Wireguard tunnel is not working / Linux Mint 20.3

Questions / Help
1

Hello. I’ve followed instructions in the Private Networking · Fly Docs :
fly wireguard create
sudo mv fly.conf /etc/wireguard
wg-quick up fly

Output shows no error:

[#] wg setconf fly /dev/fd/63
[#] ip -6 address add fdaa:0:8298:a7b:16a9:0:a:2/120 dev fly
[#] ip link set mtu 1420 up dev fly
[#] resolvconf -a fly -m 0 -x
[#] ip -6 route add fdaa:0:8298::/48 dev fly

But DNS is not working:
dig +noall +answer _apps.internal txt

returns no results.

How can I troubleshoot connection?

2

@rozhok Not sure this may help Unable to connect to wireguard tunnel - #4 by tvdfly like with systemctl status.

1 Like
3

Okay, the connection is working, but DNS settings are not propagated to the system.
If I will run dig +short txt _apps.internal @fdaa:0:8298::3 I will successfully retrieve a list of my apps.
I can ping6 my instances but names are not resolving.

4

Fixed some things in a resolv because it wasn’t set servers correctly. Now my /etc/resolv.conf looks like this:

options use-vc
nameserver 9.9.9.9
options use-vc
nameserver fdaa:0:8298::3

But querying any host still returns nothing.

5

You might have already seen this, but this sounds related to issues with our internal DNS resolution and its 6PN network:

You can follow our status page for updates as soon as we have them:

1 Like
6

Looks like the issue has been resolved, but querying still returns nothing :frowning:

7

I’ve found reloading my wireguard config often gets it working. For you that would be

wg-quick down fly
wg-quick up fly

As an aside, wg-quick should modify your resolv.conf. It’ll contain only the Fly.io nameserver. In your case, the file should look like

# Generated by resolvconf
nameserver fdaa:0:8298::3
1 Like
8

Yes! It’s working now. The question is how can I instruct wg-quick to remove unnecessary nameservers from the list :roll_eyes:

9

Okay, so apart of steps described in the manual you should do the following:

  1. Enable resolveconf so it will be used instead of NetworkManager-provided: /etc/NetworkManager/NetworkManager.conf and add:
[main]
rc-manager=resolvconf

Then restart NetworkManager systemctl restart NetworkManager

  1. For some reason wg-quick still leave 9.9.9.9 DNS server provided by default by the resolvconf, so I’ve changed PostUp step in my wireguard conf file:
[Interface]
PrivateKey = ...
Address = fdaa:0:8298:::0:a:2/120
DNS = fdaa:0:8298::3
PostUp = echo 'nameserver fdaa:0:8298::3' > /etc/resolv.conf

After that /etc/resolv.conf was populated by the single DNS server—Fly’s one, and .internal domains started to resolve just perfectly fine :ok_hand:

2 Likes