Hi, i have installed ubuntu 20.02 - arm64 on oracle cloud , the installation process goes flawlessly without any error , but the web ui is unaccessibe even when tcp -80,443 & udp -51820 is open in the security , even tried adding fqdn still not working. I have been using wg-easy it works fine with the ip on oracle cloud. Kindly help in installation. Thanks
Thanks for providing that info. If you run
sudo firezone-ctl tail do you see any obvious errors in the logs?
Here is the ouput
root@wire:/home/ubuntu# sudo firezone-ctl tail
==> /var/log/firezone/nginx/current <==
2022-03-07_07:47:39.23946 nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /var/opt/firezone/nginx/etc/sites-enabled/phoenix:26
2022-03-07_07:51:47.53681 nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /var/opt/firezone/nginx/etc/sites-enabled/phoenix:26
2022-03-07_08:01:17.59512 nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /var/opt/firezone/nginx/etc/sites-enabled/phoenix:26
==> /var/log/firezone/nginx/access.log <==
==> /var/log/firezone/nginx/error.log <==
==> /var/log/firezone/wireguard/current <==
2022-03-07_07:47:26.75123 Device “wg-firezone” does not exist.
2022-03-07_07:47:26.80450 Enabling WireGuard debugging support…
2022-03-07_07:47:26.80465 WireGuard debugging enabled. Starting dmesg…
2022-03-07_07:51:47.13779 Device “wg-firezone” does not exist.
2022-03-07_07:51:47.53458 Enabling WireGuard debugging support…
2022-03-07_07:51:47.53460 WireGuard debugging enabled. Starting dmesg…
==> /var/log/firezone/postgresql/current <==
2022-03-07_07:51:26.33027 received TERM from runit, sending INT instead to force quit connections
2022-03-07_07:51:26.33027 2022-03-07 07:51:26.329 GMT  LOG: received fast shutdown request
2022-03-07_07:51:26.33105 received TERM from runit, sending INT instead to force quit connections
2022-03-07_07:51:26.34097 2022-03-07 07:51:26.340 GMT  LOG: shutting down
2022-03-07_07:51:26.43103 2022-03-07 07:51:26.430 GMT  LOG: database system is shut down
2022-03-07_07:51:47.72186 2022-03-07 07:51:47.721 GMT  LOG: starting PostgreSQL 13.5 on aarch64-unknown-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit
2022-03-07_07:51:47.72390 2022-03-07 07:51:47.721 GMT  LOG: listening on IPv4 address “127.0.0.1”, port 15432
2022-03-07_07:51:47.74325 2022-03-07 07:51:47.743 GMT  LOG: listening on Unix socket “/tmp/.s.PGSQL.15432”
2022-03-07_07:51:47.80866 2022-03-07 07:51:47.808 GMT  LOG: database system was shut down at 2022-03-07 07:51:26 GMT
2022-03-07_07:51:47.87244 2022-03-07 07:51:47.872 GMT  LOG: database system is ready to accept connections
==> /var/log/firezone/phoenix/current <==
2022-03-07_07:47:38.89968 Crash dump is being written to: erl_crash.dump…done
2022-03-07_07:47:43.99006 07:47:43.988 [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 127.0.0.1:13000 (http)
2022-03-07_07:47:43.99568 07:47:43.995 [info] Access FzHttpWeb.Endpoint at http://wirez-949270:13000
2022-03-07_07:51:52.86191 07:51:52.857 [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 127.0.0.1:13000 (http)
2022-03-07_07:51:52.86700 07:51:52.866 [info] Access FzHttpWeb.Endpoint at http://wirez-949270:13000
2022-03-07_08:01:14.17132 received TERM from runit, forcing quit
2022-03-07_08:01:18.01788 received TERM from runit, forcing quit
2022-03-07_08:01:22.19908 08:01:22.197 [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 127.0.0.1:13000 (http)
2022-03-07_08:01:22.20077 08:01:22.200 [info] Access FzHttpWeb.Endpoint at http://wire:13000
Hmmm, it looks like you may not have WireGuard support in your kernel. Could you post the output of the following two commands?
curl -k https://localhost:443
Thanks for your support.
Welcome to Ubuntu 20.04.4 LTS (GNU/Linux 5.13.0-1018-oracle aarch64)
- Documentation: https://help.ubuntu.com
- Management: https://landscape.canonical.com
- Support: Ubuntu Advantage for Infrastructure | Ubuntu
System information as of Mon Mar 7 20:42:15 UTC 2022
System load: 0.0 Users logged in: 0
Usage of /: 7.7% of 44.97GB IPv4 address for enp0s3: 10.0.0.70
Memory usage: 1% IPv4 address for wg-firezone: 10.3.2.1
Swap usage: 0% IPv6 address for wg-firezone: fd00::3:2:1
Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
0 updates can be applied immediately.
Last login: Mon Mar 7 07:52:04 2022 from 188.8.131.52
ubuntu@wire:~$ cat /sys/module/wireguard/version
ubuntu@wire:~$ curl -k https://localhost:443
<!-- Favicon --> <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon. png"> <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32. png"> <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16. png"> <link rel="manifest" href="/site.webmanifest"> <meta name="msapplication-config" content="/browserconfig.xml"> <meta name="msapplication-TileColor" content="331700"> <meta name="theme-color" content="331700">
Its looks WireGuard and localhost both are running.
Hmm yeah, it looks like the Web UI is online and running just fine. Do you have any firewall rules that may be limiting you from accessing the Web UI? What’s the output of
ufw status verbose?
Thanks @jamil , it seems to be problem with firewall as earlier it was inactive
root@wire:/home/ubuntu# ufw status verbose
After activating and opening the required ports its now working.
root@wire:/home/ubuntu# ufw status verbose
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
– ------ ----
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
51820/udp ALLOW IN Anywhere
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
51820/udp (v6) ALLOW IN Anywhere (v6)
Thanks alot, the web ui is accessible but wireguard itself when connected no internet traffic is working, gives dns error is chrome, will go through settings again.
Was expecting feature like disable user/device, with schedule delete of device/user such as 30 days from first handshake.
You likely need to allow routing through the firewall. Try
ufw default allow routed or see our troubleshooting guide in the documentation.
run this command and try accessing the Web UI once again.
sudo iptables -P INPUT ACCEPT && sudo iptables -P OUTPUT ACCEPT && sudo iptables -P FORWARD ACCEPT && sudo iptables -F && sudo iptables --flush
This should help.
Hey @ismailfazal, I had the same problem with oracle ampere arm + ubuntu server, looks like ufw seems problematic with their machines, Known Issues.
I have fixed it by changing the iptables rules to allow
Add this, right after
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT line
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 51820 -j ACCEPT
then, reload iptables
$ sudo su - # iptables-restore < /etc/iptables/rules.v4
I’m not an expert in iptables, but it seems to be working fine for me.
Hope it helps.
I would suggest removing the state match for WireGuard so that it becomes:
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
YMMV but you may have problems tracking connection state for WireGuard and its not really necessary.