i regret my earlier post. i should have done more testing before suggestion success.
connman reports a successful connect, and wg also shows a successful connection, but it looks like traffic isn't getting routed at all (except to/from the local non-vpn subnet) when i use fqdn in the wireguard config. everything works as expected when using my public ip.
wg:
interface: wg0
public key: priv_key_b64=
private key: (hidden)
listening port: 51173
peer: peer_b64=
preshared key: (hidden)
endpoint: correctly.resolved.public.ip:51820
allowed ips: 0.0.0.0/0
latest handshake: 5 minutes, 26 seconds ago
transfer: 92 B received, 80.49 GiB sent # 84GB wtf? just noticing that...
persistent keepalive: every 25 seconds
ip route:
default dev wg0 scope link
x.x.0.0/24 dev eth0 scope link src x.x.0.200
x.x.0.1 dev eth0 scope link
255.255.255.255 via x.x.0.1 dev eth0
the above is the not working / fqdn setup. below is when using the ip in the config:
wg:
interface: wg0
public key: priv_key_b64=
private key: (hidden)
listening port: 49471
peer: peer_b64=
preshared key: (hidden)
endpoint: same.ip.as.above:51820
allowed ips: 0.0.0.0/0
latest handshake: 2 seconds ago
transfer: 124 B received, 180 B sent
persistent keepalive: every 25 seconds
ip route:
default dev wg0 scope link
that.same.public.ip via x.x.0.1 dev eth0
x.x.0.0/24 dev eth0 scope link src x.x.0.200
x.x.0.1 dev wg0 scope link
x.x.0.1 dev eth0 scope link
so it seems i have post-up routing issues.
i'm use the exact same config and toggle the Hostvalue:
[provider_wireguard]
Type = WireGuard
Name = WireGuard (Home)
# Host = my.fqdn.tld
Host = same.ip.youve.seen
WireGuard.Address = y.y.0.3/32
WireGuard.PrivateKey = priv_key_b64=
WireGuard.PublicKey = pub_key_b64=
WireGuard.PresharedKey = psk_b64=
WireGuard.DNS = x.x.0.1
WireGuard.AllowedIPs = 0.0.0.0/0
WireGuard.EndpointPort = 51820
WireGuard.PersistentKeepalive = 25
i'm using LibreELEC-RPi5.aarch64-12.90.1.img.gz as it was the most recent pi5 build i could find in the [testing dir](https://chewitt.libreelec.tv/testing)