Wireguard in SailfishOS 5.0

adekker · 14 March 2025 17:29

I am not sure what manual changes you made yourselve, but /etc/resolv.conf should be a symlink to /var/run/connman/resolv.conf. And it should point to 127.0.0.1, the connman DNS proxy. Then Connman knows what DNS to use. This works for VPN and non VPN situations I can confirm.

kan_ibal · 14 March 2025 18:00

Then I do not know where these nameservers come from.
You can try to use a temporary fix. After connecting via wireguard VPN use
echo 'nameserver 88.252.172.57' >>/run/connman/resolv.conf
or even 1.1.1.1 or whatever DNS public server.
echo 'nameserver 1.1.1.1' >>/run/connman/resolv.conf

rob_kouw · 17 March 2025 13:48

Is that a permanent change?

kan_ibal · 17 March 2025 15:10

Not sure if it is required or the opposite but as I wrote it is a temporary fix. /run/connman/resolv.conf is/should be overwritten every network change or connman restart.

WT.Sane · 20 May 2025 19:55

And I found the solution:

AllowedIPs = 0.0.0.0/0, ::/0

works. All traffic is routed through Wireguard.

AllowedIPs = 192.168.23.0/24, 0.0.0.0/0, ::/0

only routes local traffic through Wireguard but the rest over the standard internet connection.

The checkbox to route all traffic through Wireguard must also be checked.

Siltaar · 11 January 2026 21:45

Tested, approved and added here : Installing WireGuard | SailfishOS community wiki

Thank you !

dopi04 · 11 January 2026 22:27

To complete the wiki on Wireguard I suggest adding how to prevent DNS leaks as a last step: Settings > VPN > Edit > Advanced > Enable Ipv6 data leak protection

Siltaar · 11 January 2026 22:55

Done (twenty characters)

will · 7 March 2026 21:24

I just installed wg and it is working. I can ping and ssh from my phone to the other wireguard clients in the wg-subnet but I can’t ping or ssh from other clients into the phone. Is there some firewall settings I have to adapt? Developer-mode and ssh is of course enabled and I can ssh normally via other interfaces (wifi, cell or usb) to the phone.

kan_ibal · 8 March 2026 07:55

Wireguard is based on nftables hence please check nftables rules.

arcturus · 30 March 2026 06:06

Been routing all my data traffic through my home network for a week now without issues. Wireguard is quite impressive. I’m actually seeing a substantial speed increase. On my home network I’m running pihole. And the filtering removes so much crap from the web that it makes browsing over my wireguard tunnel much faster. I’m also seeing a lot fewer browser crasches.

Has anyone managed to set up a split tunnel on sfos to just route dns traffic through wireguard?

kan_ibal · 2 April 2026 09:37

Whay do you want to do that? Just use dnscrypt-proxy.
For custom wireguard config you can use custom wg-quick script.

jdrm · 15 April 2026 11:49

Tested with ProtonVPN free account but with a little fix.

When adding the configuration from a file all works ok except the DNS configuration. It’s necessary to edit the configuration, go to Advance and add the DNS manually. After that, works fine.