REPRODUCIBILITY: always
OS VERSION: 5.0.0.61
HARDWARE: Xperia XA2 Plus - Dual SIM
UI LANGUAGE: English
REGRESSION: no
DESCRIPTION:
The newly introduced Wireguard support does not accept a DNS name as server address.
PRECONDITIONS:
Wireguard installed
STEPS TO REPRODUCE:
- Add a new wireguard connection
- Use a DNS server address for the connection
- Connect to the VPN
EXPECTED RESULT:
I can connect to websites and others using the connection
ACTUAL RESULT:
Wireguard tells it is connected. But it does not establish a connection on the server site.
MODIFICATIONS:
None
ADDITIONAL INFORMATION:
As soon as you replace the server DNS name with the IP address, all works fine.
All non-Sailfish devices I use for connecting have no issues with a DNS server name.
My earlier experiences are share with people in this thread Wireguard in SailfishOS 5.0
7 Likes
For me it’s working. I have a server name like xyz.myfritz.net as the IP address might not be constant.
I have been using wireguard in Sailfish 4.5.0, more or less flawlessly. Since I’ve updated to 5.0.0.62 wireguard doesn’t work anymore. I’ve removed the following packages:
pkcon remove wireguard-tools
pkcon remove wireguard-go
and installed:
pkcon install jolla-settings-networking-plugin-vpn-wireguard
pkcon search wireguard results in the following:
Installed connman-plugin-vpn-wireguard-1.38+git12.1-1.32.1.jolla.aarch64 (installed) Connection Manager Wireguard VPN plugin
available connman-plugin-vpn-wireguard-0.4-1.aarch64 (openrepos-javitonino) Connman plugin for Wireguard VPN
available connman-plugin-vpn-wireguard-0.5-1.aarch64 (openrepos-javitonino) Connman plugin for Wireguard VPN
Installed jolla-settings-networking-plugin-vpn-wireguard-1.0.52.1-1.29.1.jolla.aarch64 (installed) Settings plugin for Connection Manager WireGuard
available jolla-settings-networking-plugin-vpn-wireguard-0.1-1.noarch (openrepos-javitonino) Settings plugin for Wireguard VPN
available jolla-settings-networking-plugin-vpn-wireguard-0.4-1.noarch (openrepos-javitonino) Settings plugin for Wireguard VPN
available jolla-settings-networking-plugin-vpn-wireguard-0.3-1.noarch (openrepos-javitonino) Settings plugin for Wireguard VPN
available jolla-settings-networking-plugin-vpn-wireguard-0.2-1.noarch (openrepos-javitonino) Settings plugin for Wireguard VPN
available wireguard-go-0.0.20220316-1.aarch64 (openrepos-javitonino) Userspace implementation of WireGuard in Go
available wireguard-tools-1.0.20210914-1.aarch64 (openrepos-javitonino) Required tools for WireGuard, such as wg(8) and wg-quick(8)
When I provide the url for the wireguard server it doesn’t work, when I use the public IP address of the wireguard server it does work. I hope the url can be used again as this is only a temporary solution for me because the wireguard server does not have a fixed ip4 address and uses dyndns to update its ip address
1 Like
Are you sure the name does not resolve also to an ipv6 address ? That could explain why it does work with the ip, but not the name.
1 Like
No, it resolves an IP4 address. As others also mentioned, it worked fine before, for those who used Wireguard from openrepos-javitonino. My SFOS device is my only device that cannot handle the dns service name, all others can.
1 Like
I have the same problem. OpenVPN UDP Surfshark works fine. Importing the Surfshark WireGuard config file worked also fine, and after activation it shows: Connected. But browser, mail, SSH and Fernschreiber, all lose connection.
I’m experiencing the same issue—WireGuard in SFOS 5.0.0.x only works correctly if I enter an IP address in the server address field. However, I use a subdomain from freedns.afraid.org, and its IP address is not static.
If i not mistaken WireGuard does not support changing IP addresses among peers. You will need re-establish tunnel manually or by whatever script
That is not relevant for the issue. We want to use a DNS name, because the IP address can change over time.
1 Like
After updating to OS 5.0.0.62, I now unfortunately have the same problem. I use “spdns.de” as my DNS service. Since my home IP changes daily, it is not an option to adjust it manually in the config. Is there any way to switch back to the old Wireguard package? At least this version did not have the problem.
Release 5.0.0.67 has this problem fixed for me.
4 Likes
I thought about a workaround since the problem affects me. It’s a bit late despite the problem seems to be solved by Sailfish OS 5.0.0.67. For those who want or have to use older releases this might be helpful.
I attempted to work around the issue by modifying the appropriate config-file
/home/defaultuser/.local/share/system/privileged/connman-vpn/provider_<YOUR_PROVIDER>_sailfishos_org/settings
The Format of settings is simple and comparable to an ini-File. That makes things a lot easier, since there’s nothing binary involved.
[<YOUR_PROVIDER>_sailfishos_org]
Name=wg0
Type=wireguard
Host=<YOUR_PROVIDER_FQDN>
VPN.Domain=sailfishos.org
WireGuard.Address=192.168.0.187/24
WireGuard.DNS=192.168.0.18,192.168.0.1
WireGuard.PrivateKey=<PrivateKey>
WireGuard.PresharedKey=<PresharedKey>
WireGuard.PublicKey=<PublicKey>
WireGuard.AllowedIPs=192.168.0.0/24,0.0.0.0/0
WireGuard.EndpointPort=55378
WireGuard.PersistentKeepalive=25
WireGuard.DisableIPv6=false
The Idea is just using a small script called by systemd 5min after boot and afterwards every 6h to update the config-file (in particular it’s Host-value) mentioned above.
- Create
update-wg-host.service in /etc/systemd/system, copy and paste the content from here
[Unit]
Description=Update wireguard host based on dyndns-IP
[Service]
Type=oneshot
ExecStart=/usr/local/bin/update-vpn-host
StandardOutput=journal
StandardError=journal
- Create
update-wg-host.timer in /etc/systemd/system, copy and paste the following
[Unit]
Description=Update wireguard host based on IP every 6 hours
[Timer]
OnBootSec=5min
OnUnitActiveSec=6h
Persistent=true
[Install]
WantedBy=timers.target
- Now take the script in place. Create
update-wg-host in /usr/local/bin. Copy and paste it`s content.
#!/bin/sh
# Name : update-wg-host
# Description : Updates wireguard-host utilizing a systemd.service and systemd.timer
CONFIG_FILE="/home/defaultuser/.local/share/system/privileged/connman-vpn/provider_<YOUR_PROVIDER>_sailfishos_org/settings"
DOMAIN="YOUR_PROVIDER"
echo "[$(basename "$0")] IP update for "$DOMAIN" started."
IP=$(getent hosts "$DOMAIN" | awk '{ print $1 }')
# Check IP
if [[ -z "$IP" ]]; then
echo "[$(basename "$0")] Failed getting IP for "$DOMAIN"."
exit 1
else
echo "[$(basename "$0")] New IP is "$IP"."
fi
# Perform Update
if grep -q "^Host=" "$CONFIG_FILE"; then
sed -i "s/^Host=.*/Host=$IP/" "$CONFIG_FILE"
echo "[$(basename "$0")] Config file successfully updated."
else
echo "[$(basename "$0")] Failed updating config file."
exit 1
fi
# Restart Connman to reflect changes
if systemctl restart connman; then
echo "[$(basename "$0")] ConnMan restarted. Changes applied and active."
exit 0
else
echo "[$(basename "$0")] Failed restarting ConnMan. Changes applied but inactive."
exit 1
fi
Edit <YOUR_PROVIDER> to match your needs. Be aware of using _ (in CONFIG_FILE) and . (in DOMAIN).
- When everything is in place and updated to reflect your personal settings it’s time to activate it. Reload the systemd-daemon
systemctl daemon-reload then enable and start the timer unit systemctl enable --now update-wg-host.timer.
As the script logs into journal you could take a closer look on what’s going in by journalctl -u update-wg-host.
Furthermore you are able to start the update on demand by calling the script manually via command-line or e.g. with qCommand.