Failed to start wg-quick@wgnet_wgvpn0.service - WireGuard via wg-quick(8)

Zitat von 1Googol

This actually makes sense to me because I noticed that resolvconf has been removed during the OMV install. If you remove resolvconf, wg-quick up wgnet_wgvpn0 will fail. But I can't reinstall resolvconf since this will break OMV.

Am I right? Or where did anything go wrong?

I'm afraid the problem is not with OMV7 since this also happens in OMV6.

The source of the problem is that OMV uses systemd-resolved so the resolvconf package is not installed on the system. wg-quick needs resolvconf for DNS configurations on wireguard network interfaces as can be seen here https://github.com/WireGuard/w…r/src/wg-quick/linux.bash

Therefore if you configure a DNS configuration in a tunnel you will get an error since the plugin is configuring the tunnel using wg-quick and this script fails at that point.

I assume that it is not just a problem with custom tunnels but that it is also affecting the standard tunnels that the plugin configures if any DNS configuration is established.

The solution that could be applied to the plugin to resolve this on a system with systemd-resolved is explained here https://www.procustodibus.com/…d-dns-config-for-systemd/

ryecoaaron maybe this can be implemented in wireguard plugin.

On the other hand OMV also uses netplan, and I'm not sure if it affects all of this in any way.

Zitat von chente

maybe this can be implemented in wireguard plugin.

What is the dns server field in the client config for then? I am using wireguard on my phone specifically to route my internet traffic and dns through my home network. It works well.

Zitat von chente

On the other hand OMV also uses netplan, and I'm not sure if it affects all of this in any way.

netplan is a manager and OMV is using systemd-networkd for networking through netplan. You can see that in the netplan yaml:

$ sudo cat /etc/netplan/10-openmediavault-default.yaml

network:

version: 2

renderer: networkd

wireguard has resolvconf as a suggested (not recommended or required) package.

Zitat von ryecoaaron

What is the dns server field in the client config for then? I am using wireguard on my phone specifically to route my internet traffic and dns through my home network. It works well.

There is no problem in the client configuration. The only thing the plugin does is generate a configuration file (and a QR that says the same thing) to make it easier for the client to configure their Wireguard network interface with that file. Once that file is generated, the plugin does not establish any DNS configuration even if that parameter has been established in the GUI, it is only generated for the client to use.

The problem arises if you configure a DNS on the server's network interface, in that case the plugin configures the network interface with those parameters. This is when wg-quick and the resolvconf package come into play.

Zitat von ryecoaaron

netplan is a manager and OMV is using systemd-networkd for networking through netplan. You can see that in the netplan yaml:

$ sudo cat /etc/netplan/10-openmediavault-default.yaml

network:

version: 2

renderer: networkd

Ok, so I guess it doesn't affect it at all.

Zitat von ryecoaaron

wireguard has resolvconf as a suggested (not recommended or required) package.

I guess that's because you don't always need to set DNS on the server (I never do). If you need to establish a DNS on the server you need that packet, otherwise you don't need it.

It would be necessary to think exactly what the purpose of configuring a DNS on the server is, since the only usefulness I see is for the "server" to be able to consult the DNS in the Wireguard tunnel peer, in this case the "client". I don't know in what use cases this is useful.

I can't find any reason you couldn't install resolvconf if you need it. OMV itself isn't conflicting with it. I didn't test it though.

Zitat von ryecoaaron

I can't find any reason you couldn't install resolvconf if you need it. OMV itself isn't conflicting with it. I didn't test it though.

If it is not going to cause problems, you could install resolvconf as a dependency of the wireguard plugin and the problem will be solved.

Zitat von chente

you could install resolvconf as a dependency of the wireguard plugin and the problem will be solved.

I would rather not since it doesn't seem resolvconf is needed in most cases and I would have to test many things to determine it won't cause problems (which I don't have time for or even know all the wireguard use cases).

Zitat von ryecoaaron

I would rather not since it doesn't seem resolvconf is needed in most cases and I would have to test many things to determine it won't cause problems

If you prefer, we can resolve it with a clarification in the documentation. I can say something like this: If someone needs to set DNS in a custom tunnel configuration they should install the resolvconf package.

Zitat von ryecoaaron

which I don't have time for or even know all the wireguard use cases

This is actually the first time I've seen this problem on the forum. I guess it's not a common use case.

The only possibility I can think of where it might be useful is if you set up a custom tunnel in the plugin in order to connect to another server and also need DNS to be resolved from there. Something similar to what a "client" would be (although it is not correct to call it that, wireguard connections are peer to peer, not client-server) in the standard configuration of the plugin.

Zitat von chente

If you prefer, we can resolve it with a clarification in the documentation. I can say something like this: If someone needs to set DNS in a custom tunnel configuration they should install the resolvconf package.

I think this is a the best solution.

Zitat von ryecoaaron

I think this is a the best solution.

OK I will do like that. Possibly I will also add a link to the procustodibus website where alternative solutions are given, as the OP did in this case.

Zitat von 1Googol

apt install resolvconf, and log below, you can see it remove something about OMV, I don't it is matter or not.

install_resolvconf_log.txt

And another problem is 403 Forbidden, see screenshot below, notice my hostname ip is 192.168.1.8

If installing resolvconf is uninstalling OMV like your output says, that would be a major problem. I just don't know why it is. I just installed it on my omv 6.x dev system that I use for wireguard and it had no issues. There is nothing in the OMV control file saying it conflicts with resolvconf. I'm guessing you have something installed?

The hardware isn't the problem. And I thought you were trying to install OMV 6.x. OMV 7.x depends on systemd-resolved which does conflict with resolvconf. I don't have a solution for this.

Zitat von ryecoaaron

OMV 7.x depends on systemd-resolved which does conflict with resolvconf. I don't have a solution for this.

In that case we cannot add the installation of this package as a solution. That solution would last a short time.

The alternative is to configure using systemd-resolved as stated here. https://www.procustodibus.com/…d-dns-config-for-systemd/

I could mention it in the documentation and put the link.

This is really a minority use case, I would say.

Zitat von chente

The alternative is to configure using systemd-resolved as stated here. https://www.procustodibus.com/…d-dns-config-for-systemd/

I still wonder if this will conflict with the network configuration in the OMV database.

As long as you avoid the "Avoid DNS Settings From DHCP" section, everything else is wireguard config changes. I don't see how this would cause problems for OMV.

Zitat von ryecoaaron

As long as you avoid the "Avoid DNS Settings From DHCP" section, everything else is wireguard config changes. I don't see how this would cause problems for OMV.

This part https://www.procustodibus.com/…md/#override-dns-globally sets a postup in the tunnel configuration to modify the systemd-resolved configuration. OMV will not be aware of this change.

PostUp = resolvectl dns %i 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net; resolvectl domain %i ~.