Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
iwd and wireguard, no network
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Dro021
n00b
n00b


Joined: 18 Jun 2024
Posts: 3

PostPosted: Tue Jun 18, 2024 7:44 am    Post subject: iwd and wireguard, no network Reply with quote

Hello.

I have no network when activating a wireguard configuration.

Code:
 wg-quick up [wireguard-conf]


I am using iwd with the gentoo-dist kernel

i have tried

- iwd with dhcpcd backend
- iwd with USE=standalone
- network manager
- compiling my own kernel with recommendations from the iwd page on gentoo wiki

And i still can't reach the internet.

Am i missing a package of some sort? Or is it a config file that may have a missing option ?

Thank you for your time
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3407

PostPosted: Tue Jun 18, 2024 10:44 am    Post subject: Reply with quote

Well, since you didn't include any information regarding your setup, like wg-quick config file, exact commands you're using to set things up (obfuscating addresses is OK), error messages, links to the guides, which relevant parts already work (are both your machines connected to the internet and can see each other outside of wg?), etc:

Aw, man, that sucks. We feel you pain. We'll always be here to listen.
_________________
Make Computing Fun Again
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5050
Location: Bavaria

PostPosted: Tue Jun 18, 2024 11:43 am    Post subject: Reply with quote

Dro021,

Welcome to Gentoo Forums ! :D

Please boot with our dist-kernel (so we dont have to check the kernel .config) and have a look into this article and provide some information about your system - best: all 3:
https://wiki.gentoo.org/wiki/User:Pietinger/Overview_of_System_Information

If you have OpenRC give us also the output of "rc-update" and describe your current configuration.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
Dro021
n00b
n00b


Joined: 18 Jun 2024
Posts: 3

PostPosted: Tue Jun 18, 2024 12:35 pm    Post subject: Reply with quote

Hi thank you for the answer and the link, it was very helpful. :)

i will try to provide more information.

gentoo musl/llvm openrc running on a framework laptop 16 with
linux-6.6.32-gentoo-dist.

Internet is working correctly when just using iwd. No problems at all.

The wireguard config files come from mullvad vpn where you can directly
download the wireguard configurations. I then move the configs into
/etc/wireguard. then call wg-quick up [name of config]. This setup has been
running without issues on gentoo before (~1year). 1 month ago i recieved my
new laptop and have the problem since then. I am only thinking about it now
but the source might be from my new pc. I have not yet tried to upgrade the
kernel to 6.9.4.

link to output of "emerge --info": http://0x0.st/XTTM.bin
link to output of "dmesg": http://0x0.st/XTTu.txt
link to output of "lspci -nnk": http://0x0.st/XTTS.txt
link to output of "rc-update": http://0x0.st/XTTj.txt

Here are the relevant links I used at one point to compile my own kernel (but
went back to dist-kernel as the networking problem was still here)

https://wiki.gentoo.org/wiki/WireGuard
https://wiki.gentoo.org/wiki/Iwd
https://wiki.gentoo.org/wiki/Wi-Fi

running "ip a" command give this output when everything is normal and i can
connect to the internet.

Code:


3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether [ipv6 addr] brd ff:ff:ff:ff:ff:ff
    inet [ipv4 addr]/24 scope global dynamic noprefixroute wlan0
       valid_lft 85874sec preferred_lft 85874sec
    inet6 [ipv6 addr]/128 scope global dynamic noprefixroute
       valid_lft 86371sec preferred_lft 571sec
    inet6 [ipv6 addr]/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever



then running "wg-quick up" output this

Code:


[#] ip link add [wg-config name] type wireguard
[#] wg setconf [wg-config name] /dev/fd/63
[#] ip -4 address add [ip addr]/32 dev [wg-config name]
[#] ip -6 address add [ip addr]/128 dev [wg-config name]
[#] ip link set mtu 1420 up [wg-config name]
[#] resolvconf -a [wg-config name] -m 0 -x
[#] wg set [wg-config name] fwmark 51820
[#] ip -6 route add ::/0 dev [wg-config name] table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev [wg-config name] table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n



Networking is not the area where i have the most knowledge but i don't think there is anything incorrect in the output.

running "ip a" again is output this now

Code:

3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether [ipv6 addr] brd ff:ff:ff:ff:ff:ff
    inet [ip addr]/24 scope global dynamic noprefixroute wlan0
       valid_lft 84835sec preferred_lft 84835sec
    inet6 [ip addr]/128 scope global dynamic noprefixroute
       valid_lft 86347sec preferred_lft 547sec
    inet6 [ip addr]/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
4: [wg-config name]: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet [ip addr]/32 scope global [wg-config name]
       valid_lft forever preferred_lft forever
    inet6 [ip addr]/128 scope global
       valid_lft forever preferred_lft forever
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3407

PostPosted: Tue Jun 18, 2024 1:22 pm    Post subject: Reply with quote

Does `wg show` report any successful handshakes?
If not: does your config enable PersistentKeepalive? If not, add PersistentKeepalive = 15 (or whatever interval you like) to the [Peer] section, reload and see if you're getting handshakes now.
It should also report allowed ips like 0.0.0.0/0 and ::/0 since you're routing everything through that vpn.

Next, wg-quick adds routing rules for you, but what about your firewall? Does it actually let your traffic through?
Can you ping anything using IP address instead of name?
_________________
Make Computing Fun Again
Back to top
View user's profile Send private message
Dro021
n00b
n00b


Joined: 18 Jun 2024
Posts: 3

PostPosted: Tue Jun 18, 2024 2:11 pm    Post subject: Reply with quote

You were right, the culprit was the firewall on the router. Recently i had to reset it and did not even think to check the settings.

Thank you very much for your time it was very helpful
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum