Wireguard in SailfishOS 5.0

Since there is no official documentation so far, there is a short how to make wireguard working.

pkcon remove wireguard-go
pkcon remove wireguard-tools
pkcon install jolla-settings-networking-plugin-vpn-wireguard

reboot or systemctl restart connman

and, especially for those that have been using wireguard already, you have to forget wireguard configs and set it from scratch or import again.

5 Likes

Thanks, anyway was trying wireguard today and it does not work (didn’t have the old plugin installed)

Wonder if it’s possible that is not compatible (for now) with my vpn (windscribe)

I do not think so. Most likely there is something wrong with your wireguard configs. Do you configure it manually or do you import config files generated from Windscribe?

Tried both, manual won’t connect at all, auto will connect but then it’s not working

Ofc no problems with openvpn

I would start with this one. That means that config file is good but credentials has expired or there is something other wrong with config file. I would try to generate the new config file and import. Should it connect it will work.

Just upgraded my system, installed Wireguard, imported the config file from my Fritz!Box: Works

@kan_ibal Thanks for the hint. A reboot was needed for me to get wireguard in the VPN menu.

@247 My connection also did not work at first, and I needed to set the public IP of my server in the “server address” field instead of its name (that previously worked with the openrepos package), if it is of any help.

Tried and it does not work

Windscribe says i have 5 keys to choose from and i can’t generate more but says those 5 keys should work everywhere

Thank you, but didn’t help…

But…does not route the traffic through the expected endpoint. I will check the generated config and see what happens then.

Hey, I also was not able to connect via the dns name but via ip address it works nicely. I have a pivpn setup and I’m using dy.fi as the dns provider. Does someone have an idea why the dns name would not work?

I encountered the same issue right after installing SFOS5 and wireguard a while ago. Created a bug report Wireguard cannot handle dns server names

3 Likes

I use DNS alternative as DNS system instead of default SFOS DNS and it works.
What does
cat /etc/resolv.conf
shows while connected via wireguard?

The nameserver is a fixed 127.0.0.1 by default, as “connmand” always handles the DNS requests, VPN or not.

I don’t know how it IIS done in 5.0 but it used to be a link to conman’s resolv.conv.
Then what does show /var/run/connman/resolv.conf?

I get the same answer in both cases: nameserver::1 nameserver 127.0.0.1

Localhost in the /var/run/connman/resolv.conf is very wrong. There should be a local router DNS address or VPN provider DNS. I have local router DNS addresses. No change after wireguard connection.
Could you check if you have DNS address in your wireguard VPN provider config file and what is the address?

/etc/resolv.conf is a symlink to /run/connman-resolv.conf so the content will be the same. As I mentioned in Wireguard in SailfishOS 5.0 - #14 by adekker, I can see nothing wrong with 127.0.0.1. You might see other values by using your DNS alternative.

DNS Alternative has nothing in common with /run/connman/resolv.conf. This file is managed by connmand and provides DNS addresses for system.
Localhost address in /etc/resolv.conf is inherently wrong, because in default setup, it redirects all DNS requests to connmand DNS proxy that is running at localhost that uses DNS’es from /var/run/connman/resolv.conf and you are in the dead loop.
DNS Alternative disables connmand DNS proxy and provides its own(dnsmasq+dnsxcrypt-proxy).

My WireGuard config file said something like the following.

#
# Use this configuration with WireGuard client
#
[Interface]
Address = 77.14.0.2/16
PrivateKey = ...
DNS = 88.252.172.57, 66.154.159.92
[Peer]
PublicKey = ...
AllowedIPs = 0.0.0.0/0
Endpoint = nl-ams.prod.surfshark.com:51820

(Some of the numbers were changed)

When I look at the settings file in .local/share/system/privileged/connman-vpn/provider…/ then maybe the DNS isn’t there?

provider-…/settings:

Name=Wireguard Surfshark NL-AMS
Type=wireguard
Host=nl-ams.prod.surfshark.com
VPN.Domain=sailfishos.org.3
WireGuard.Address=77.14.0.2/16
WireGuard.PrivateKey=...
WireGuard.PublicKey=...
WireGuard.AllowedIPs=0.0.0.0/0
WireGuard.EndpointPort=51820

and vpn-…/settings:

Name=Wireguard Surfshark NL-AMS
SplitRouting=false
AutoConnect=false
Modified=2025-03-14T15:06:38Z
IPv4.method=fixed
IPv4.netmask_prefixlen=16
IPv4.local_address=77.14.0.2
IPv4.gateway=nl-ams.prod.surfshark.com
IPv6.method=off
IPv6.privacy=disabled