You are not logged in.
Hi !
I use NetworkManager with systemd-resolved as a back-end for DNS (set up with manual NextDNS DNS over TLS servers), and a Wireguard connection managed with nmcli.
Everything works pretty well together, I deleted the DNS line from the wireguard conf so that I could use NextDNS and Wireguard at the same time, which seems to work.
The only thing that doesn't work is the Wireguard nmcli connection.autoconnect setting. If I turn on autoconnect, there is no connection after a reboot until I run nmcli connection up <wg connection>, even though it is already "up".
I tried setting autoconnect.connection-priority higher for the Wifi connection, but that doesn't solve it.
I suppose this is a DNS issue, is there anyway I can force some kind of a delay for the Wireguard connection, so that it waits for the WiFi connection to be established ?
Thanks !
Last edited by Cvlc (2022-01-05 18:35:09)
Offline
What is the value of your autoconnect property in nmcli? Could you have mistyped it, e.g. "on" or "true" instead of "yes"? In my man page the autoconnect is described as a flag with possible values "yes" and "no". Oddly enough, the following command gives my a localized string for the value:
nmcli -f name,autoconnect c s
Offline
Good idea, but no, the settings are correct (I use tab to autocomplete values and settings with nmcli connection edit)
Offline
Perhaps something related to Loop routing or NM not leaving DNS alone?
Offline
Thanks for your answer. I tried installing systemd-resolvconf, although the wiki suggest this is not needed with NetworkManager, but it makes no difference.
I'd like to keep managing the Wireguard connection with NetworkManager (I hate installing redundant tools... ) so I don't see how the Loop routing article applies, it seems to apply to wg-quick. I'm way out of my comfort zone though at this point so maybe I missed something
I'm pretty sure this is related to the order in which things are done though, because simply waiting for the boot to be complete and then activating Wireguard works perfectly. So it must somehow be activated "too soon"
I'll try to check if disabling DNSoverTLS changes anything
Offline
Yes, try that. Also check whether you address the vpn server in the config with domain or IP address. Using an IP may work around.
If you get the autoconnect to work, compare the routes created by NM for the successful and failing cases with
ip route show
.
Offline
OK, did some testing.
If I remove the systemd-resolved ".conf" file that I use for encrypted DNS, then the system boots with a working connection + Wireguard connected, and the DHCP DNS servers.
So I guess it has to do with NM getting mixed up and starting the Wireguard connection before systemd-resolved is up and running...
I don't believe the encrypted DNS servers can be set in NetworkManager, and then pushed to systemd-resolved.. So I have to find a way to delay the Wireguard connection coming up. I'll look up the dispatcher scripts.
Offline
For anyone interested, I couldn't get it to work with dispatcher scripts, but I got it to work with the wg-quick systemd service.
Offline
How?
Offline
Hi,
I just enabled the service, and it gets properly activated after the network is up.
I've disabled it again since though, because it breaks connecting to public WiFi networks requiring some form of login
Offline