like SBC), WG pod fails to initialize.
The OS installed is a custom build of Ubuntu Focal
uname -v = #rockchip SMP Mon Feb 6 09:18:21 UTC 2023

Please provide the steps to reproduce the issue.

1. install via: curl -sfL https://get.guardllama.net | sh -
2. access web ui
3. add tunnel

Please describe the behavior you expected when performing the steps above.

init-wireguard-module.sh theoretically should work with arm64 ubuntu focal

Please describe the actual behavior you observed when performing the steps above.

Pods fail to initialize

Please provide any additional information or screenshots that might help us understand and resolve the issue.

wg tunnel pod logs:

sudo k3s kubectl logs --namespace=home wg-home-6bb967458-2gpv2
[INFO] Running iptables in legacy mode
Uname info: Linux wg-home-6bb967458-2gpv2 5.10.110-37-rockchip-g74457be0716d #rockchip SMP Mon Feb 6 09:18:21 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
Error: Unknown device type.
[INFO] Wireguard module is not active, attempting kernel header install and module compilation. If you believe that your kernel should have wireguard support already, make sure that it is activated via modprobe!
[INFO] Attempting kernel header install.
Get:1 http://ports.ubuntu.com/ubuntu-ports jammy InRelease [270 kB]
Get:2 http://ports.ubuntu.com/ubuntu-ports jammy-updates InRelease [119 kB]
Get:3 http://ports.ubuntu.com/ubuntu-ports jammy-backports InRelease [108 kB]
Get:4 http://ports.ubuntu.com/ubuntu-ports jammy-security InRelease [110 kB]
Get:5 http://ports.ubuntu.com/ubuntu-ports jammy/universe arm64 Packages [17.2 MB]
Get:6 http://ports.ubuntu.com/ubuntu-ports jammy/multiverse arm64 Packages [224 kB]
Get:7 http://ports.ubuntu.com/ubuntu-ports jammy/main arm64 Packages [1758 kB]
Get:8 http://ports.ubuntu.com/ubuntu-ports jammy/restricted arm64 Packages [24.2 kB]
Get:9 http://ports.ubuntu.com/ubuntu-ports jammy-updates/multiverse arm64 Packages [24.3 kB]
Get:10 http://ports.ubuntu.com/ubuntu-ports jammy-updates/main arm64 Packages [1190 kB]
Get:11 http://ports.ubuntu.com/ubuntu-ports jammy-updates/universe arm64 Packages [1018 kB]
Get:12 http://ports.ubuntu.com/ubuntu-ports jammy-updates/restricted arm64 Packages [547 kB]
Get:13 http://ports.ubuntu.com/ubuntu-ports jammy-backports/main arm64 Packages [48.9 kB]
Get:14 http://ports.ubuntu.com/ubuntu-ports jammy-backports/universe arm64 Packages [23.6 kB]
Get:15 http://ports.ubuntu.com/ubuntu-ports jammy-security/main arm64 Packages [844 kB]
Get:16 http://ports.ubuntu.com/ubuntu-ports jammy-security/universe arm64 Packages [772 kB]
Get:17 http://ports.ubuntu.com/ubuntu-ports jammy-security/restricted arm64 Packages [507 kB]
Get:18 http://ports.ubuntu.com/ubuntu-ports jammy-security/multiverse arm64 Packages [20.2 kB]
Fetched 24.8 MB in 6s (4305 kB/s)
Reading package lists...
E: No packages found
[INFO] No kernel headers found in the Ubuntu or Debian repos!! Will try the headers from host (if mapped), may or may not work.
[INFO] Kernel headers don't seem to be available in Ubuntu, Debian and Raspbian repos, or shared from the host; therefore can't compile the module. Falling back to wireguard-go.
time=2023-04-26T04:17:30.354Z level=INFO msg="Starting tunnel server" addr=:8080
time=2023-04-26T04:17:30.358Z level=INFO msg="Execing command" command="/usr/bin/wg-quick up wg0"
[#] ip link add wg0 type wireguard
Error: Unknown device type.
[!] Missing WireGuard kernel module. Falling back to slow userspace implementation.
[#] wireguard-go wg0
/usr/bin/wg-quick: line 32: /usr/bin/wireguard-go: cannot execute binary file: Exec format error
Unable to access interface: Protocol not supported
[#] ip link delete dev wg0
Cannot find device "wg0"
Error: exit status 1
Usage:
  glmmgr wg [flags]

Flags:
  -h, --help                   help for wg
      --http-addr string       the address that tunnel endpoint binds to (default ":8080")
      --tunnel-config string   path to tunnel config

Global Flags:
      --config string   config file
      --debug           debug

time=2023-04-26T04:17:30.465Z level=ERROR msg="error executing command" error="exit status 1"

Please provide the version of GuardLlama you are using.

glm-installer 1.1.0 (2023-04-16)

OS

Ubuntu Server 20.04

Cloud Provider

N/A

VPN Client

N/A

[henryabra]

BTW I would love to contribute. If anyone can give me feedback on the dev env requirements and build process, I can give it a go.

[llamaonduty]

👋 Thanks for reporting the bug!

The issue:

/usr/bin/wg-quick: line 32: /usr/bin/wireguard-go: cannot execute binary file: Exec format error

seems to me that thewireguard-go bin in the image isn't built for arm64. But we have an arm64 version of the image. So I'm confused about what goes wrong here 😕 .

BTW I would love to contribute. If anyone can give me feedback on the dev env requirements and build process, I can give it a go.

Thanks! Would love to see more contributions!

To get started developing, you would need to install Go, Flutter Web and Docker. After that, you

1. git clone git@github.com:guardllamanet/guardllama.git
2. Run make glm_install to set up a dev GuardLlama with k3d
3. cd ui && flutter run -d chrome to start the UI. The token to login in dev is root

Other tasks may help you build & run tests like make build & make test. Let me know if you have other questions. I will write up a development guide soon.

[llamaonduty]

I provisioned an aarch64 Ubuntu Focal EC2 instance, and the tunnel ran fine. Is there anything special about your OS. This is mine:

$ uname -m
aarch64
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

Can you give more details on your OS?

[llamaonduty]

FYI, there is a new section on the development guide in case anyone is interested: https://github.com/guardllamanet/guardllama/blob/main/CONTRIBUTING.md#development

[henryabra]

Weirdly enough, I got the same output as you did:

rock@rock-5b:~$ uname -m
aarch64
rock@rock-5b:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.6 LTS
Release:	20.04
Codename:	focal
rock@rock-5b:~$

Will try again over the weekend