You are not logged in.
- Topics: Active | Unanswered
#1 2021-11-26 15:44:23
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 273
[SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
Hi !
I use NetworkManager with systemd-resolved as a back-end for DNS (set up with manual NextDNS DNS over TLS servers), and a Wireguard connection managed with nmcli.
Everything works pretty well together, I deleted the DNS line from the wireguard conf so that I could use NextDNS and Wireguard at the same time, which seems to work.
The only thing that doesn't work is the Wireguard nmcli connection.autoconnect setting. If I turn on autoconnect, there is no connection after a reboot until I run nmcli connection up <wg connection>, even though it is already "up".
I tried setting autoconnect.connection-priority higher for the Wifi connection, but that doesn't solve it.
I suppose this is a DNS issue, is there anyway I can force some kind of a delay for the Wireguard connection, so that it waits for the WiFi connection to be established ?
Thanks !
Last edited by Cvlc (2022-01-05 18:35:09)
Offline
#2 2021-11-27 17:26:07
- roccobaroccoSC
- Member
- Registered: 2021-10-04
- Posts: 16
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
What is the value of your autoconnect property in nmcli? Could you have mistyped it, e.g. "on" or "true" instead of "yes"? In my man page the autoconnect is described as a flag with possible values "yes" and "no". Oddly enough, the following command gives my a localized string for the value:
nmcli -f name,autoconnect c sOffline
#3 2021-12-01 21:35:14
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 273
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
Good idea, but no, the settings are correct (I use tab to autocomplete values and settings with nmcli connection edit)
Offline
#4 2021-12-04 21:22:53
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,429
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
Perhaps something related to Loop routing or NM not leaving DNS alone?
Offline
#5 2021-12-04 23:33:10
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 273
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
Thanks for your answer. I tried installing systemd-resolvconf, although the wiki suggest this is not needed with NetworkManager, but it makes no difference.
I'd like to keep managing the Wireguard connection with NetworkManager (I hate installing redundant tools... ) so I don't see how the Loop routing article applies, it seems to apply to wg-quick. I'm way out of my comfort zone though at this point so maybe I missed something 
I'm pretty sure this is related to the order in which things are done though, because simply waiting for the boot to be complete and then activating Wireguard works perfectly. So it must somehow be activated "too soon"
I'll try to check if disabling DNSoverTLS changes anything
Offline
#6 2021-12-05 09:41:30
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,429
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
Yes, try that. Also check whether you address the vpn server in the config with domain or IP address. Using an IP may work around.
If you get the autoconnect to work, compare the routes created by NM for the successful and failing cases with
ip route show.
Offline
#7 2021-12-15 19:04:07
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 273
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
OK, did some testing.
If I remove the systemd-resolved ".conf" file that I use for encrypted DNS, then the system boots with a working connection + Wireguard connected, and the DHCP DNS servers.
So I guess it has to do with NM getting mixed up and starting the Wireguard connection before systemd-resolved is up and running...
I don't believe the encrypted DNS servers can be set in NetworkManager, and then pushed to systemd-resolved.. So I have to find a way to delay the Wireguard connection coming up. I'll look up the dispatcher scripts.
Offline
#8 2022-01-05 18:36:55
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 273
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
For anyone interested, I couldn't get it to work with dispatcher scripts, but I got it to work with the wg-quick systemd service.
Offline
#9 2022-05-29 17:51:46
- jal
- Member
- Registered: 2015-04-23
- Posts: 37
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
How?
Offline
#10 2022-05-29 18:14:31
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 273
Re: [SOLVED] DNS over TLS + Wireguard / systemd-resolved + NetworkManager
Hi,
I just enabled the service, and it gets properly activated after the network is up.
I've disabled it again since though, because it breaks connecting to public WiFi networks requiring some form of login
Offline