How to use wireguard under gentoo

[wenzi]

I install wireguard-tools, and copy the wg0.conf file to /etc/wireguard/, when I use wg-quick up wg0 ,it does not work , here is the message

Code: Select all

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev wg0
[#] ip -6 address add 2606:4700:110:8a5a:c842:4772:a834:c25/128 dev wg0
[#] ip link set mtu 1280 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] ip -6 route add ::/1 dev wg0
[#] ip -6 route add 8000::/1 dev wg0
[#] ip -4 route add 128.0.0.0/1 dev wg0
[#] ip -4 route add 0.0.0.0/1 dev wg0

But ,under archlinux, do the same it works,and get this message

Code: Select all

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 172.16.0.2/32 dev wg0
[#] ip -6 address add 2606:4700:110:8781:b756:22e:199e:87e7/128 dev wg0
[#] ip link set mtu 1280 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] nft -f /dev/fd/63
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] nft -f /dev/fd/63
[#] export PRIORITY=1024; source /etc/wireguard/hooks/post-up.sh
Add rules...
Add rules done.

[Moderator edit: added [code] tags to preserve output layout. -- pietinger]

[pietinger]

It seems to me that archlinux is doing additionally some settings for a firewall, but the treatment of the network specific operations is identical. You might do this also with nftables.

[szatox]

So, in what what it doesn't work?
Do you use the same config files for wireguard on both systems?

Is your interface configured?
Routing rules?
Firewall?
Does your internet cut off after connecting?

[wenzi]

So, in what what it doesn't work?
Do you use the same config files for wireguard on both systems?

Is your interface configured?
Routing rules?
Firewall?
Does your internet cut off after connecting?

works means I can connect the internet pass through the wireguard vpn ，I do not use firewall both archlinux and gentoo, and I use the same file wg0.confg

[wenzi]

It seems to me that archlinux is doing additionally some settings for a firewall, but the treatment of the network specific operations is identical. You might do this also with nftables.

I think the wg-quick can automatic set nftables rules according to the wg0.conf ,but I don't khow why gentoo can not do this

[szatox]

Man, that's 100% non-answer to the questions asked.
A bus can fail to deliver you from location A to B due to a flat tire, empty tank, exploded engine, a drunk driver, or a million other reasons. Do you get where I'm going with it?

Divination services come at premium prices, so give us something to work with if you want to get help.
What have you done so far to diagnose it and what are the results?

[wenzi]

Man, that's 100% non-answer to the questions asked.
A bus can fail to deliver you from location A to B due to a flat tire, empty tank, exploded engine, a drunk driver, or a million other reasons. Do you get where I'm going with it?

Divination services come at premium prices, so give us something to work with if you want to get help.
What have you done so far to diagnose it and what are the results?

I don't khow what can I provide ，there is no error message , and what I need do ?

[CaptainBlood]

Sorry to ask,
How far are you from Gentoo Wiki?
Thks 4 ur attention, interest & support.

[Hu]

If there is no error message, how do you know it is not working? Please give us a simple command that you expect to work, which does not work, and the full output it produces. For example, curl -v https://www.gentoo.org/ should download the Gentoo home page. Does it? If not, what does it show instead?

[wenzi]

Sorry to ask,
How far are you from Gentoo Wiki?
Thks 4 ur attention, interest & support.

yes I fellow the wiki, and get the configfile from cloudflare,here is the config file

Code: Select all

[Interface]
PrivateKey = kGP8SHrruq90+0VxU6Y5aK/RzYbACJM5bwjoup513lw=
Address = 172.16.0.2/32, 2606:4700:110:8a5a:c842:4772:a834:c25/128
DNS = 1.1.1.1, 1.0.0.1
MTU = 1280

[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1
Endpoint = 162.159.192.247:5956

put the file in /etc/wireguard/ and start the vpn with

Code: Select all

wg-quick up wg0

[hdcg]

Hello wenzi,

first of all be careful about the information you share. It looks like you just shared your private key. If this is really your private key, make sure to invalidate your current Cloudflare config and create a new one!

As mentioned in the other posts, the general wireguard setup looks fine and it connects. The difference is most likely your network configuration.
I did a peek at the wg-quick script and it performs specific steps (e.g. the "sysctl -q net.ipv4.conf.all.src_valid_mark=1" you see under Arch) depending on the network configuration.

Beside the answer to the question from Hu, can you please provide the output of

Code: Select all

ifconfig -a

for your Gentoo environment as well as for your Arch environment. This may give us a lead.

Best Regards,
Holger

[wenzi]

Hello wenzi,

first of all be careful about the information you share. It looks like you just shared your private key. If this is really your private key, make sure to invalidate your current Cloudflare config and create a new one!

As mentioned in the other posts, the general wireguard setup looks fine and it connects. The difference is most likely your network configuration.
I did a peek at the wg-quick script and it performs specific steps (e.g. the "sysctl -q net.ipv4.conf.all.src_valid_mark=1" you see under Arch) depending on the network configuration.

Beside the answer to the question from Hu, can you please provide the output of

Code: Select all

ifconfig -a

for your Gentoo environment as well as for your Arch environment. This may give us a lead.

Best Regards,
Holger

THANKS, after I update the system to the lastest ,everything works fine, I realy don't khow why? thanks everybady for my help, THANKS!!