| View previous topic :: View next topic |
| Author |
Message |
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
 Posted: Thu Oct 05, 2023 6:30 am Post subject: How to use wireguard under gentoo |
 |
|
I install wireguard-tools, and copy the wg0.conf file to /etc/wireguard/, when I use wg-quick up wg0 ,it does not work , here is the message
| Code: | [#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev wg0
[#] ip -6 address add 2606:4700:110:8a5a:c842:4772:a834:c25/128 dev wg0
[#] ip link set mtu 1280 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] ip -6 route add ::/1 dev wg0
[#] ip -6 route add 8000::/1 dev wg0
[#] ip -4 route add 128.0.0.0/1 dev wg0
[#] ip -4 route add 0.0.0.0/1 dev wg0 |
But ,under archlinux, do the same it works,and get this message
| Code: | [#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev wg0
[#] ip -6 address add 2606:4700:110:8781:b756:22e:199e:87e7/128 dev wg0
[#] ip link set mtu 1280 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] nft -f /dev/fd/63
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63
[#] export PRIORITY=1024; source /etc/wireguard/hooks/post-up.sh
Add rules...
Add rules done. |
[Moderator edit: added [code] tags to preserve output layout. -- pietinger] |
|
| Back to top |
|
 |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5539
Location: Bavaria
|
| Posted: Thu Oct 05, 2023 10:33 am Post subject: |
|
|
| It seems to me that archlinux is doing additionally some settings for a firewall, but the treatment of the network specific operations is identical. You might do this also with nftables. |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3583
|
| Posted: Thu Oct 05, 2023 10:42 am Post subject: |
|
|
So, in what what it doesn't work?
Do you use the same config files for wireguard on both systems?
Is your interface configured?
Routing rules?
Firewall?
Does your internet cut off after connecting? |
|
| Back to top |
|
|
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
| Posted: Thu Oct 05, 2023 10:48 am Post subject: |
|
|
| szatox wrote: | So, in what what it doesn't work?
Do you use the same config files for wireguard on both systems?
Is your interface configured?
Routing rules?
Firewall?
Does your internet cut off after connecting? |
works means I can connect the internet pass through the wireguard vpn ,I do not use firewall both archlinux and gentoo, and I use the same file wg0.confg |
|
| Back to top |
|
|
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
| Posted: Thu Oct 05, 2023 10:51 am Post subject: |
|
|
| pietinger wrote: | | It seems to me that archlinux is doing additionally some settings for a firewall, but the treatment of the network specific operations is identical. You might do this also with nftables. |
I think the wg-quick can automatic set nftables rules according to the wg0.conf ,but I don't khow why gentoo can not do this |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3583
|
| Posted: Thu Oct 05, 2023 11:15 am Post subject: |
|
|
Man, that's 100% non-answer to the questions asked.
A bus can fail to deliver you from location A to B due to a flat tire, empty tank, exploded engine, a drunk driver, or a million other reasons. Do you get where I'm going with it?
Divination services come at premium prices, so give us something to work with if you want to get help.
What have you done so far to diagnose it and what are the results? |
|
| Back to top |
|
|
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
| Posted: Thu Oct 05, 2023 11:49 am Post subject: |
|
|
| szatox wrote: | Man, that's 100% non-answer to the questions asked.
A bus can fail to deliver you from location A to B due to a flat tire, empty tank, exploded engine, a drunk driver, or a million other reasons. Do you get where I'm going with it?
Divination services come at premium prices, so give us something to work with if you want to get help.
What have you done so far to diagnose it and what are the results? |
I don't khow what can I provide ,there is no error message , and what I need do ? |
|
| Back to top |
|
|
CaptainBlood
Advocate
Joined: 24 Jan 2010
Posts: 3998
|
| Posted: Thu Oct 05, 2023 12:47 pm Post subject: |
|
|
Sorry to ask,
How far are you from Gentoo Wiki?
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. " |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23280
|
| Posted: Thu Oct 05, 2023 3:12 pm Post subject: |
|
|
| If there is no error message, how do you know it is not working? Please give us a simple command that you expect to work, which does not work, and the full output it produces. For example, curl -v https://www.gentoo.org/ should download the Gentoo home page. Does it? If not, what does it show instead? |
|
| Back to top |
|
|
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
| Posted: Fri Oct 06, 2023 4:40 am Post subject: |
|
|
| CaptainBlood wrote: | Sorry to ask,
How far are you from Gentoo Wiki?
Thks 4 ur attention, interest & support. |
yes I fellow the wiki, and get the configfile from cloudflare,here is the config file
| Code: | [Interface]
PrivateKey = kGP8SHrruq90+0VxU6Y5aK/RzYbACJM5bwjoup513lw=
Address = 172.16.0.2/32, 2606:4700:110:8a5a:c842:4772:a834:c25/128
DNS = 1.1.1.1, 1.0.0.1
MTU = 1280
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
Endpoint = 162.159.192.247:5956 |
put the file in /etc/wireguard/ and start the vpn with |
|
| Back to top |
|
|
hdcg
Tux's lil' helper
Joined: 07 Apr 2013
Posts: 121
|
| Posted: Fri Oct 06, 2023 5:31 am Post subject: |
|
|
Hello wenzi,
first of all be careful about the information you share. It looks like you just shared your private key. If this is really your private key, make sure to invalidate your current Cloudflare config and create a new one!
As mentioned in the other posts, the general wireguard setup looks fine and it connects. The difference is most likely your network configuration.
I did a peek at the wg-quick script and it performs specific steps (e.g. the "sysctl -q net.ipv4.conf.all.src_valid_mark=1" you see under Arch) depending on the network configuration.
Beside the answer to the question from Hu, can you please provide the output of
for your Gentoo environment as well as for your Arch environment. This may give us a lead.
Best Regards,
Holger |
|
| Back to top |
|
|
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
| Posted: Fri Oct 06, 2023 5:44 am Post subject: |
|
|
| hdcg wrote: | Hello wenzi,
first of all be careful about the information you share. It looks like you just shared your private key. If this is really your private key, make sure to invalidate your current Cloudflare config and create a new one!
As mentioned in the other posts, the general wireguard setup looks fine and it connects. The difference is most likely your network configuration.
I did a peek at the wg-quick script and it performs specific steps (e.g. the "sysctl -q net.ipv4.conf.all.src_valid_mark=1" you see under Arch) depending on the network configuration.
Beside the answer to the question from Hu, can you please provide the output of
for your Gentoo environment as well as for your Arch environment. This may give us a lead.
Best Regards,
Holger |
THANKS, after I update the system to the lastest ,everything works fine,  I realy don't khow why? thanks everybady for my help, THANKS!! |
|
| Back to top |
|
|
|
Networking & Security
