Posts by chemical1979

    Thanks, I managed to work around with that issue by just sleeping for 5 seconds before starting with wireguard stuff upon boot. This works for me. I also tried with some other dependencies (connman.service, bluetooth.service), but that did not help. I guess I could restore the defaults there ...

    I am still wondering why this move-after has to be executed twice (for me). On the other side of the LibreElec this also not helps in every case, he sometimes need to stop / start wireguard.service several times until it works.

    Thanks for getting back. The move-after has to be executed twice to work for me:

    As you can see, the second move-after actually changed the Interface of the default route. So I adopted the service-file:

    This way, it works. But I'm not sure why.

    Anyway, the service does not come up during boot. How can I troubleshoot this? systemctl status wireguard shows some weird errors (the wrong timestamps seem to be the case as this service gets started before the time was fixed - maybe this is also the problem here, it gets started too early?):

    If I login with root and "systemctl stop wireguard" and "systemctl start wireguard" it seems to work.

    Any ideas?

    Hello Team,

    Thanks for implementing wireguard in the latest release of LibreElec!

    I followed the example from here and here

    I tried to replace my site-to-site VPN from the addon tinc to wg, but somehow it keeps replacing the default route from eth0 to wg0 even though the AllowedIPs is limited to the remote subnet. If I connmanctl disconnect <vpnname> it properly restores the former default route.

    I'm not sure where to look. This is the config file ~/.config/wireguard/wireguard.config:

    I understood from the docs, that wg would only set the default route to the tunnel, if AllowedIPs would be 0.0.0.0/0 - but it isn't.

    After connmanctl connect, the route table looks like this (the other side of the wg-end is not yet configured, so don't mind the missing route for the target subnet):

    The output of wg correctly limits to the configured target subnet.

    After "connmanctl disconnect <vpnname>" the ip route looks like this:

    Code
    ~/.config/wireguard # ip route
    default via 192.168.110.100 dev eth0
    192.168.110.0/24 dev eth0 scope link  src 192.168.110.15
    192.168.110.100 dev eth0 scope link
    255.255.255.255 via 192.168.110.100 dev eth0


    I do not understand why it replaced the default route to wg0, the config file does not tell it to do so. Is this maybe a temporary state until the tunnel is established? Because that is not the case at this moment.

    Can someone give me a hint where to look?

    EDIT: I found there is a file ~/.cache/connman/<vpnname>/settings, which contains this line:

    SplitRouting=false

    This probably has something to do with it. I can not set it to "true", because it gets overwritten automatically by some other mechanism as soon as I "connmanctl connect <vpnname>". This mechanism probably is hardcoded to forcetunnel (route 0.0.0.0/0) into wireguard, isn't it?