Wireguard autostart fails

cmonty14 · 25 November 2022 01:15

Hello,
I have setup Wireguard successfully, means I can enable a tunnel using either
sudo wg-quick up ivpn-sui or
sudo systemctl start wg-quick@ivpn-sui.

After enabling service autostart with sudo systemctl enable wg-quick@ivpn-sui and rebooting the device I get this error:

osmc@osmc:~$ sudo systemctl status wg-quick@ivpn-sui
* wg-quick@ivpn-sui.service - WireGuard via wg-quick(8) for ivpn/sui
     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2022-11-25 02:06:04 CET; 15s ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 2609 ExecStart=/usr/bin/wg-quick up ivpn-sui (code=exited, status=1/FAILURE)
   Main PID: 2609 (code=exited, status=1/FAILURE)

Nov 25 02:06:02 osmc systemd[1]: Starting WireGuard via wg-quick(8) for ivpn/sui...
Nov 25 02:06:02 osmc wg-quick[2609]: [#] ip link add ivpn-sui type wireguard
Nov 25 02:06:03 osmc wg-quick[2609]: [#] wg setconf ivpn-sui /dev/fd/63
Nov 25 02:06:04 osmc wg-quick[2875]: Name or service not known: `ch1.wg.ivpn.net:2049'
Nov 25 02:06:04 osmc wg-quick[2875]: Configuration parsing error
Nov 25 02:06:04 osmc wg-quick[2609]: [#] ip link delete dev ivpn-sui
Nov 25 02:06:04 osmc systemd[1]: wg-quick@ivpn-sui.service: Main process exited, code=exited, status=1/FAILURE
Nov 25 02:06:04 osmc systemd[1]: wg-quick@ivpn-sui.service: Failed with result 'exit-code'.
Nov 25 02:06:04 osmc systemd[1]: Failed to start WireGuard via wg-quick(8) for ivpn/sui.

This error is clearly pointing to failed name resolution of ch1.wg.ivpn.net.
I could replace the hostname with its IP in /etc/wireguard/ivpn-sui.conf, line Endpoint = 141.255.164.66:2049, but I would like to fix the issue when using line Endpoint = ch1.wg.ivpn.net:2049.

Can you please advise how to fix this?

THX

joakim_s · 25 November 2022 01:27

For estisk, haveing a human name, I would add it to hosts file,

If you want it dynamically, I’m sure someone more refreshed on “How to solve it with conman”, can answer.

cmonty14 · 25 November 2022 01:57

The issue with using IP, and this includes adding it to /etc/hosts, is that this fails if provider changes IP of FQDN (ch1.wg.ivpn.net).

And just to be clear:
There’s no general issue with conman, systemd-resolved, wireguard, wg-quick or any other network related tool.

The issue is only when enabling wg-quick autostart and using FQDN in wireguard’s config Endpoint =.

fzinken · 25 November 2022 02:17

Assuming it could be a dependency issue that at the time of your WG start the DNS resolution hasn’t started.

joakim_s · 25 November 2022 03:21

Haven’t got wireguard up and running right now, but could this be a solution for you. Since I dont really understand the problem?

With systemd-resolved, however, instead of using that DNS setting, add the following PostUp command to the [Interface] section of your WireGuard config file:

PostUp = resolvectl dns %i 9.9.9.9 149.112.112.112; resolvectl domain %i ~.

When you start your WireGuard interface up, this command will direct systemd-resolved to use the DNS server at 9.9.9.9 (or at 149.112.112.112, if 9.9.9.9 is not available) to resolve queries for any domain name.

Tom_Doyle · 25 November 2022 08:13

Hi,

Have you installed resolvconf as part of the wireguard? If so I suggest purging and using openresolv instead.

Regards Tom.

cmonty14 · 25 November 2022 08:51

Hi,
I installed opensresolv, and this works well with wg-quick to enable/disable wireguard tunnel manually.

Again, there’s no general issue with the setup.
The only issue is with autostart service wg-quick@ivpn-suiusing a hostname in wireguard config file.

cmonty14 · 25 November 2022 08:54

This was my first conclusion, too.

However, the relevant service wg-quick@ivpn-sui is using default configuration to be started after network:

[Unit]
Description=WireGuard via wg-quick(8) for %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
PartOf=wg-quick.target
Documentation=man:wg-quick(8)
Documentation=man:wg(8)
Documentation=https://www.wireguard.com/
Documentation=https://www.wireguard.com/quickstart/
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/wg-quick up %i
ExecStop=/usr/bin/wg-quick down %i
ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity

[Install]
WantedBy=multi-user.target

cmonty14 · 25 November 2022 08:57

This issue is discussed here, too.

In my opinion the solution would be a
systemd-networkd-wait-online.service or
NetworkManager-wait-online.service
for conman because this is the only network manager service installed on OSMC.

fzinken · 25 November 2022 09:22

OSMC has connman-wait-for-network.service

cmonty14 · 25 November 2022 16:53

After enabling connman-wait-for-network.service wg-quick autostart is working w/o problems and wg tunnel is established.