wireguard troubleshooting : no reply

ztlmikhtdsrpjygl · April 19, 2022 at 9:04 PM

At first ninze thank you very much for your post showing a wiregard@libreelec way that can handle DNS entries instead of IP's only!

joulester #17 is actually the way you want to use.

I just want to add useful commands/information as an addition to #17. I hope it makes it easier for others to understand.

If you change /storage/.config/system.d/wg0.service and/or /storage/.config/wireguard/wg0.conf, just use the following commands for testing:

Code

systemctl daemon-reload
systemctl stop wg0.service
systemctl start wg0.service
systemctl status wg0.service

#other helpful commands:
wg
route
ip route list

For enabling wireguard when LibreELEC starts, just do:

Code

systemctl enable wg0.service
reboot

My goal was to use the wireguard server as a hop that redirects the traffic further (in this case to 192.168.150.0/24). On LibreELEC-side 1 additional route was needed:

Code

ExecStart=ip route add 192.168.150.0/24 dev wg0 src 192.168.20.2
ExecStop=ip route del 192.168.150.0/24 dev wg0 src 192.168.20.2

The order was very important (Dont ask me why. Manually a different order was possible. Perhaps the speed of execution matters):

Code

ExecStart=ip link add dev wg0 type wireguard
ExecStart=ip address add dev wg0 10.1.1.3/24
ExecStart=wg setconf wg0 /storage/.config/wireguard/wg0.conf
ExecStart=ip link set up dev wg0
ExecStart=ip route add 192.168.150.0/24 dev wg0 src 10.1.1.3

ExecStop=ip route del 192.168.150.0/24 dev wg0 src 10.1.1.3
ExecStop=ip link set down dev wg0
ExecStop=ip address del dev wg0 10.1.1.3/24
ExecStop=ip link del dev wg0

Why "ip route add ..."? It really needs to look like this:

Code

ip route list
192.168.150.0/24 dev wg0 scope link  src 10.1.1.3
#the last .3 is important

I hope it helps.

ztlmikhtdsrpjygl · April 20, 2022 at 6:58 AM

ninze or someoneelse?

For some reason it cannot handle a changing IP address behind the DNS entry. Do you have a solution for it?

ztlmikhtdsrpjygl · April 23, 2022 at 3:50 PM

Here I post a full config to set up a Wireguard connection. It deals with DNS, changing IP's behind the DNS and is restart-proof.

Just adjust:
- `<YOURDNS>
- <server.pub>
- <preshared.psk>

- 192.168.150.0 if your wireguard server is a hop and LibreELEC needs to talk to a device within 192.168.150.0/24 behind the hop. If not needed, you can remove it.

wg0.conf:

Code

vi /storage/.config/wireguard/wg0.conf
[Interface]
ListenPort = 51820
PrivateKey = <client.key> 

[Peer]
PublicKey = <server.pub>
PresharedKey = <preshared.psk>
AllowedIPs = 10.1.1.0/24,192.168.150.0/24
Endpoint = <YOURDNS>:51820
PersistentKeepalive = 25

Display More

system.d (restart proof):

Code

vi /storage/.config/system.d/wg0.service
[Unit]
Description=start wireguard interface
Requires=network-online.service
After=time-sync.target
Before=kodi.service

[Service]
Type=oneshot
RemainAfterExit=true
StandardOutput=journal

ExecStart=ip link add dev wg0 type wireguard
ExecStart=ip address add dev wg0 10.1.1.3/24
ExecStart=wg setconf wg0 /storage/.config/wireguard/wg0.conf
ExecStart=ip link set up dev wg0
ExecStart=ip route add 192.168.150.0/24 dev wg0 src 10.1.1.3

ExecStop=ip route del 192.168.150.0/24 dev wg0 src 10.1.1.3
ExecStop=ip link set down dev wg0
ExecStop=ip address del dev wg0 10.1.1.3/24
ExecStop=ip link del dev wg0

[Install]
WantedBy=multi-user.target

systemctl enable wg0.service
reboot

#troubleshooting
systemctl daemon-reload
systemctl restart wg0.service
systemctl stop wg0.service
systemctl start wg0.service
systemctl status wg0.service

Display More

Create script for restarting Wireguard if IP behind DNS has changed:
```

Code

cd /storage/.config/wireguard/
touch /storage/.config/wireguard/restartWireguardIfNewIP.sh
chmod +x /storage/.config/wireguard/restartWireguardIfNewIP.sh
vi /storage/.config/wireguard/restartWireguardIfNewIP.sh

#!/bin/bash 
cip=$(wg show wg0 endpoints | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}") 
echo "$cip"
digIP=$(getent hosts <YOURDNS> | awk '{ print $1 }')
 echo "$digIP"
 if [ "$digIP" != "$cip" ]
 then
 echo "IP's are different, restart wireguard"
 systemctl restart wg0.service
 
 else 
 echo "IP's are same, don't do anything"
 fi

Display More

```

Create cronjob, running every 5 mins:

Code

crontab -e
*/5 * * * * /storage/.config/wireguard/restartWireguardIfNewIP.sh
crontab -l

If you use SMB, it needs to start after wireguard tunnel has started:

Code

vi /storage/.config/system.d/smb.mount
[Unit]
...
After=wg0.service
...

Test everything:
```

Code

reboot

I hope it helps someone. Credits to ninze