i followed the official documentation on setting up wireguard using network manager. the connection successfully activates, but i have no internet access
i tried using wireguard-tools too, and also doesnt work. i tried the same client config on a different machine, and it worked, so i am sure this is a guix-specific issue
Could you share your configuration, or what did you try to do ? Are both machines (where wireguard works, and does not work) part of same network ? Does one have firewall, and one does not have ? Did you do any tcpdump, or wireguard debugging ? I use wireguard using wireguard-tools, and as well as the guix’s wireguard service module, and both seem to work fine.
i just followed the official guix guide to enable wireguard using network manager. both machines are part of the same network and are trying to connect to the same server. neither has a firewall, unless guix adds one by default and ive not realised this? i’ll share what happens with tcpdump when i do that
I’m not an expert but it was straigthforward for me. However I didn’t setup the wireguard-service-type.
I added the wireguard-tools package in my os definition. Don’t know if it’s mandatory. Then I added this simple-service:
By default, the private key points to /etc/wireguard/private.key. Did you put the private key from your wg0.conf at the right place ?
I 've switched to the service wireguard-service-type and I had the same behavior at first. My problem came from the private key that was different from the expected one.
sudo wg show all should confirm the private key is found (should return hidden).
Eventually, I think you already know that but:
You can change the default name for this interface in your wireguard-configuration section to avoid having several profiles with the same name wg0. Mine is (interface “protonwg”). The created service will be wireguard-protonwg (in my case).
You’ll manage it with sudo herd [start|stop|status] wireguard-protonwg.
For the debugging, you can look at /var/log/message.
thanks, that tip about the private key was helpful, id only had it in my wg0.conf file and not also in /etc/wireguard
3 things:
when i dont specify the same peer and interface name, i get the following error: Throw to key `%exception’ with args `(“#<&invoke-error program: \”/gnu/store/…-wireguard-tools-…/bin/wg-quick\” arguments: (\”up\” \”/gnu/store/…-wireguard-config/wg0.conf\”) exit-status: 1 term-signal: #f stop-signal: #f>”)’ . i believe this isnt expected behaviour, as whether the names match shouldnt matter unless theres something ive missed here (unrelated, how do you display a single backtick in code blocks on discourse?)
when i specify same names and the service starts, the public key from sudo wg show all is different from the one i specify in my os config, which is an obvious reason its not connecting… i think its generating a new keypair, but im not sure why, because ive already given it both (i am getting (hidden) for the private.key)
i used nmcli c edit then print to view the interface properties, and it specifies the address fine, but doesnt have a value for dns when i did give it a different dns value. i assume its just the same format as addresses, so (dns ‘(“<address>”))?