installed resolvconf, lost internet connection

  • TL;DR: If you have broken your OMV machine's internet connection by manually installing resolvconf,

    uninstall resolvconf

    run: omv-salt deploy run systemd-networkd


    then, slap yourself on the wrist for messing with the underlying system and try to do things through the OMV interface in the future.


    Original Message:


    Hello folks. First, thanks for your wonderful work on OMV; I've enjoyed learning how to use it. Now I think I'm over my head and so I thought I should ask for help before I continue to make matters worse. I just recently did a fresh install of OMV 6, set up data shares and installed a few plugins with no problems.


    I would like to have OMV access the internet through SurfShark, a VPN provider. I got the Wireguard plugin installed and a custom configuration following guides from wireguard and surfshark. When I tried to activate it, though, I got an error:



    After some reading, I conclude that the problem is that SurfShark has DNS leak protection and specifies a DNS line in the configuration file (which I can provide if it would be helpful). In what I now believe to be an error, I installed resolveconf through the CLI.


    I've now lost internet connection on OMV: a CLI ping to http://www.google.com returns "name or service not known". I was never able to activate WireGuard, so I think the problem lies with my installation of resolvconf. My instinct is to uninstall it, then remove the DNS leak prevention from the Wireguard custom config file (just for testing-- I prefer to have it working ultimately), and see if I can activate.


    But I think I need to stop and get help since my resolutions so far have made the problem worse. I'm not really all that technical anymore.


    If I can't ultimately use SurfShark DNS leak protection through the plugin, I have in the back of my mind that I could run it in a docker container, or, failing that, then on a router.


    Thanks in advance for any assistance.

    System:

    6.9.11-3 (Shaitan)

    Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Linux 6.1.0-0.deb11.13-amd64

    plugins: omv-extras, anacron, autoshutdown, compose, cputemp, filebrowser, snapraid, usbbackup, wakealarm, wireguard

    Edited once, last by 1potato ().

  • KM0201

    Approved the thread.
  • The omv wireguard plugin is for setting up your own incoming vpn, not an outgoing connection to another vpn provider.


    Why are you wanting to place the entire server on a vpn like that. The only thing omv itself does it to check for updates at the debian and omv repos. It is a server designed to have other things connect to it, not a workstation that is out crawling around the net. Putting it on a vpn may likely cause connectivity problems for your systems that are trying to connect to it.


    If however you are trying to run a vm via the kvm plugin that you are using to do things on the internet and you want that to connect to a vpn provider, that that should not cause you an issue as long as it is the vm with the vpn connection and not the omv host system.


    Also, messing with the OMV host system will break things as you have just discovered I would suggest that you either undo what you have done or if you can't restore from a backup of start with a fresh install, and stop messing with the underlying OS.


    I made mistakes with omv too when I started with it back in V2 or V3, figuring I could treat it like a regular linux workstation, amd like you, I made a couple of mistakes and had to start over again and re-think what I was trying to do.


    You could indeed do something via a docker and http proxy kind of setup, I do this to let me use a regular old firefox browser on a vpn client I run via docker (a combo of qbittorrent-vpn and tinyproxy) by using the proxy settings in that browser. You would have to set the proxy settings on anything you want to use it.


    If you are thinking bigger picture though, a router would automatically handle anything behind it without making settings on the clients. Don't be surprised if you loose some bandwidth though. VPN's are usually slower than what many people have for internet from their ISP, and even if they are the same speed, the encryption will take a small bite out of your speed.

    • Official Post

    The omv wireguard plugin is for setting up your own incoming vpn, not an outgoing connection to another vpn provider.

    This is not correct. The connections are incoming and outgoing, otherwise there is no communication. The standard configuration of a "client" in the plugin can make it appear that Wireguard works as a "server" in the plugin. But Wireguard actually establishes peer-to-peer connections. In Wireguard there are no servers and clients. A server can be understood as one that establishes connections with several "clients" at the same time in the same network range, but it is still the same configuration in the "client" and in the "server".

    The limitation on configuring certain interface parameters when using the standard configuration of a network interface in the plugin is resolved by the custom configuration. Custom configuration allows you to establish any type of Wireguard connection with the freedom to configure any parameter. Therefore it allows you to establish a connection with any commercial VPN provider.

  • This is not correct. The connections are incoming and outgoing, otherwise there is no communication. The standard configuration of a "client" in the plugin can make it appear that Wireguard works as a "server" in the plugin. But Wireguard actually establishes peer-to-peer connections. In Wireguard there are no servers and clients. A server can be understood as one that establishes connections with several "clients" at the same time in the same network range, but it is still the same configuration in the "client" and in the "server".

    The limitation on configuring certain interface parameters when using the standard configuration of a network interface in the plugin is resolved by the custom configuration. Custom configuration allows you to establish any type of Wireguard connection with the freedom to configure any parameter. Therefore it allows you to establish a connection with any commercial VPN provider.

    Yes connections have 2-way traffic. That goes without saying. I also know WireGuard is not a true client/server and more peer to peer service but the plug-in is designed for listening for incoming connections from “clients” wishing to connect not for establishing a connection to a provider. Configuring it to do so requires editing files that can break things as the OP has found out.


    You are referring to what WireGuard is in general and not the way the plug-in is designed to work.

    • Official Post

    but the plug-in is designed for listening for incoming connections from “clients” wishing to connect not for establishing a connection to a provider

    The plugin has had a custom configuration section for a few months now that allows you to configure a tunnel with the parameters you want. Then you can set up a tunnel to connect to a provider. https://wiki.omv-extras.org/do…gement_of_a_custom_config

  • The plugin has had a custom configuration section for a few months now that allows you to configure a tunnel with the parameters you want. Then you can set up a tunnel to connect to a provider. https://wiki.omv-extras.org/do…gement_of_a_custom_config

    Fair enough. That is a recent addition I was not aware of.


    It still doesn’t change the fact that if you need to do something like the OP was trying, editing config files that this section does not give you access to, you can easily break things.

    • Official Post

    Fair enough. That is a recent addition I was not aware of.

    It was made precisely to facilitate these types of connections. Now you can establish any type of tunnel.

    It still doesn’t change the fact that if you need to do something like the OP was trying, editing config files that this section does not give you access to, you can easily break things.

    That's how it is.

  • Thank you everyone!


    I did this:

    You can try to fix the issue by uninstalling resolveconf and then running omv-salt deploy run systemd-networkd.

    and the internet connection on the server is restored. I would not have been able to figure out the omv-salt... etc part; thank you for the advice.


    I was also able to install some updates through the OMV interface, so I know it's connected. However, when I (for example) check for new updates through the interface, I get an error:

    Should I be concerned?

    System:

    6.9.11-3 (Shaitan)

    Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Linux 6.1.0-0.deb11.13-amd64

    plugins: omv-extras, anacron, autoshutdown, compose, cputemp, filebrowser, snapraid, usbbackup, wakealarm, wireguard

    • Official Post

    I get an error:

    remove the cdrom line from you /etc/apt/sources.list

    omv 7.1.1-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.1 | k8s 7.1.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.8


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Regarding WireGuard/VPN, this is exactly the process I followed:


    The plugin has had a custom configuration section for a few months now that allows you to configure a tunnel with the parameters you want. Then you can set up a tunnel to connect to a provider. https://wiki.omv-extras.org/do…gement_of_a_custom_config

    I believe my failure was due to the DNS issue, but I'm haven't done much networking since the '90s, so I could be wrong. Apparently thing have changed a little since then.

    Fair enough. That is a recent addition I was not aware of.


    It still doesn’t change the fact that if you need to do something like the OP was trying, editing config files that this section does not give you access to, you can easily break things.

    ...

    I made mistakes with omv too when I started with it back in V2 or V3, figuring I could treat it like a regular linux workstation, amd like you, I made a couple of mistakes and had to start over again and re-think what I was trying to do.


    Yes, this is exactly what I learned the hard way :D I've used Debian for many years and thought I could handle it. I guess if I can't accomplish something through the OMV interface I'll just come ask for help rather than start trying to mess with the system.


    As for the strategic questions, I want to put the entire server behind the VPN for a few reasons. First, my ISP is a sleazy snoop that sticks its nose where it doesn't belong. Second, I have this grand network plan for the whole house that I thought I could accomplish if I can get the OMV server behind the VPN. I've been using a VPN for quite some time on my workstation, but now I'd like to get the entire house behind it. I intend to configure docker, and I'd certainly be open to alternative suggestions, but my initial reading lead me to think I could do it through the OMV wireguard plugin's custom configuration.


    I really don't think this use case is that uncommon these days; it might not hurt to figure out whether it's possible or not and do a guide. If not, maybe we could determine the best approach for posterity?

    System:

    6.9.11-3 (Shaitan)

    Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Linux 6.1.0-0.deb11.13-amd64

    plugins: omv-extras, anacron, autoshutdown, compose, cputemp, filebrowser, snapraid, usbbackup, wakealarm, wireguard

  • remove the cdrom line from you /etc/apt/sources.list


    Just to clarify, I should do this through the CLI or ssh, correct? There's no file configuration through the OMV iterface, is there? Now I'm wary :D

    System:

    6.9.11-3 (Shaitan)

    Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Linux 6.1.0-0.deb11.13-amd64

    plugins: omv-extras, anacron, autoshutdown, compose, cputemp, filebrowser, snapraid, usbbackup, wakealarm, wireguard

    • Official Post

    I should do this through the CLI or ssh, correct?

    Yes.

    omv 7.1.1-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.1 | k8s 7.1.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.8


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Yes.

    Perfect, thank you so much for your help. Everything is back to before I messed with the system. I'll mark it solved. I could still use help with the VPN, but that might be a thread of its own.

    System:

    6.9.11-3 (Shaitan)

    Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Linux 6.1.0-0.deb11.13-amd64

    plugins: omv-extras, anacron, autoshutdown, compose, cputemp, filebrowser, snapraid, usbbackup, wakealarm, wireguard

  • 1potato

    Added the Label resolved
    • Official Post

    I believe my failure was due to the DNS issue, but I'm haven't done much networking since the '90s, so I could be wrong. Apparently thing have changed a little since then.

    I could still use help with the VPN, but that might be a thread of its own.

    I wouldn't know how to help you with this with the information you have provided. What are the requirements of that VPN provider?

  • I am using SurfShark, which provides a custom configuration file for WireGuard:



    I cp the contents into the custom configuration settings for the wireguard plugin and applied changes.


    When activating, OMV returns an error:


    When I comment out the line

    Code
    # DNS = 162.252.172.57, 149.154.159.92

    then save and apply changes, I am able to activate.

    after a ping, wg show at the command line gives me a successful handshake.


    So I think the problem lies somewhere between OMV's handling of DNS, and Sufshark's DNS leak protection. It is worth noting that I am using this same configuration on another machine with no issues. That doesn't rule out my ISP's router/modem, though, since OMV is on a static IP with its own settings.


    If you have any advice, I'd love to hear it. Otherwise, I think I can survive without the DNS leak protection, at least until I find a solution.

    System:

    6.9.11-3 (Shaitan)

    Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Linux 6.1.0-0.deb11.13-amd64

    plugins: omv-extras, anacron, autoshutdown, compose, cputemp, filebrowser, snapraid, usbbackup, wakealarm, wireguard

    • Official Post

    When I comment out the line

    Code
    # DNS = 162.252.172.57, 149.154.159.92

    then save and apply changes, I am able to activate.

    after a ping, wg show at the command line gives me a successful handshake.

    4 days ago there was a report on github about a bug possibly related to this issue. I'm not sure if ryecoaaron has already released this solution. https://github.com/OpenMediaVa…2#issuecomment-1872629965

    You can configure that tunnel manually to rule out a problem caused by the plugin:

    Generate the tunnel configuration file.

    nano /etc/wireguard/tunnel_test.conf

    Copy and paste inside that file (with your keys):

    Code
    [Interface]
    Address = 10.14.0.2/16
    PrivateKey = *redacted*
    DNS = 162.252.172.57, 149.154.159.92
    [Peer]
    PublicKey = *redacted*
    AllowedIPs = 0.0.0.0/0
    Endpoint = es-mad.prod.surfshark.com:51820

    Activate the created wireguard network interface:

    systemctl start wg-quick@tunnel_test.service

    Try it. If it works well, it is possibly a problem with the plugin. If the error continues, the problem is in OMV. To see if the service is working well, run:

    systemctl status wg-quick@tunnel_test.service

    It should be active. If it is stopped or dead, there is a problem with the network configuration in OMV.

    If it is working fine, it is a problem with the plugin. You can work with that tunnel until the plugin issue is fixed. To do this you must enable that service to start after restarting the server:

    systemctl enable wg-quick@tunnel_test.service

    If you want to remove that tunnel just disable that service and stop it. Then delete that file:

    systemctl disable wg-quick@tunnel_test.service

    systemctl stop wg-quick@tunnel_test.service

    rm /etc/wireguard//tunnel_test.conf

    • Official Post

    4 days ago there was a report on github about a bug possibly related to this issue. I'm not sure if ryecoaaron has already released this solution. https://github.com/OpenMediaVa…2#issuecomment-1872629965

    That was fixed that day but it was only fixed in the OMV 7.x plugin. But it is only removing localhost IPs starting with 127 if someone put one in the list.

    omv 7.1.1-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.14 | compose 7.2.1 | k8s 7.1.1-1 | cputemp 7.0.2 | mergerfs 7.0.5 | scripts 7.0.8


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    • Official Post

    That was fixed that day but it was only fixed in the OMV 7.x plugin. But it is only removing localhost IPs starting with 127 if someone put one in the list.

    OK thanks. I saw a variable that referenced dns and thought it might be related. In that case it has nothing to do with it. I would continue with the action of testing manually to find out if the problem is in the plugin or is it a conflict with the OMV network.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!