Is there an alternative to installing all kernel headers to make wireguard run

Question

I'm facing the same problem as described in Can't load wireguard module, i.e.:

sudo modprobe wireguard
modprobe: FATAL: Module wireguard not found in directory /lib/modules/4.15.0

Probably, installing all missing kernel headers would also solve the problem. However, invoking sudo apt-get install linux-headers-$(uname -r) (I've found several other sides recommending this as well) results in

[...]
0 aktualisiert, 729 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
Es müssen noch 4.117 MB von 4.129 MB an Archiven heruntergeladen werden.
Nach dieser Operation werden 30,8 GB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n] n

I'm too lazy to translate, but the main issue here is 30,8 GB. That's a bit heavy prerequisite for a lightweight VPN service...

Generic headers are installed(sudo apt-get install linux-headers-generic), but did not resolve the problem.

I'm running on a pretty fresh (less than 4 weeks old) Unbuntu 18.04 LTS. uname -a gives (the relevant part): 4.15.0 #1 SMP Tue Jun 9 12:58:54 MSK 2020 x86_64 x86_64 x86_64 GNU/Linux

I'm pretty sure that there is a way to determine which of the hundreds of headers is required, but I fail to identify it.

Edit: Here's the last part of the install log through apt-get:

It is likely that 4.15.0 belongs to a chroot's host
Building for 4.15.0 and 4.15.0-130-generic
Module build for kernel 4.15.0 was skipped since the
kernel headers for this kernel does not seem to be installed.
Building initial module for 4.15.0-130-generic
Done.
wireguard:
Running module version sanity check.

Original module
No original module exists within this kernel


Installation
Installing to /lib/modules/4.15.0-130-generic/updates/dkms/



depmod...
DKMS: install completed.
wireguard (1.0.20200513-1~18.04.2) wird eingerichtet ...
Trigger für man-db (2.8.3-2ubuntu0.1) werden verarbeitet ...

score 1 · Answer 1 · answered Jan 28 '22 at 07:30

I just learned, based on @hgross comment above, that is impossible on my setting. He correctly identified that we both tried to run it on a STRATO hosted virtual server and after having a look into the manual he posted the link to https://www.strato.de/faq/server/kernel-module-bei-unseren-linux-servern/ I'm sure that it is impossible to get wireguard running on the server I have.

score 1 · Answer 2 · answered Feb 02 '22 at 16:07

To build upon the existing answer (and for no rep gain thanks to community wiki-ing this), the English translation of the STRATO documentation page for the kernel access on machines says the following:

With our dedicated Linux servers, it depends on the hardware and the distribution which kernel modules you find.

You can of course set up your own kernel modules on dedicated servers.

With virtual Linux servers, access to the kernel and thus the use of own kernel modules is not possible.

Unless you are paying STRATO for dedicated servers, you are getting vServers or Virtual Servers which are likely being run inside 'container' like space, where the kernels are exposed from the host and NOT able to be altered inside the running machines.

Wireguard does not have any non-kernel-module solution as it does not have a fully non-Kernel-dependent stack to work. Unfortunately, as a result, **you cannot install Wireguard on these virtual servers because they are not fully managed and rely on the host OS, which you cannot modify. This is, unfortunately, quite common for VPS providers who do not do full virtualization (via KVM or similar).

score 0 · Answer 3 · answered Nov 02 '23 at 17:09

I run wireguard on my strato machine using this: https://github.com/bernardkkt/standalone-wg It runs without kernel module and does a pretty good job. I built a service using a shell script to handle automatic reconnects. You can use my script as a starting point. It simply pings my router on it's local ip and if the ping fails it will restart wireguard. This happens once a day on forced DSL reconnect or when the connection goes down for any reason. I'm also reloading UFW as wireguard is adding rules to IPTables which somehow disable UFW, so I'm always reloading it.

#!/bin/bash
FILE=/var/log/wireguard-pingchecker.log
PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin"
TARGET=<YOUR INTERNAL ROUTER IP>
n=0
cd /home/standalone-wg
#touch $FILE
until [ "$n" -ge 15 ]
do
        # output is redirected to /dev/null so it does not spam the console
        ping -c 1 $TARGET &> /dev/null
        if [[ $? -ne 0 ]]; then
          echo $(date '+%d/%m/%Y %H:%M:%S')" Could not ping target "$TARGET >> $FILE
          echo $(date '+%d/%m/%Y %H:%M:%S')" Starting wireguard."  >> $FILE
          ./run.sh /etc/wireguard/client.conf
          sleep 10
          echo $(date '+%d/%m/%Y %H:%M:%S')" Reloading UFW."  >> $FILE
          /usr/sbin/ufw enable
          /usr/sbin/ufw reload
        else
          echo $(date '+%d/%m/%Y %H:%M:%S')" Ping was successful." >> $FILE
          break
        fi
        echo $(date '+%d/%m/%Y %H:%M:%S')" Sleeping 5 sec before pinging again..." >> $FILE
        sleep 5
        n=$((n+1))
done
echo $(date '+%d/%m/%Y %H:%M:%S')" Script execution finished." >> $FILE

Is there an alternative to installing all kernel headers to make wireguard run

3 Answers3