@MichaIng
Thanks for the hint, the solution is now simple and therefore no problem. 
Niwre
Great. I also just tested WireGuard client setup and indeed similar to OpenVPN client setup, ip r s 0.0.0.0/0 still shows the correct physical default route + gateway. So good chance that we have a more failsafe main network adapter estimation with v6.26 which solves cases as yours.
Hi Iām bumping this MichaIng because I am getting the exact same issue when trying to use Wireguard. As soon as I start the service, I start getting DNS resolving issues.
Please see this thread: Wireguard + Mullvad. How to?
Do I have to go through the same steps as the other user? If this issue is similar (seems quite like it is) then I think it is safe to say that the problem is not resolved. I am also using Ethernet. This is my 4th fresh install attempt at getting Wireguard to workā¦
EDIT: Iāve done my best to retrace the steps you gave the other user.
sed -n 3p /DietPi/dietpi/.network
eth0
Then:
lsmod | grep wireguard
root@DietPi:/etc/wireguard# lsmod | grep wireguard
wireguard 143360 0
ip6_udp_tunnel 16384 1 wireguard
udp_tunnel 16384 1 wireguard
ipv6 450560 42 wireguard,nf_nat_ipv6
dpkg-reconfigure wireguard-dkms
Finished! Next:
wg-quick up se3
se3 is the name of the .conf I downloaded, which you can see the contents of in the thread I linked above.
root@DietPi:/etc/wireguard# wg-quick up se3
[#] ip link add se3 type wireguard
[#] wg setconf se3 /dev/fd/63
[#] ip -4 address add 10.64.1.43/32 dev se3
[#] ip link set mtu 1420 up dev se3
[#] resolvconf -a tun.se3 -m 0 -x
Too few arguments.
Too few arguments.
[#] ip -4 route add 8.8.8.8/32 dev se3
[#] ip -4 route add 192.169.0.0/16 dev se3
[#] ip -4 route add 192.170.0.0/15 dev se3
[#] ip -4 route add 192.172.0.0/14 dev se3
[#] ip -4 route add 192.160.0.0/13 dev se3
[#] ip -4 route add 192.176.0.0/12 dev se3
[#] ip -4 route add 172.0.0.0/12 dev se3
[#] ip -4 route add 192.128.0.0/11 dev se3
[#] ip -4 route add 172.32.0.0/11 dev se3
[#] ip -4 route add 192.192.0.0/10 dev se3
[#] ip -4 route add 172.64.0.0/10 dev se3
[#] ip -4 route add 192.0.0.0/9 dev se3
[#] ip -4 route add 172.128.0.0/9 dev se3
[#] ip -4 route add 193.0.0.0/8 dev se3
[#] ip -4 route add 173.0.0.0/8 dev se3
[#] ip -4 route add 11.0.0.0/8 dev se3
[#] ip -4 route add 8.0.0.0/7 dev se3
[#] ip -4 route add 194.0.0.0/7 dev se3
[#] ip -4 route add 174.0.0.0/7 dev se3
[#] ip -4 route add 196.0.0.0/6 dev se3
[#] ip -4 route add 168.0.0.0/6 dev se3
[#] ip -4 route add 12.0.0.0/6 dev se3
[#] ip -4 route add 200.0.0.0/5 dev se3
[#] ip -4 route add 160.0.0.0/5 dev se3
[#] ip -4 route add 0.0.0.0/5 dev se3
[#] ip -4 route add 208.0.0.0/4 dev se3
[#] ip -4 route add 176.0.0.0/4 dev se3
[#] ip -4 route add 16.0.0.0/4 dev se3
[#] ip -4 route add 32.0.0.0/3 dev se3
[#] ip -4 route add 128.0.0.0/3 dev se3
[#] ip -4 route add 64.0.0.0/2 dev se3
Then:
sudo wg show
root@DietPi:/etc/wireguard# sudo wg show
interface: se3
public key: [i]**removed**[/i]
private key: (hidden)
listening port: 47623
peer: [i]**removed**[/i]
endpoint: 185.213.154.130:51820
allowed ips: 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 8.8.8.8/32
root@DietPi:/etc/wireguard#
Also check status:
systemctl status > wg-quick@se3.service
root@DietPi:/etc/wireguard# systemctl status wg-quick@se3.service
wg-quick@se3.service - WireGuard via wg-quick(8) for se3
Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor prese
t: enabled)
Active: inactive (dead)
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
Ok so itās connected apparently? Letās ping:
ping google.com
ping: google.com: Temporary failure in name resolution
Ok so what the f#ck?
sudo nano /etc/resolv.conf
# Generated by resolvconf
nameserver 193.138.218.74
Ok so what the hell? It was successfully changed by Wireguard but itās not workingā¦
Well christ, letās change āDNS=ā to my router! 192.168.2.1
Oh look now we get this with Wireguard running. But no answer. 100% packet lossā¦
root@DietPi:/etc/wireguard# ping google.com
PING google.com (172.217.168.206) 56(84) bytes of data.
^C
--- google.com ping statistics ---
56 packets transmitted, 0 received, 100% packet loss, time 283ms
So I get a little bit further when I make my router the DNS written in the .conf fileā¦ But why?
Solved!
Solution was to remove everything from AllowedIPs and change it back to 0.0.0.0/0. Now everything works.
For some reason it didnāt kill my local network connection and SSH this timeā¦ No idea why it did last time. Maybe fail2ban was to blame? Either way I moved to ufw which I like much more (uncomplicated firewall)
@MichaIng After update to 6.26.3 the same problem. The quick workaround has also fixed the problem In this version.
Niwre
Indeed I didnāt manage to add it to v6.26. However another report on GitHub brought back my attention: https://github.com/MichaIng/DietPi/issues/3175
So its two things: Delay WireGuard service start to after DietPi-Boot, so network has fully setup, and either enhance our network info script to not require adapter āUPā state, or better, use the default route method for WireGuard (replace the sed -n 3p /DietPi/dietpi/.network with ip r s 0.0.0.0/0 | mawk ā{print $5}ā in wg0.conf.
ip r s default should work as well (clearer/beautiful), but AFAIK this does not yet work on Debian Stretch (?).
@MichaIng
Many thanks for your help. I changed the default route method in WireGuard in wg0.conf. At the moment everything works fine.