You are not logged in.
Hello,
I have registered an account with VPN service provider IVPN.
Then I started WireGuard configuration using systemd-networkd based on Arch wiki.
However, I cannot ping DNS server 10.0.254.2 provided by IVPN.
This drives the conclusion that WireGuard VPN connection is not working correctly.
Here's my current systemd-networkd configuration files:
$ cat 30-wg0.netdev
[NetDev]
Name=wg0
Kind=wireguard
Description=WireGuard Client Desktop PC
[WireGuard]
PrivateKeyFile=/etc/systemd/network/wg-private.key
[WireGuardPeer]
PublicKey=mS3/WpXjnMAMmXjSpd4nFzx9HSE3ubv2WyjpyH2REgs=
AllowedIPs=0.0.0.0/0
AllowedIPs=::/0
Endpoint=185.102.219.26:58237
PersistentKeepalive=25
$ sudo cat 31-wg0.network
[Match]
Name=wg0
[Network]
Address=172.30.xxx.xxx/32
Address=fd00:4956:504e:xxxx::xxxx:xxxx/128
DNSDefaultRoute=falseFortunately there are AUR packages available that install CLI / UI client tools for IVPN: ipvn and ivpn-ui.
Using ivpn-ui is working w/o problems.
This means, there's no issue with router settings, firewall, IVPN.
Instead, the root cause must be related to my systemd-networkd configuration files.
For the root cause analysis I started to collect some network related data after starting a VPN connection using ivpn-ui.
ip aip rwgresolvectl statusnetworkctlnetworkctl status <wg-interface>ping -c 3 10.0.254.2systemd-resolve ivpn.netThe comparison of the output of these commands is showing only these differences:
$ networkctl
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp5s0 ether no-carrier configuring
3 enp4s0 ether enslaved configured
4 br0 bridge routable configured
12 wgivpn wireguard routable unmanaged
5 links listed.
$ networkctl list
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp5s0 ether no-carrier configuring
3 enp4s0 ether enslaved configured
4 br0 bridge routable configured
21 wg0 wireguard routable configured
5 links listed.$ networkctl status wgivpn
● 12: wgivpn
Link File: /usr/lib/systemd/network/99-default.link
Network File: n/a
Type: wireguard
Kind: wireguard
State: routable (unmanaged)
Online state: unknown
Driver: wireguard
MTU: 1420 (max: 2147483552)
QDisc: noqueue
IPv6 Address Generation Mode: none
Queue Length (Tx/Rx): 1/1
Address: 172.19.xxx.xxx
Activation Policy: up
Required For Online: yes
Jun 26 13:36:45 homer systemd-networkd[8526]: wgivpn: Link UP
Jun 26 13:36:45 homer systemd-networkd[8526]: wgivpn: Gained carrier
$ sudo networkctl status wg0
● 21: wg0
Link File: /usr/lib/systemd/network/99-default.link
Network File: /etc/systemd/network/31-wg0.network
Type: wireguard
Kind: wireguard
State: routable (configured)
Online state: online
Driver: wireguard
MTU: 1420 (max: 2147483552)
QDisc: noqueue
IPv6 Address Generation Mode: none
Queue Length (Tx/Rx): 1/1
Address: 172.30.xxx.xxx
fd00:4956:504e:xxxx::xxxx:xxxx
Activation Policy: up
Required For Online: yes
Jun 26 15:06:11 homer systemd-networkd[8526]: wg0: netdev ready
Jun 26 15:06:11 homer systemd-networkd[8526]: wg0: Configuring with /etc/systemd/network/31-wg0.network.
Jun 26 15:06:11 homer systemd-networkd[8526]: wg0: Link UP
Jun 26 15:06:11 homer systemd-networkd[8526]: wg0: Gained carrier$ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: foreign
Current DNS Server: 10.0.254.2
DNS Servers: 10.0.254.2
Fallback DNS Servers: 127.0.0.1 ::1
Link 2 (enp5s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Link 3 (enp4s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Link 4 (br0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 192.168.100.249
DNS Servers: 192.168.100.249
Link 12 (wgivpn)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
$ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
resolv.conf mode: stub
Current DNS Server: 10.0.254.2
DNS Servers: 10.0.254.2
Fallback DNS Servers: 127.0.0.1 ::1
Link 2 (enp5s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Link 3 (enp4s0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Link 4 (br0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 192.168.100.249
DNS Servers: 192.168.100.249
Link 21 (wg0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported$ systemd-resolve ivpn.net
ivpn.net: 2607:5300:203:1735::8888 -- link: wgivpn
198.50.177.216 -- link: wgivpn
-- Information acquired via protocol DNS in 62.1ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: network
$ systemd-resolve ivpn.net
ivpn.net: 198.50.177.216 -- link: br0
2607:5300:203:1735::8888 -- link: br0
-- Information acquired via protocol DNS in 20.8ms.
-- Data is authenticated: no; Data was acquired via local or encrypted transport: no
-- Data from: cache networkOne finding is that for name resolution link br0 is used; I would have expected wg0 here.
Another finding is output of
networkctl status <wg-interface> showing this value for parameter State: routable (configured)
And this finding in output of
resolvectl statusshowing this value for parameter resolv.conf mode: stub
These findings are all related to DNS and to the issue ping fail:
$ ping -c 3 10.0.254.2
PING 10.0.254.2 (10.0.254.2) 56(84) Bytes an Daten.
--- 10.0.254.2 ping-Statistik ---
3 Pakete übertragen, 0 empfangen, 100% packet loss, time 2034msCould you please advise how to fix this issue?
THX
Offline