WireGuard DNS after latest upgrade Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

WireGuard DNS after latest upgrade

Post by Niwre »

Hello,

since the latest upgrade, my local DNS server specified in WireGuard has stopped working. After recovering the last version everything works fine again. What could that be?

Thank you
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

Can nobody help here?
User avatar
MichaIng
Site Admin
Posts: 2423
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard DNS after latest upgrade

Post by MichaIng »

@Niwre
If the issue still occurs:
When connecting a client to the VPN, is it possible to connect via bare IP to some external address, so really only DNS resolving fails?
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

yes IP addresses work perfectly, only the DNS resolving does not work anymore.
User avatar
MichaIng
Site Admin
Posts: 2423
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard DNS after latest upgrade

Post by MichaIng »

@Niwre
It is the client that cannot resolve hostnames, not the server, right?

Could you please try it with the new kernel and WireGuard versions:
(you are on RPi, right?)

Code: Select all

apt upgrade
dpkg-reconfigure wireguard-dkms
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

@MichaIng
I already tried it with the new kernel and WireGuard, it did not work either.

I tested it now with the update from 6.21.1 to 6.24.1, unfortunately it does not work here either. Now I can only call external pages, local addresses work neither via DNS nor via the direct IP address.

I am not on an RPI, I am on a virtual machine on an ESXi 6.0.

I am now back to version 6.21.1 with the WireGuard version 0.0.20190406 (currently the version would be 0.0.20190601), everything works fine here.

What can I do to update to the latest version of DietPi?
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

I tried again with the update to version 6.24.1 and it did not work again. However, I noticed that the service for WireGuard has not started after the update and can not be started anymore. So it does not work anymore, but why can not the service be started and how can I fix it?
User avatar
MichaIng
Site Admin
Posts: 2423
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard DNS after latest upgrade

Post by MichaIng »

@Niwre
Note that it is essential that you recompile the WireGuard module after every kernel upgrade:

Code: Select all

apt full-upgrade
dpkg-reconfigure wireguard-dkms
You could do a dietpi-backup and run the above two commands to upgrade both and see if your issue related to the WireGuard/kernel upgrade or because of the DietPi-Update.

In case the service fails, please paste:

Code: Select all

journalctl -u wg-quick@wg0
ip a
And check if the module has been loaded successfully:

Code: Select all

lsmod | grep wireguard
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

@MichaIng

The kernel upgrade is not the problem, I've done the update in 6.21.1 and WireGuard still works fine. The command systemctl status wg-quick@wg0.service probably shows the cause of the problem.

root@WireGuardPi:~# systemctl status wg-quick@wg0.service
wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2019-06-10 15:52:51 BST; 2min 46s ago
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/WireGuard/about/s ... wg-quick.8
https://git.zx2c4.com/WireGuard/about/s ... s/man/wg.8
Process: 1434 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=255)
Main PID: 1434 (code=exited, status=255)

Jun 10 15:52:51 WireGuardPi wg-quick[1434]: [#] ip link set mtu 1420 up dev wg0
Jun 10 15:52:51 WireGuardPi wg-quick[1434]: [#] ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $(sed -n 3p /DietPi/dietpi/.network) -j MASQUERADE
Jun 10 15:52:51 WireGuardPi wg-quick[1434]: [#] sysctl net.ipv6.conf.wg0.forwarding=1 net.ipv6.conf.$(sed -n 3p /DietPi/dietpi/.network).forwarding=1
Jun 10 15:52:51 WireGuardPi wg-quick[1434]: net.ipv6.conf.wg0.forwarding = 1
Jun 10 15:52:51 WireGuardPi wg-quick[1434]: sysctl: cannot stat /proc/sys/net/ipv6/conf/NONE/forwarding: No such file or directory
Jun 10 15:52:51 WireGuardPi wg-quick[1434]: [#] ip link delete dev wg0
Jun 10 15:52:51 WireGuardPi systemd[1]: wg-quick@wg0.service: Main process exited, code=exited, status=255/n/a
Jun 10 15:52:51 WireGuardPi systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
Jun 10 15:52:51 WireGuardPi systemd[1]: wg-quick@wg0.service: Unit entered failed state.
Jun 10 15:52:51 WireGuardPi systemd[1]: wg-quick@wg0.service: Failed with result 'exit-code'.

Does this information help?
User avatar
MichaIng
Site Admin
Posts: 2423
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard DNS after latest upgrade

Post by MichaIng »

@Niwre
Ah indeed, it seems that the active network device could not be identified on boot.

Please check: sed -n 3p /DietPi/dietpi/.network
It seems to contain "NONE".
Try: /DietPi/dietpi/func/obtain_network_details
Then retry sed -n 3p /DietPi/dietpi/.network, if it shows the correct interface.
If so, then systemctl restart wg-quick@wg0 should fix the state.

I think we should run this script to update network info as ExecStartPre to the WireGuard systemd service, in case on boot waiting for network exceeds the default 10 seconds timeout.
Post Reply