WireGuard prevents Kodi to start if wifi changes

cyr06 · May 6, 2025 at 6:17 AM

Hi All

I followed this to configure WireGuard

https://wiki.libreelec.tv/configuration/wireguard

It works like a charm I thank the team for that

But when my wifi connection changes, the boot sequence stops on the LibreElec startup screen. ( before kodi).
I think WireGuard is trying to start but there is no network.

Is it possible to set a timeout somewhere to stop WireGuard in that case ?

Then I will be able to change the wifi setup and restart to have a nice boot sequence.

Thanks

Cyril

cyr06 · May 6, 2025 at 1:20 PM

I think the key is in the /storage/.config/systemd/wireguard.service file. But I'm not systemd fluent

the manuel says

Code

[Unit]
Description=WireGuard VPN Service
After=network-online.target nss-lookup.target wait-time-sync.service connman-vpn.service
Before=kodi.service

The original file says

Code

[Unit]                                                                                                                                 Description=WireGuard VPN Service                                                                                                      After=network-online.target nss-lookup.target connman-vpn.service time-sync.target                                                     Wants=network-online.target nss-lookup.target connman-vpn.service time-sync.target

in both cases if network fails, kodi never shows

if I use

After=network-online.target nss-lookup.target connman-vpn.service time-sync.target kodi.service

Kodi shows but wireguard doesn't seems to start

Do you have any clue ?

Thank you

**mglae** · May 6, 2025 at 4:06 PM

Remove time-sync.target from the original dependencies.

cyr06 · May 6, 2025 at 6:08 PM

when I remove time-sync.target from the Wants line, indeed Kodi starts without any network connection

Unfortunately , the wireguard connection never starts automatically when I have a network

**mglae** · May 6, 2025 at 10:36 PM

Try increasing the wait for network timeout in LE settings.

System Log requited if no improvement.

**chewitt** · May 7, 2025 at 4:43 AM

WireGuard uses symetric keys for encryption but other elements of the protocol like handshaking and key-rotation that are essential for perfect-forward secrecy are time-based: thus the host needs to have correct time before starting, and on most LE devices correct time is obtained via NTP, so removing the time-sync.target dependency would be wrong.

If "when my wifi connection changes" means you have a poor wifi signal resulting in disconnects or failure to connect? the correct solution is always going to be fixing the poor signal.

cyr06 · May 7, 2025 at 6:35 AM

Thank you for this info about time sync. The problem is when I change the wifi password for instance or if I put it in a new place with a différent ssid

The only solution is a rj45 cable for now

cyr06 · May 7, 2025 at 5:59 PM

I found this workaround, not the smartest but it works if the network connection starts before 55 sec, I will try that until I find a better solution

Code

[Unit]                                                                                                                                 Description=WireGuard VPN Service                                                                                                      #After=network-online.target nss-lookup.target connman-vpn.service time-sync.target                                                    #Wants=network-online.target nss-lookup.target connman-vpn.service time-sync.target                                                                                                                                                                                           [Service]                                                                                                                              Type=forking                                                                                                                           RemainAfterExit=yes                                                                                                                    ExecStartPre=/usr/bin/sleep 55                                                                                                         ExecStart=/usr/bin/connmanctl connect vpn_XX_XX_XX_XX_XX                                                                                 ExecStop=/usr/bin/connmanctl disconnect vpn_XX_XX_XX_XX_XX                                                                         TimeoutSec=60                                                                                                                                                                                                                                                                 [Install]                                                                                                                              WantedBy=multi-user.target

**mglae** · May 7, 2025 at 6:35 PM

time-sync.target is an overkill.

When removed there is still the dependency chain network-online.target -> kodi-waitonnetwork.service.

kodi-waitonnetwork.service is implemented as wait for time-sync with timeout. Using this with a larger timeout configured (default is 10sec) e.g. 60sec will very likely connect to wireguard if there is a network but also start kodi after the timeout without.

cyr06 · May 7, 2025 at 6:48 PM

That seems indeed smarter

Could you give an example how to set this timeout ?

Many many Thanks