ಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)16h ago

Has anyone gotten a WireGuard VPN setup to work using systemd's netdev and network files (rather than wg-quick@ template units)?

#AskFedi #Linux #Systemd #Debian #WireGuard #VPN

Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)16h ago

I mainly need the client side config b/c I'm using a commercial VPN (Proton).

In the netdev, I have the [NetDev] section (Name and Kind), [WireGuard] section (PrivateKey), and [WireGuardPeer] section (PublicKey, AllowedIPs, and Endpoint). In the network, I have the [Match] section (Name), [Network] section (Address, DNS, and Domains=~.), and [Route] section (Gateway, manually added when debugging). Also ActivationPolicy=manual for now.

Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)16h ago
DNS resolution goes through the VPN, but I think the routing is off (as verified by looking at the routing tables with `ip route show table all` with wg-quick@ and with networkd). Just not sure how to fix it!
Show threadslubman

@chiraag Have you tried with `ip route get <IP address>` to see what’s the route used to access said IP address ?

On the client side, when I need to use the VPN for all outgoing traffic, I have no '[Route]` section.

5:01pmWeb
Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)15h ago
@slubman When I did that, everything just went through the actual interface, not WireGuard. When I enable that [Route] section, it just spins and spins without actually loading anything.
Show threadslubman15h ago
@chiraag What did you put in the `AllowedIPs` for your `[WireguardPeer]` ?
Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)15h ago
@slubman AllowedIPs = 0.0.0.0/0
Show threadslubman15h ago
@chiraag I didn’t know of the ActivationPolicy option, but with it set to manual, did you bring the interface up ?
Show threadಚಿರಾಗ್ 🌹✊🏾Ⓥ🌱🇵🇸 (he/him)15h ago
@slubman Yup!