WireGuard cut outgoing connections

Help
1

I have a wireguard configuration extracted from ProtonVPN such as:

  [Interface]
  PrivateKey = PRIVATE_KEY
  Address = 10.2.0.2/32
  DNS = 10.2.0.1
  
  [Peer]
  PublicKey = PUBLIC_KEY
  AllowedIPs = 0.0.0.0/0
  Endpoint = 123.456.789.7:51820

I tried to setup WireGuard directly:

  # Enable WireGuard
  networking.wireguard.enable = true;
  networking.wireguard.interfaces = {
    wg0 = {
      ips = [ "10.2.0.2/24" ];
      listenPort = 51820;
      privateKey = "PRIVATE_KEY";

      peers = [
        {
          publicKey = "PUBLIC_KEY";
          allowedIPs = [ "0.0.0.0/0" ];
          endpoint = "123.456.789.7:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };

But I get not network (ping 8.8.8.8 does not reach).

I tried wg-quick (after disabling the previous snippet:

  networking.wg-quick.interfaces = {
    wg0 = {
      address = [ "10.2.0.2/32" ];
      dns = [ "10.2.0.1" ];
      privateKey = "PRIVATE_KEY";
      
      peers = [
        {
          publicKey = "PUBLIC_KEY";
          allowedIPs = [ "0.0.0.0/0" ];
          endpoint = "123.456.789.7:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };

But I get the same outcome, without any error:

$ systemctl status wg-quick-wg0.service
● wg-quick-wg0.service - wg-quick WireGuard Tunnel - wg0
     Loaded: loaded (/etc/systemd/system/wg-quick-wg0.service; enabled; vendor preset: enabled)
     Active: active (exited) since Mon 2022-07-18 23:32:45 CEST; 39s ago
    Process: 1463 ExecStart=/nix/store/c0xgkingpnciz963sh4afys00abpjf2h-unit-script-wg-quick-wg0-start/bin/wg-quick-wg0-start (code=exited, status=0/SUCCESS)
   Main PID: 1463 (code=exited, status=0/SUCCESS)
         IP: 0B in, 0B out
        CPU: 174ms

Jul 18 23:32:44 X wg-quick-wg0-start[1477]: [#] ip -4 address add 10.2.0.2/32 dev wg0
Jul 18 23:32:44 X wg-quick-wg0-start[1477]: [#] ip link set mtu 1420 up dev wg0
Jul 18 23:32:44 X wg-quick-wg0-start[1500]: [#] resolvconf -a wg0 -m 0 -x
Jul 18 23:32:45 X wg-quick-wg0-start[1477]: [#] wg set wg0 fwmark 51820
Jul 18 23:32:45 X wg-quick-wg0-start[1477]: [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
Jul 18 23:32:45 X wg-quick-wg0-start[1477]: [#] ip -4 rule add not fwmark 51820 table 51820
Jul 18 23:32:45 X wg-quick-wg0-start[1477]: [#] ip -4 rule add table main suppress_prefixlength 0
Jul 18 23:32:45 X wg-quick-wg0-start[1477]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
Jul 18 23:32:45 X wg-quick-wg0-start[1575]: [#] iptables-restore -n
Jul 18 23:32:45 X systemd[1]: Finished wg-quick WireGuard Tunnel - wg0.

Any idea what I’m doing wrong?

Thanks

3

Hello !

I have the exact same problem.
I suspect that not being able to set the DNS address is the culprit here.
When not forwarding the whole traffic to the tunnel (allowedIPs = [ "10.10.10.0/24" ]; in my case), it works perfectly fine.