wireguard service won't start after update

jollyrogr · 13 July 2020 17:56

Recently updated to v6.31.2 and now my systemd wireguard service can’t start automatically.

root@vpn01:~# systemctl status wg-quick@wg0.service 
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2020-07-13 12:44:32 CDT; 28s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 494 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=255/EXCEPTION)
 Main PID: 494 (code=exited, status=255/EXCEPTION)

Jul 13 12:44:23 vpn01 wg-quick[494]: [#] ip link set mtu 1420 up dev wg0
Jul 13 12:44:23 vpn01 wg-quick[494]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(sed -n 3p /run/dietpi/.network
).forwarding=1
Jul 13 12:44:23 vpn01 wg-quick[494]: sed: can't read /run/dietpi/.network: No such file or directory
Jul 13 12:44:23 vpn01 wg-quick[494]: net.ipv4.conf.wg0.forwarding = 1
Jul 13 12:44:23 vpn01 wg-quick[494]: sysctl: separators should not be repeated: ..forwarding
Jul 13 12:44:23 vpn01 wg-quick[494]: sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory
Jul 13 12:44:24 vpn01 wg-quick[494]: [#] ip link delete dev wg0
Jul 13 12:44:32 vpn01 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/
EXCEPTION
Jul 13 12:44:32 vpn01 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Jul 13 12:44:32 vpn01 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

It will start just fine if I manually command it to start.

Any ideas? Thanks

Joulinar · 13 July 2020 18:27

Hi,

many thanks for your report. I guess thats the issue

can't read /run/dietpi/.network: No such file or directory

pls can you do ls -la /run/dietpi/

jollyrogr · 13 July 2020 21:47

root@vpn01:~# ls -la /run/dietpi/
total 12
drwxrwxrwx  2 root root 100 Jul 13 12:44 .
drwxr-xr-x 16 root root 500 Jul 13 12:44 ..
-rw-r--r--  1 root root 326 Jul 13 12:44 .dietpi_motd
-rw-rw-rw-  1 root root  55 Jul 13 16:42 .network
-rw-r--r--  1 root root   2 Jul 13 12:44 .timesync_exit_status
root@vpn01:~#

Joulinar · 13 July 2020 21:58

hmm the file is there, pls can you restart WireGuard

systemctl daemon-reload
systemctl restart wg-quick@wg0.service
journalctl -u wg-quick@wg0.service -n 20

jollyrogr · 13 July 2020 23:23

I can manually start/restart the service just fine after boot.

journal after boot

root@vpn01:~# journalctl -u wg-quick@wg0.service -n 20
-- Logs begin at Mon 2020-07-13 18:19:09 CDT, end at Mon 2020-07-13 18:19:24 CDT. --
Jul 13 18:19:09 vpn01 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Jul 13 18:19:09 vpn01 wg-quick[493]: [#] ip link add wg0 type wireguard
Jul 13 18:19:09 vpn01 wg-quick[493]: [#] wg setconf wg0 /dev/fd/63
Jul 13 18:19:10 vpn01 wg-quick[493]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Jul 13 18:19:10 vpn01 wg-quick[493]: [#] ip link set mtu 1420 up dev wg0
Jul 13 18:19:10 vpn01 wg-quick[493]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(sed -n 3p /run/dietpi/.network
).forwarding=1
Jul 13 18:19:10 vpn01 wg-quick[493]: sed: can't read /run/dietpi/.network: No such file or directory
Jul 13 18:19:10 vpn01 wg-quick[493]: net.ipv4.conf.wg0.forwarding = 1
Jul 13 18:19:10 vpn01 wg-quick[493]: sysctl: separators should not be repeated: ..forwarding
Jul 13 18:19:10 vpn01 wg-quick[493]: sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory
Jul 13 18:19:10 vpn01 wg-quick[493]: [#] ip link delete dev wg0
Jul 13 18:19:17 vpn01 systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/
EXCEPTION
Jul 13 18:19:17 vpn01 systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.
Jul 13 18:19:17 vpn01 systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.

Here’s the journal after I start the service manually after bootup

Jul 13 18:22:03 vpn01 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] ip link add wg0 type wireguard
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] wg setconf wg0 /dev/fd/63
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] ip -4 address add 10.9.0.1/24 dev wg0
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] ip link set mtu 1420 up dev wg0
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] sysctl net.ipv4.conf.wg0.forwarding=1 net.ipv4.conf.$(sed -n 3p /run/dietpi/.network
).forwarding=1
Jul 13 18:22:03 vpn01 wg-quick[857]: net.ipv4.conf.wg0.forwarding = 1
Jul 13 18:22:03 vpn01 wg-quick[857]: net.ipv4.conf.eth0.forwarding = 1
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] sysctl net.ipv6.conf.$(sed -n 3p /run/dietpi/.network).accept_ra=2
Jul 13 18:22:03 vpn01 wg-quick[857]: net.ipv6.conf.eth0.accept_ra = 2
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] sysctl net.ipv6.conf.wg0.forwarding=1 net.ipv6.conf.$(sed -n 3p /run/dietpi/.network
).forwarding=1
Jul 13 18:22:03 vpn01 wg-quick[857]: net.ipv6.conf.wg0.forwarding = 1
Jul 13 18:22:03 vpn01 wg-quick[857]: net.ipv6.conf.eth0.forwarding = 1
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $(sed -n 3p 
/run/dietpi/.network) -j MASQUERADE
Jul 13 18:22:03 vpn01 wg-quick[857]: [#] ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3
p /run/dietpi/.network) -j MASQUERADE
Jul 13 18:22:03 vpn01 systemd[1]: Started WireGuard via wg-quick(8) for wg0.

Joulinar · 14 July 2020 00:13

ahh now I got it. Your service is starting to early.

I guess you would need to add following line to /etc/wireguard/wg0.conf

PreUp = /boot/dietpi/func/obtain_network_details

pls add before PostUp section

In general this is fixed for new installation with current DietPi release. https://github.com/MichaIng/DietPi/issues/3519#issuecomment-626683268

jollyrogr · 14 July 2020 04:53

Thanks Joulinar. The PreUp line worked. Now I’m wondering if this would not have been an issue if I wasn’t using DHCP.

Joulinar · 14 July 2020 09:46

Yes using STATIC IP will be faster than DHCP to get network interface up.

swrobel · 29 July 2020 22:48

Perhaps this needs to be added to the default wg0.conf:

PreUp = /boot/dietpi/func/obtain_network_details

Because the same thing was happening to me after updating…

sysctl: cannot stat /proc/sys/net/ipv4/conf//forwarding: No such file or directory

Joulinar · 29 July 2020 23:05

swrobel
this is already stated above https://dietpi.com/forum/t/wireguard-service-wont-start-after-update/4299/6

sesamzoo · 9 August 2020 21:32

Joulinar and jollyrogr, using STATIC IP might be faster but it doesn’t guarantee that the issue won’t happen then.
In my case adding

PreUp = /boot/dietpi/func/obtain_network_details

was required to start Wireguard after bootup in a STATIC IP scenario.

The error reminded me on this issue: Wireguard and static IP on RPi4 B (Github: WireGuard and Lighttpd not working after update to v6.26.3 · Issue #3175 · MichaIng/DietPi · GitHub)

Joulinar · 9 August 2020 21:42

For new installations, the issue was fixed with current DietPi version 6.31

https://github.com/MichaIng/DietPi/commit/e5fc3bb195ffa99d0116ab741222803b7b9df327

TopFord · 14 December 2021 15:46

Just wanted to say thank you for this post.

I had not been able to update Dietpi since 7.6 due to Wireguard not working, and finding this finally helped me fix the issue and now I am on the latest version.