Hi, guys, and thanks for all of your work on this.
One suggestion -- you should add one note to the Wiki: Although the "preshared key" is optional, if a preshared key isn't used, the entire line must be deleted. If the line is present, but no key is supplied, the Wireguard instance will fail.
I wasted several hours before I figured this out, and I know others have as well.
rkershenbaum I've added a note to the wiki to highlight this point: https://wiki.libreelec.tv/configuration/wireguard
It seems like that the Host i.e Host = 185.210.30.121 in the example tutoral, cannot be a DDNS name.
How come?
Another thing that this does not seem to handle is ipv6 support. And this is added by default if you install wireguard via PiVPN.
Setting up a WireGuard VPN on the Raspberry Pi - Pi My Life Up
It seems like that the Host i.e Host = 185.210.30.121 in the example tutoral, cannot be a DDNS name. How come?
You're configurating a network interface not an application. NICs route traffic based on IP data and you're basically defining a static IP route to the other end of the tunnel. If you want to handle DDNS hostnames you need something at application level to resolve the hostname to an IP and update the WireGuard config. ConnMan watches the config files; I'm not sure if it can adjust the tunnel routing while the connection is active or it needs to stop/restart the connection first (should be simple to test though).
5:I ran:
iptables-save >/storage/.config/iptables/rules.v4 to make it permanent
6: I then activated the personalized firewall in the graphical interface and restarted
after these steps I still had dns leaks.
I therefore configure a fixed ip with the 1st dns 10.2.0.1 and the second pihole.
Could somebody clarify what laurent734 meant by "I configured a fixed IP with the 1st DNS"? Sadly he doesn't seem to be posting here, so I doubt he'll be able to help.
WireGuard.DNS = 10.2.0.1, 192.168.1.100He configured the first as 10.2.0.1 and the second as a local PiHole device in the local network
This subject is beyond my understanding but I can type code that is in front of me.
Raspberry pi4, libreelec, kodi, openvpn, nord vpn. My issue is my fiber optic speed is 500Mbps but with the vpn service on I only get about 150Mbps, turn it off and I get my 500Mbps. Searching for a resolve I found that Wireguard is superior and much faster. My goodness the install process is quite involved. All I want is vpn on my setup that will get me closer to my available speed. Can I achieve that with Wireguard or are there other options to openvpn?
Thanks in advance for your assistance.
This subject is beyond my understanding but I can type code that is in front of me.
Raspberry pi4, libreelec, kodi, openvpn, nord vpn. My issue is my fiber optic speed is 500Mbps but with the vpn service on I only get about 150Mbps, turn it off and I get my 500Mbps. Searching for a resolve I found that Wireguard is superior and much faster. My goodness the install process is quite involved. All I want is vpn on my setup that will get me closer to my available speed. Can I achieve that with Wireguard or are there other options to openvpn?
Thanks in advance for your assistance.
Your problem is OpenVPN. That protocol is old and does not allow for higher speeds. As you have noticed, turn to WireGuard instead, it's much faster.
Can I achieve that with Wireguard or are there other options to openvpn?
Mullvad announced today, that they will drop OpenVPN support early 2026.
I guess others will follow. The defacto standard VPN-Manager for Kodi at the moment is VPNManager:
They support OpenVPN only and don't seem to want to support Wireguard.
As Wireguard seems to be the way to go in the future, it would be very nice to see it implemented directly into LibreElec. No idea if the devs are interested to do that, but I guess many people would appreciate this step.
As Wireguard seems to be the way to go in the future, it would be very nice to see it implemented directly into LibreElec
You mean like this? (4.5 years ago) https://github.com/LibreELEC/LibreELEC.tv/pull/4139
You mean like this? (4.5 years ago) https://github.com/LibreELEC/LibreELEC.tv/pull/4139
Thank you for answering. I guess i ment a way to configure it from the GUI, most people will be unble to do it as explained in the Wiki. But no offense. Maybe a nice Wireguard plugin will showup anyway.
I followed the guide at WireGuard | LibreELEC.wiki - especially the part "known-issues". I set my config to only route my internal network over the VPN connection - everything else should use the clients local internet breakout.
This does not work - everything is routed through my VPN network. A short check with i.e. curl -4 icanhazip.com shows my VPN networks public IP. Traceroute to "somethingontheweb.com" tells me the same.
Here is some log output:
Jan 10 14:31:08 LE-Test systemd[1]: Starting wireguard.service...
Jan 10 14:31:08 LE-Test connman-vpnd[386]: wg0 {update} flags 32912 <DOWN>
Jan 10 14:31:08 LE-Test connman-vpnd[386]: wg0 {newlink} index 12 operstate 2 <DOWN>
Jan 10 14:31:08 LE-Test connman-vpnd[386]: wg0 {dellink} index 12 operstate 2 <DOWN>
Jan 10 14:31:08 LE-Test connman-vpnd[386]: wg0 {remove} index 12
Jan 10 14:31:13 LE-Test connmand[720]: ipconfig state 2 ipconfig method 1
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {create} index 13 type 65534 <NONE>
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {update} flags 144 <DOWN>
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {newlink} index 13 address 00:00:00:00:00:00 mtu 1420
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {newlink} index 13 operstate 2 <DOWN>
Jan 10 14:31:13 LE-Test connman-vpnd[386]: wg0 {create} index 13 type 65534 <NONE>
Jan 10 14:31:13 LE-Test connman-vpnd[386]: wg0 {update} flags 144 <DOWN>
Jan 10 14:31:13 LE-Test connman-vpnd[386]: wg0 {newlink} index 13 operstate 2 <DOWN>
Jan 10 14:31:13 LE-Test connmand[720]: ipconfig state 2 ipconfig method 1
Jan 10 14:31:13 LE-Test connman-vpnd[386]: wg0 {update} flags 98513 <UP,RUNNING,LOWER_UP>
Jan 10 14:31:13 LE-Test connman-vpnd[386]: wg0 {newlink} index 13 operstate 0 <UNKNOWN>
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {update} flags 98513 <UP,RUNNING,LOWER_UP>
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {newlink} index 13 address 00:00:00:00:00:00 mtu 1420
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {newlink} index 13 operstate 0 <UNKNOWN>
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {add} address 192.168.4.2/32 label wg0 family 2
Jan 10 14:31:13 LE-Test connmand[720]: Adding host route failed (Network is unreachable)
Jan 10 14:31:13 LE-Test connmand[720]: rp_filter set to 2 (loose mode routing), old value was 0
Jan 10 14:31:13 LE-Test connmanctl[1501]: Connected vpn_XXX_XXX_XXX_XXX
Jan 10 14:31:13 LE-Test iwd[400]: udev interface=wg0 ifindex=13
Jan 10 14:31:13 LE-Test connmand[720]: ipconfig state 4 ipconfig method 1
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {add} route 192.168.4.1 gw 0.0.0.0 scope 253 <LINK>
Jan 10 14:31:13 LE-Test connmand[720]: eth0 {del} route 0.0.0.0 gw 192.168.8.1 scope 0 <UNIVERSE>
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {add} route 0.0.0.0 gw 0.0.0.0 scope 253 <LINK>
Jan 10 14:31:13 LE-Test connmanctl[1505]: Moved vpn_XXX_XXX_XXX_XXX after ethernet_dca6326axxxx_cable
Jan 10 14:31:13 LE-Test connmanctl[1509]: Moved vpn_XXX_XXX_XXX_XXX after ethernet_dca6326axxxx_cable
Jan 10 14:31:13 LE-Test connmand[720]: wg0 {add} route 192.168.200.0 gw 192.168.4.1 scope 0 <UNIVERSE>
Jan 10 14:31:13 LE-Test systemd[1]: Finished wireguard.service.192.168.200.0 is my local network.
192.168.4.0 is the VPN network.
192.168.8.0 is the remote clients network.
Any ideas?
Use connmanctl to review and perhaps change the interface sequence order to modify routing.
Could you please help here with specific commands?
https://wiki.libreelec.tv/configuration/wireguard#known-issues
