WireGuard - server as hostname issue

  • I've setup WireGuard with LibreELEC and it works good, even with a Rsp1 can handle traffic for a full HD movie without issues. The only problem that I found with the setup is that "Host = IP of the WireGuard server" - must be an IP not a hostname, it will not be resolved and no error is shown, just the traffic will not work... but my server does not have a 100% static IP so I used DDNS... anyway a quick solution is to have a script at startup that resolves the IP, writes it to the config file, resolves the connection name and finally starts the VPN connection.

    This script will replace "your_hostname_to_server" string from wireguard.config.original into wireguard.config (so .original needs to be a complete config file except that instead of the server ip will have "your_hostname_to_server" which will be replaced

    To disconnect another script is used

    Bash
    #!/bin/bash
    
    #list connections and select the one with Wireguard in description
    VPN_CONNECTION_NAME=$(connmanctl services | grep 'WireGuard' | awk -F' ' '{print $NF}') 
    echo "VPN connection name: $VPN_CONNECTION_NAME"
    
    #connect to VPN
    connmanctl disconnect $VPN_CONNECTION_NAME

    Finally in wireguard.service file instead of connect/disconnect commands, the scripts are called

    Code
    ExecStart=/usr/bin/connmanctl connect vpn_service_name_goes_here
    ExecStop=/usr/bin/connmanctl disconnect vpn_service_name_goes_here

    changed to

    Code
    ExecStart=/storage/.config/wireguard/connectVPN.sh
    ExecStop=/storage/.config/wireguard/disconnectVPN.sh

    In this case the scripts are in '/storage/.config/wireguard/' for sure there is a better place, but just to make it work, it's ok :S

    Finally this is a quick & dirty solution to this Connman issue... by the way, anyone has any info on how to report a bug to Connman? I just found "You can report bugs at - 01.org JIRA" - but it seems that is a closed jira project and an account is needed to report the bug and an account can't be created by anyone new..

    Any suggestions or a better solution would be greatly appreciated :)

    Edited 3 times, last by unimatrix088 (March 21, 2020 at 3:18 PM).

  • If the line:

    SERVER_IP=$(getent hosts $SERVER_HOST | awk '{ print $1 }')

    is not working for you, try:

    SERVER_IP=$(nslookup YOURHOST 8.8.8.8 | awk '/^Address/ {A=$3}; END {print A}')

    Besides of this line working fine with 12 Beta 1 ...

  • I made this : [ LINK REMOVED SINCE IT ENCOURAGES PIRACY ]

    it's a tutorial that contains these instructions among others. (it's a tuto to install jellyfin with docker and to setup a raspberry pi with kodi to access it over wireguard)

    (it's still WIP) but I discovered something odd. theses instruction work flawlessly on a RPI 4 but fail on Raspberry Pi 3 B+.

    the script are the same. the config are correct and everything but the VPN just dont work. I can't ping the otherside of the VPN tunnel from the PI 3 (but I can access jellyfin from the PI4)

    if you have a debugging suggestion or experienced the problem i'm all ears :)