WireGuard: Difference between revisions
imported>Pancho |
imported>2x Add troubleshooting entry for persistentKeepalive+privateKeyFile |
||
| Line 339: | Line 339: | ||
The new VPN connection should be available, you still have to click on it to activate it. | The new VPN connection should be available, you still have to click on it to activate it. | ||
=Troubleshooting= | |||
==Tunnel does not automatically connect despite persistentKeepalive being set== | |||
When using the <i>privateKeyFile</i> instead of <i>privateKey</i> setting, the generated WireGuard config file sets <i>PersistentKeepalive</i> as normal, but instead uses the generated <i>PostUp</i> script to set the private key for the tunnel after the tunnel has been started. Apparently the tunnel only automatically connects when the keepalive is set at the same time (i.e. through the config file) as the private key, or afterwards. A workaround is to also set <i>PersistentKeepalive</i> through the PostUp script using the <i>wg</i> command: | |||
<syntaxHighlight lang="nix"> | |||
networking.wg-quick.interfaces = let | |||
publicKey = "..."; | |||
in { | |||
wg0 = { | |||
# ... | |||
privateKeyFile = "/path/to/keyfile"; | |||
# this is what we use instead of persistentKeepalive, the resulting PostUp | |||
# script looks something like the following: | |||
# wg set wg0 private-key <(cat /path/to/keyfile) | |||
# wg set wg0 peer <public key> persistent-keepalive 25 | |||
postUp = ["wg set wgnet0 peer ${publicKey} persistent-keepalive 25"]; | |||
peers = [{ | |||
inherit publicKey; # set publicKey to the publicKey we've defined above | |||
# ... | |||
# Use postUp instead of this setting because otherwise it doesn't auto | |||
# connect to the peer, apparently that doesn't happen if the private | |||
# key is set after the PersistentKeepalive setting which happens if | |||
# we load it from a file | |||
#persistentKeepalive = 25; | |||
}]; | |||
}; | |||
}; | |||
</syntaxHighlight> | |||
=See also= | =See also= | ||