wireguard troubleshooting : no reply

  • I have done the setup as described in the wiki, but I get no response.

    Instead the following error:

    KODI-TV4:~ # connmanctl services

    *AO Wired ethernet_dca63226ebf3_cable

    * WireGuard VPN Tunnel vpn_kodi4_tv

    KODI-TV4:~ # connmanctl connect vpn_kodi4_tv

    Error /net/connman/service/vpn_kodi4_tv: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.


    my conf file looks like this:

    [provider_wireguard]

    Type = WireGuard

    Name = WireGuard VPN Tunnel

    Host = myname.dyndns.org

    Domain kodi4.tv

    WireGuard.Address = 192.168.6.6/24

    WireGuard.ListenPort =

    WireGuard.PrivateKey = ghgghh

    WireGuard.PublicKey = vhjjnbvv

    WireGuard.PresharedKey =

    WireGuard.DNS = 8.8.8.8

    WireGuard.AllowedIPs = 0.0.0.0/0

    WireGuard.EndpointPort = 45467

    WireGuard.PersistentKeepalive = 25

    Any ideas?

    Edited once, last by novalis (May 17, 2020 at 6:33 PM).

  • Hello,

    Having same issue.

    Having this configuration currently:

    When running connman I get this:

    Code
    $ connmanctl connect vpn_pl2_wireguard_mullvad_net_my_home_network
    
    Error /net/connman/service/vpn_pl2_wireguard_mullvad_net_my_home_network: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

    I ran connman with debug:

    This one is strange to me:

    Code
    connmand[8613]: Connect reply: Invalid arguments (net.connman.Error.InvalidArguments)

    I can add that I've tried with setting server IP instead of hostname, and removed IPv6 for local address as well, and tried few modification, always got same errors.

    Edited once, last by elgatito (May 17, 2020 at 6:53 PM).

  • This is a known issue. See Add Wireguard support.

    Additional it is reported that the default route is always set to the wireguard device.


    Just a thought for a workaround: use wireguard without connman.

    Do cp /etc/connman/main.conf /storage/.config/connman_main.conf and add ,wg to the NetworkInterfaceBlacklist line. Reboot.

    Then configure wireguard using the wg command.

    • Official Post

    I've reported the PresharedKey issue so that bad config handling can be improved. The routing issue remains unresolved. It's been reported but the main connman developer working on WireGuard has been offline for a while. He's resurfaced in the last week so hopefully we might see some progress.

  • I've reported the PresharedKey issue so that bad config handling can be improved. The routing issue remains unresolved. It's been reported but the main connman developer working on WireGuard has been offline for a while. He's resurfaced in the last week so hopefully we might see some progress.

    Maybe we can do something manually? Maybe manage routes after setting up the interface.

    • Official Post

    The challenge with routing is that connman manages the WireGuard interface, so you can make changes, and connman can simply overwrite them again. Connman support for WireGuard is still rather new and initial testing was limited to specific use-cases. Now that a wider audience started to use it other ways, we're sure to find some things that need code changes. I'm sure it will be resolved, but don't ask when.

  • Well I think bash is already installed.

    The busybox version though.

    Here is my .profile

    SHELL=/bin/bash

    PATH=/storage/bin:$PATH

    TERM=xterm-color

    exec bash & source /storage/.bashrc

  • Thank you very much for this. Connman also didnt work for me with

    Connect reply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (org.freedesktop.DBus.Error.NoReply)

    Your idea saves a day. Not sure, why connman doesnt work for me and some others, and for some yes. I dont use pre-shared key nor config line.

    Edited once, last by JimmySmith (July 1, 2020 at 5:38 AM).

  • I was almost considering to replace libreelec with osmc to get proper wireguard support, but this post saved my day. I didn't need to add wg0 to NetworkInterfaceBlacklist, everything just worked out of the box using `````wg command. I got a warning saying "AllowedIP has nonzero host part", but the routes were added perfectly, everything seems to work as expected. Thank you.

  • Here is the script I am using for manual bring up / tear down of wireguard interface.

    /storage/.config/system.d/wg0.service

    /storage/.config/wireguard/wg0.conf

    Code
    [Interface]
    ListenPort = 51820
    PrivateKey = XXXXXXXXXXXXXXX
    
    [Peer]
    PublicKey = XXXXXXXXXXXXXXX
    AllowedIPs = 10.1.1.0/24
    Endpoint = endpoint.hostname:31194
    PersistentKeepalive = 25

    Advantages over official connman method:

    • Doesn't hijack default route
    • Uses default wireguard config file format (except for the Address line)
    • It is OK to use a hostname instead of IP address for peer endpoint. Useful for dynamic IP endpoints.
    • Multiple wg interfaces can be configured.

    Disadvantages:

    • The IP address for wg interface is configured in a separate file
    • The route is added automatically by ip link set up dev wg0 command as long as both wg0.conf and wg0.service use /24 netmask (this is what I needed anyway). For some reason, when I use /32 or /0 netmask, the route is not added, but it should be relatively simple to add it manually.

    Edited once, last by ninze (September 10, 2021 at 8:53 AM).

  • I'm testing this method but i cant get my dns working. If I set it in wg0.conf i get an "Line unrecognized: DNS=". I have added my routes to the service file and they work.

    but how do I add the dns?