WireGuard DNS after latest upgrade Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

@MichaIng
Thanks for the hint, the solution is now simple and therefore no problem. :)
User avatar
MichaIng
Site Admin
Posts: 2423
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard DNS after latest upgrade

Post by MichaIng »

@Niwre
Great. I also just tested WireGuard client setup and indeed similar to OpenVPN client setup, ip r s 0.0.0.0/0 still shows the correct physical default route + gateway. So good chance that we have a more failsafe main network adapter estimation with v6.26 which solves cases as yours.
ghettopi
Posts: 44
Joined: Tue Jul 30, 2019 9:17 pm

Re: WireGuard DNS after latest upgrade

Post by ghettopi »

Hi I'm bumping this @MichaIng because I am getting the exact same issue when trying to use Wireguard. As soon as I start the service, I start getting DNS resolving issues.

Please see this thread: viewtopic.php?f=11&t=6191

Do I have to go through the same steps as the other user? If this issue is similar (seems quite like it is) then I think it is safe to say that the problem is not resolved. I am also using Ethernet. This is my 4th fresh install attempt at getting Wireguard to work...

EDIT: I've done my best to retrace the steps you gave the other user.
sed -n 3p /DietPi/dietpi/.network

Code: Select all

eth0
Then:
lsmod | grep wireguard

Code: Select all

root@DietPi:/etc/wireguard# lsmod | grep wireguard
wireguard             143360  0
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             16384  1 wireguard
ipv6                  450560  42 wireguard,nf_nat_ipv6
dpkg-reconfigure wireguard-dkms
Finished! Next:
wg-quick up se3
se3 is the name of the .conf I downloaded, which you can see the contents of in the thread I linked above.

Code: Select all

root@DietPi:/etc/wireguard# wg-quick up se3
[#] ip link add se3 type wireguard
[#] wg setconf se3 /dev/fd/63
[#] ip -4 address add 10.64.1.43/32 dev se3
[#] ip link set mtu 1420 up dev se3
[#] resolvconf -a tun.se3 -m 0 -x
Too few arguments.
Too few arguments.
[#] ip -4 route add 8.8.8.8/32 dev se3
[#] ip -4 route add 192.169.0.0/16 dev se3
[#] ip -4 route add 192.170.0.0/15 dev se3
[#] ip -4 route add 192.172.0.0/14 dev se3
[#] ip -4 route add 192.160.0.0/13 dev se3
[#] ip -4 route add 192.176.0.0/12 dev se3
[#] ip -4 route add 172.0.0.0/12 dev se3
[#] ip -4 route add 192.128.0.0/11 dev se3
[#] ip -4 route add 172.32.0.0/11 dev se3
[#] ip -4 route add 192.192.0.0/10 dev se3
[#] ip -4 route add 172.64.0.0/10 dev se3
[#] ip -4 route add 192.0.0.0/9 dev se3
[#] ip -4 route add 172.128.0.0/9 dev se3
[#] ip -4 route add 193.0.0.0/8 dev se3
[#] ip -4 route add 173.0.0.0/8 dev se3
[#] ip -4 route add 11.0.0.0/8 dev se3
[#] ip -4 route add 8.0.0.0/7 dev se3
[#] ip -4 route add 194.0.0.0/7 dev se3
[#] ip -4 route add 174.0.0.0/7 dev se3
[#] ip -4 route add 196.0.0.0/6 dev se3
[#] ip -4 route add 168.0.0.0/6 dev se3
[#] ip -4 route add 12.0.0.0/6 dev se3
[#] ip -4 route add 200.0.0.0/5 dev se3
[#] ip -4 route add 160.0.0.0/5 dev se3
[#] ip -4 route add 0.0.0.0/5 dev se3
[#] ip -4 route add 208.0.0.0/4 dev se3
[#] ip -4 route add 176.0.0.0/4 dev se3
[#] ip -4 route add 16.0.0.0/4 dev se3
[#] ip -4 route add 32.0.0.0/3 dev se3
[#] ip -4 route add 128.0.0.0/3 dev se3
[#] ip -4 route add 64.0.0.0/2 dev se3
Then:
sudo wg show

Code: Select all

root@DietPi:/etc/wireguard# sudo wg show
interface: se3
  public key: [i]**removed**[/i]
  private key: (hidden)
  listening port: 47623

peer: [i]**removed**[/i]
  endpoint: 185.213.154.130:51820
  allowed ips: 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 8.8.8.8/32
root@DietPi:/etc/wireguard#
Also check status:
systemctl status wg-quick@se3.service

Code: Select all

root@DietPi:/etc/wireguard# systemctl status wg-quick@se3.service
   wg-quick@se3.service - WireGuard via wg-quick(8) for se3
   Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor prese
t: enabled)
   Active: inactive (dead)
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg-quick.8
           https://git.zx2c4.com/WireGuard/about/src/tools/man/wg.8
Ok so it's connected apparently? Let's ping:
ping google.com

Code: Select all

ping: google.com: Temporary failure in name resolution
Ok so what the f#ck?
sudo nano /etc/resolv.conf

Code: Select all

# Generated by resolvconf
nameserver 193.138.218.74
Ok so what the hell? It was successfully changed by Wireguard but it's not working...

Well christ, let's change "DNS=" to my router! 192.168.2.1

Oh look now we get this with Wireguard running. But no answer. 100% packet loss...

Code: Select all

root@DietPi:/etc/wireguard# ping google.com
PING google.com (172.217.168.206) 56(84) bytes of data.
^C
--- google.com ping statistics ---
56 packets transmitted, 0 received, 100% packet loss, time 283ms
So I get a little bit further when I make my router the DNS written in the .conf file... But why?
ghettopi
Posts: 44
Joined: Tue Jul 30, 2019 9:17 pm

Re: WireGuard DNS after latest upgrade

Post by ghettopi »

Solved!

Solution was to remove everything from AllowedIPs and change it back to 0.0.0.0/0. Now everything works.

For some reason it didn't kill my local network connection and SSH this time... No idea why it did last time. Maybe fail2ban was to blame? Either way I moved to ufw which I like much more (uncomplicated firewall)
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

MichaIng wrote: Sun Jun 30, 2019 9:50 pm @Niwre
Great. I also just tested WireGuard client setup and indeed similar to OpenVPN client setup, ip r s 0.0.0.0/0 still shows the correct physical default route + gateway. So good chance that we have a more failsafe main network adapter estimation with v6.26 which solves cases as yours.
@MichaIng After update to 6.26.3 the same problem. The quick workaround has also fixed the problem In this version.
User avatar
MichaIng
Site Admin
Posts: 2423
Joined: Sat Nov 18, 2017 6:21 pm

Re: WireGuard DNS after latest upgrade

Post by MichaIng »

@Niwre
Indeed I didn't manage to add it to v6.26. However another report on GitHub brought back my attention: https://github.com/MichaIng/DietPi/issues/3175

So its two things: Delay WireGuard service start to after DietPi-Boot, so network has fully setup, and either enhance our network info script to not require adapter "UP" state, or better, use the default route method for WireGuard (replace the sed -n 3p /DietPi/dietpi/.network with ip r s 0.0.0.0/0 | mawk '{print $5}' in wg0.conf.

ip r s default should work as well (clearer/beautiful), but AFAIK this does not yet work on Debian Stretch (?).
Niwre
Posts: 36
Joined: Tue Apr 09, 2019 1:26 pm

Re: WireGuard DNS after latest upgrade

Post by Niwre »

@MichaIng
Many thanks for your help. I changed the default route method in WireGuard in wg0.conf. At the moment everything works fine.
Post Reply