wireguard fails to connect at boot, rk3588 (nanopi r6c)

[Antonio Mignolli]

Hi all, I am running armbian bookworm on a nanopi r6c (rk3588).

At boot, wireguard does not resolve the endpoint (strange, because it runs after network-online.target)

and instead of keep trying, it gives up.

If I manually restart it, all is good.

 

Attached screenshots show the different behaviour in a raspberry pi (rpi4 as hostname) running raspios,

where it keeps trying to resolve the endpoint, and nanopi r6c not retrying.

 

I will recompile kernel to enable wireguard debug (or is there a quicker way?)

 

Edited June 27, 2023 by Antonio Mignolli
Attached screenshots and removed debug question.

[Antonio Mignolli]

I recompiled armbian kernel, adding wireguard debug, but if wg-quick@ is not starting, nothing will be logged.

It starts to print debug information when I manually restart it.

 

[Mango Jo]

Exactly the same error using Radxa Zero and armbian bookworm. Like the exact same thing. 

When i manualy restart the service all is good. 

 

when i try to enable systemd-networkd-wait-online.service , the vendor preset is disabled meaning that the wg service has no way to know when the network is online :
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target

any help appreciated.

[Werner]

Tried adding a delay? https://stackoverflow.com/questions/43001223/how-to-ensure-that-there-is-a-delay-before-a-service-is-started-in-systemd

[Antonio Mignolli]

Hi all.
I solved it, indeed, by "drastically" recompile wireguard-tools with a modification (makes sense, IMHO).

https://github.com/WireGuard/wireguard-tools/pull/19

Basically, I am telling wireguard to keep trying reconnection according to configuration (environment variable WG_ENDPOINT_RESOLUTION_RETRIES),

and don't modify this behaviour when some error types occur (EAI_NONAME or EAI_FAIL).

 

I just noticed there is another modification, maybe even better, here:
https://github.com/WireGuard/wireguard-tools/pull/18

[Mango Jo]

Hello all,

 

another option is to modify the service directly to restart it automatically, here's an example provided by chat gpt :
 

[Unit]
Description=WireGuard via wg-quick(8) for %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
PartOf=wg-quick.target
Documentation=man:wg-quick(8)
Documentation=man:wg(8)
Documentation=https://www.wireguard.com/
Documentation=https://www.wireguard.com/quickstart/
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/wg-quick up %i
ExecStop=/usr/bin/wg-quick down %i
ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target

 

the restart always and restart sec makes the service restart automatically after 5 seconds if failed. this means that on boot it will fail and restart automatically after 5 seconds which might be enough time for network connection.

[Antonio Mignolli]

 

Please, use chat GPT when you know exactly what you're doing

With Type=oneshot Restart is NOT allowed.

One shot services exit immediately, so "restart" makes no sense.

Consider removing the post, it could lead to misinformation

[Mango Jo]

Your assessment is correct. I'm modifying my code so it doesn't lead to misinformation! 

thanks 

 

 

[Mango Jo]

Wait I don't know how to remove or modify a reply.

Is this something only reserved for op?

I'll be back with an answer