View previous topic :: View next topic |
Author |
Message |
Dro021 n00b
Joined: 18 Jun 2024 Posts: 3
|
Posted: Tue Jun 18, 2024 7:44 am Post subject: iwd and wireguard, no network |
|
|
Hello.
I have no network when activating a wireguard configuration.
Code: | wg-quick up [wireguard-conf] |
I am using iwd with the gentoo-dist kernel
i have tried
- iwd with dhcpcd backend
- iwd with USE=standalone
- network manager
- compiling my own kernel with recommendations from the iwd page on gentoo wiki
And i still can't reach the internet.
Am i missing a package of some sort? Or is it a config file that may have a missing option ?
Thank you for your time |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3420
|
Posted: Tue Jun 18, 2024 10:44 am Post subject: |
|
|
Well, since you didn't include any information regarding your setup, like wg-quick config file, exact commands you're using to set things up (obfuscating addresses is OK), error messages, links to the guides, which relevant parts already work (are both your machines connected to the internet and can see each other outside of wg?), etc:
Aw, man, that sucks. We feel you pain. We'll always be here to listen. _________________ Make Computing Fun Again |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 5090 Location: Bavaria
|
|
Back to top |
|
|
Dro021 n00b
Joined: 18 Jun 2024 Posts: 3
|
Posted: Tue Jun 18, 2024 12:35 pm Post subject: |
|
|
Hi thank you for the answer and the link, it was very helpful.
i will try to provide more information.
gentoo musl/llvm openrc running on a framework laptop 16 with
linux-6.6.32-gentoo-dist.
Internet is working correctly when just using iwd. No problems at all.
The wireguard config files come from mullvad vpn where you can directly
download the wireguard configurations. I then move the configs into
/etc/wireguard. then call wg-quick up [name of config]. This setup has been
running without issues on gentoo before (~1year). 1 month ago i recieved my
new laptop and have the problem since then. I am only thinking about it now
but the source might be from my new pc. I have not yet tried to upgrade the
kernel to 6.9.4.
link to output of "emerge --info": http://0x0.st/XTTM.bin
link to output of "dmesg": http://0x0.st/XTTu.txt
link to output of "lspci -nnk": http://0x0.st/XTTS.txt
link to output of "rc-update": http://0x0.st/XTTj.txt
Here are the relevant links I used at one point to compile my own kernel (but
went back to dist-kernel as the networking problem was still here)
https://wiki.gentoo.org/wiki/WireGuard
https://wiki.gentoo.org/wiki/Iwd
https://wiki.gentoo.org/wiki/Wi-Fi
running "ip a" command give this output when everything is normal and i can
connect to the internet.
Code: |
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether [ipv6 addr] brd ff:ff:ff:ff:ff:ff
inet [ipv4 addr]/24 scope global dynamic noprefixroute wlan0
valid_lft 85874sec preferred_lft 85874sec
inet6 [ipv6 addr]/128 scope global dynamic noprefixroute
valid_lft 86371sec preferred_lft 571sec
inet6 [ipv6 addr]/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
|
then running "wg-quick up" output this
Code: |
[#] ip link add [wg-config name] type wireguard
[#] wg setconf [wg-config name] /dev/fd/63
[#] ip -4 address add [ip addr]/32 dev [wg-config name]
[#] ip -6 address add [ip addr]/128 dev [wg-config name]
[#] ip link set mtu 1420 up [wg-config name]
[#] resolvconf -a [wg-config name] -m 0 -x
[#] wg set [wg-config name] fwmark 51820
[#] ip -6 route add ::/0 dev [wg-config name] table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev [wg-config name] table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
|
Networking is not the area where i have the most knowledge but i don't think there is anything incorrect in the output.
running "ip a" again is output this now
Code: |
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether [ipv6 addr] brd ff:ff:ff:ff:ff:ff
inet [ip addr]/24 scope global dynamic noprefixroute wlan0
valid_lft 84835sec preferred_lft 84835sec
inet6 [ip addr]/128 scope global dynamic noprefixroute
valid_lft 86347sec preferred_lft 547sec
inet6 [ip addr]/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
4: [wg-config name]: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet [ip addr]/32 scope global [wg-config name]
valid_lft forever preferred_lft forever
inet6 [ip addr]/128 scope global
valid_lft forever preferred_lft forever
|
|
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3420
|
Posted: Tue Jun 18, 2024 1:22 pm Post subject: |
|
|
Does `wg show` report any successful handshakes?
If not: does your config enable PersistentKeepalive? If not, add PersistentKeepalive = 15 (or whatever interval you like) to the [Peer] section, reload and see if you're getting handshakes now.
It should also report allowed ips like 0.0.0.0/0 and ::/0 since you're routing everything through that vpn.
Next, wg-quick adds routing rules for you, but what about your firewall? Does it actually let your traffic through?
Can you ping anything using IP address instead of name? _________________ Make Computing Fun Again |
|
Back to top |
|
|
Dro021 n00b
Joined: 18 Jun 2024 Posts: 3
|
Posted: Tue Jun 18, 2024 2:11 pm Post subject: |
|
|
You were right, the culprit was the firewall on the router. Recently i had to reset it and did not even think to check the settings.
Thank you very much for your time it was very helpful |
|
Back to top |
|
|
|