Wireguard failing to start

• DietPi version | v8.8.1
• Distro version | bullseye 0
• Kernel version | Linux RaspberryPi-4 5.15.61-v7l+ #1579 SMP Fri Aug 26 11:13:03 BST 2022 armv7l GNU/Linux
• SBC model | RPi 4 Model B (armv7l)
• Power supply used | Original Raspberry Pi 4 power supply

Hello I am getting the error after installing wireguard from the dietpi-software list.

-- Journal begins at Fri 2022-09-23 18:46:45 BST, ends at Fri 2022-09-23 18:47:53 BST. --
Sep 23 18:46:58 RaspberryPi-4 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip link add wg0 type wireguard
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] wg setconf wg0 /dev/fd/63
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip link set mtu 1420 up dev wg0
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
Sep 23 18:46:59 RaspberryPi-4 wg-quick[526]: net.ipv4.conf.wg0.forwarding = 1
Sep 23 18:46:59 RaspberryPi-4 wg-quick[526]: sysctl: separators should not be repeated: ..forwarding
Sep 23 18:46:59 RaspberryPi-4 wg-quick[526]: sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip link delete dev wg0
Sep 23 18:46:59 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/EXCEPTION
Sep 23 18:46:59 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Sep 23 18:46:59 RaspberryPi-4 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

Any ideas why this happening and how to fix it?

Thank you for any help with fixing this problem.

ISquishWorms.

could you share following

ip a
ip r l 0/0 | mawk '{print $5;exit}'

Hi Joulinar,

Here are the details you are asking for:

root@RaspberryPi-4:/etc/wireguard# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether dc:a6:32:ae:95:c5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.80/24 brd 192.168.1.255 scope global dynamic eth0
       valid_lft 82045sec preferred_lft 82045sec
    inet6 fe80::dea6:32ff:feae:95c5/64 scope link
       valid_lft forever preferred_lft forever

root@RaspberryPi-4:/etc/wireguard# ip r l 0/0 | mawk '{print $5;exit}'
eth0
root@RaspberryPi-4:/etc/wireguard#

Thank you for looking into this and trying to help.

ISquishWorms.

could you try to execute the command manualy

sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1

When I execute the command manually I get the following:

root@RaspberryPi-4:/etc/wireguard# sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk ‘{print $5;exit}’).forwarding=1
sysctl: cannot stat /proc/sys/net/ipv4/conf/wg0/forwarding: No such file or directory
net.ipv4.conf.eth0.forwarding = 1
root@RaspberryPi-4:/etc/wireguard#

Looks like it is having trouble locating a file or directory?

I just had a look and it appears the wg0 directory is missing.

root@RaspberryPi-4:/etc/wireguard# cd /proc/sys/net/ipv4/conf/
root@RaspberryPi-4:/proc/sys/net/ipv4/conf# ls -l -a
total 0
dr-xr-xr-x 1 root root 0 Sep 23 18:46 .
dr-xr-xr-x 1 root root 0 Sep 23 18:46 …
dr-xr-xr-x 1 root root 0 Sep 23 19:54 all
dr-xr-xr-x 1 root root 0 Sep 23 19:54 default
dr-xr-xr-x 1 root root 0 Sep 23 19:54 eth0
dr-xr-xr-x 1 root root 0 Sep 23 19:54 lo
root@RaspberryPi-4:/proc/sys/net/ipv4/conf#

that’s fine as the wg interface did not exist due to failed service. Important was to see the eth0.forwarding = 1 as detecting eth0 interface was failing before.

Could you try to restart the Wireguard service

systemctl restart wg-quick@wg0.service
journalctl -u wg-quick@wg0.service

After trying to restart the service I got the following:

root@RaspberryPi-4:/proc/sys/net/ipv4/conf# systemctl restart wg-quick@wg0.service
root@RaspberryPi-4:/proc/sys/net/ipv4/conf# journalctl -u wg-quick@wg0.service
-- Journal begins at Fri 2022-09-23 18:46:45 BST, ends at Fri 2022-09-23 20:15:31 BST. --
Sep 23 18:46:58 RaspberryPi-4 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip link add wg0 type wireguard
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] wg setconf wg0 /dev/fd/63
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip link set mtu 1420 up dev wg0
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
Sep 23 18:46:59 RaspberryPi-4 wg-quick[526]: net.ipv4.conf.wg0.forwarding = 1
Sep 23 18:46:59 RaspberryPi-4 wg-quick[526]: sysctl: separators should not be repeated: ..forwarding
Sep 23 18:46:59 RaspberryPi-4 wg-quick[526]: sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory
Sep 23 18:46:59 RaspberryPi-4 wg-quick[477]: [#] ip link delete dev wg0
Sep 23 18:46:59 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/EXCEPTION
Sep 23 18:46:59 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Sep 23 18:46:59 RaspberryPi-4 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Sep 23 20:15:30 RaspberryPi-4 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] ip link add wg0 type wireguard
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] wg setconf wg0 /dev/fd/63
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] ip link set mtu 1420 up dev wg0
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8240]: net.ipv4.conf.wg0.forwarding = 1
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8240]: net.ipv4.conf.eth0.forwarding = 1
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] sysctl net.ipv6.conf.$(ip r l 0/0 | mawk '{print $5;exit}').accept_ra=2
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8245]: net.ipv6.conf.eth0.accept_ra = 2
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] sysctl net.ipv6.conf.wg0.forwarding=1 net.ipv6.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8250]: net.ipv6.conf.wg0.forwarding = 1
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8250]: net.ipv6.conf.eth0.forwarding = 1
Sep 23 20:15:30 RaspberryPi-4 wg-quick[8203]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
Sep 23 20:15:31 RaspberryPi-4 wg-quick[8203]: [#] ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(ip r l 0/0 | mawk '{print $5;exit}') -j MASQUERADE
Sep 23 20:15:31 RaspberryPi-4 systemd[1]: Finished WireGuard via wg-quick(8) for wg0.
root@RaspberryPi-4:/proc/sys/net/ipv4/conf#

It does appear to be running now though:

root@RaspberryPi-4:/proc/sys/net/ipv4/conf# wg
interface: wg0
  public key: Y5/FcP.....
  private key: (hidden)
  listening port: 51820

peer: h82/LO....
  allowed ips: 10.9.0.2/32
root@RaspberryPi-4:/proc/sys/net/ipv4/conf#

Thank you. I am not sure why it failed to start after a reboot though. Hopefully it will next time.

try to reboot and check again

No after reboot it does not seem to be running, has the same error in the log:

root@RaspberryPi-4:/home/dietpi# journalctl -u wg-quick@wg0
-- Journal begins at Fri 2022-09-23 20:20:50 BST, ends at Fri 2022-09-23 20:22:35 BST. --
Sep 23 20:21:03 RaspberryPi-4 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Sep 23 20:21:03 RaspberryPi-4 wg-quick[477]: [#] ip link add wg0 type wireguard
Sep 23 20:21:03 RaspberryPi-4 wg-quick[477]: [#] wg setconf wg0 /dev/fd/63
Sep 23 20:21:03 RaspberryPi-4 wg-quick[477]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Sep 23 20:21:03 RaspberryPi-4 wg-quick[477]: [#] ip link set mtu 1420 up dev wg0
Sep 23 20:21:03 RaspberryPi-4 wg-quick[477]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(ip r l 0/0 | mawk '{print $5;exit}').forwarding=1
Sep 23 20:21:03 RaspberryPi-4 wg-quick[527]: net.ipv4.conf.wg0.forwarding = 1
Sep 23 20:21:03 RaspberryPi-4 wg-quick[527]: sysctl: separators should not be repeated: ..forwarding
Sep 23 20:21:03 RaspberryPi-4 wg-quick[527]: sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory
Sep 23 20:21:03 RaspberryPi-4 wg-quick[477]: [#] ip link delete dev wg0
Sep 23 20:21:04 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/EXCEPTION
Sep 23 20:21:04 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Sep 23 20:21:04 RaspberryPi-4 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
root@RaspberryPi-4:/home/dietpi#

Is this a timing problem do you think? Maybe it is trying to create an interface too early after rebooting?

Yes looks like a timing issue. I guess Wireguard is starting before the Ethernet interface is up and running.

Could you export the whole journalctl log and attach the log.txt file to the post

journalctl > /tmp/log.txt

Ok done.

Thank again for the quick replys and help. I will just start the service manually for now should I have to reboot again in the future.

log.txt (60.9 KB)

yeah, you are using DHCP and this is taking to long for the Ethernet interface to complet configuration

1st attamed to configure IP address is not successful. Looks like the DHCP server is taling to long to offer an IP address

Sep 23 20:20:58 RaspberryPi-4 ifup[418]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Sep 23 20:21:03 RaspberryPi-4 dhclient[418]: No DHCPOFFERS received.
Sep 23 20:21:03 RaspberryPi-4 ifup[418]: No DHCPOFFERS received.
Sep 23 20:21:03 RaspberryPi-4 ifup[418]: No working leases in persistent database - sleeping.
Sep 23 20:21:03 RaspberryPi-4 dhclient[418]: No working leases in persistent database - sleeping.

However the system belive there is a valid interface

Sep 23 20:21:03 RaspberryPi-4 systemd[1]: Finished ifup for eth0.
Sep 23 20:21:03 RaspberryPi-4 systemd[1]: Reached target Network.
Sep 23 20:21:03 RaspberryPi-4 systemd[1]: Reached target Network is Online.

In meantime Wireguard is trying to start, which is failing as no eth0 interface has been configured until now

Sep 23 20:21:03 RaspberryPi-4 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
...
Sep 23 20:21:04 RaspberryPi-4 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Sep 23 20:21:04 RaspberryPi-4 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

And finally, your system is getting an IP address assigned. But to late for Wireguard.

Sep 23 20:21:05 RaspberryPi-4 dhclient[418]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
Sep 23 20:21:05 RaspberryPi-4 dhclient[418]: DHCPOFFER of 192.168.1.80 from 192.168.1.90
Sep 23 20:21:05 RaspberryPi-4 dhclient[418]: DHCPREQUEST for 192.168.1.80 on eth0 to 255.255.255.255 port 67
Sep 23 20:21:05 RaspberryPi-4 dhclient[418]: DHCPACK of 192.168.1.80 from 192.168.1.90

A workaround could be to use STATIC IP address instead of DHCP. If possible, create an IP address reservation on your router for your IP 192.168.1.80. Once done, switch to STATIC IP on your DietPi device. You should be able to use the copy function on the STATIC configuration menu. This way you assign the very same IP address information on STATIC you have been using before on DHCP.

If all goes well, you could reboot your system and check WireGuard again.

Hi Joulinar,

Thank you for your time and making that suggestion.

I am using another Raspberry Pi on the network. This is a model 3B+ which is running DietPi and has Kodi and PiHole installed. I have PiHole acting as the DHCP server so guess it is a bit slow which is a shame. Anyway I have done as you suggested and allocated a static IP to the Pi4 which has resolved the problem. I am now able to boot and Wireguard starts.

Don’t forget to set the address reservation in PiHole to avoid conflicts later on.