Skip to content

[BUG] QNAP iptables issue #392

New issue
New issue
Closed as duplicate of#390
Closed as duplicate of#390
[BUG] QNAP iptables issue#392
@tibouh

Description

@tibouh
tibouh
opened on Aug 7, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Hello,

I have recreated a container with newest image (version 1.0.20250521-r0-ls81) and I get this error:

**** Found WG conf /config/wg_confs/wg0.conf, adding to list ****
**** Activating tunnel /config/wg_confs/wg0.conf ****
[#] ip link add dev wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.13.13.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.13.13.2/32 dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
iptables v1.8.11 (nf_tables): Could not fetch rule set generation id: Invalid argument
[#] ip link delete dev wg0
**** Tunnel /config/wg_confs/wg0.conf failed, will stop all others! ****
**** All tunnels are now down. Please fix the tunnel config /config/wg_confs/wg0.conf and restart the container ****

Previous working image was working (version 1.0.20210914-r4-ls80).
Result with this version is:

**** Found WG conf /config/wg_confs/wg0.conf, adding to list ****
**** Activating tunnel /config/wg_confs/wg0.conf ****
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.13.13.1 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] ip -4 route add 10.13.13.2/32 dev wg0
[#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
**** All tunnels are now active ****

Expected Behavior

Newest image is able to activate the tunnel.

Steps To Reproduce

Run a container with the newest image on QNAP

Environment

- QNAP firmware version 5.2.5
- Docker version 27.1.2-qnap4
- Kernel version 5.10.60-qnap

CPU architecture

x86-64

Docker creation

> services:
  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/Brussels
      - SERVERURL=<redacted>
      - SERVERPORT=51820
      - PEERS=1
      - PEERDNS=auto
    volumes:
      - /share/Container/wireguard:/config
      - /lib/modules:/lib/modules:ro
    ports:
      - 51820:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

Container logs

See above

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    Issue & PR Tracker

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions