Wireguard interface gets address only after wg-quick service restart

mihalycsaba · February 14, 2024, 5:07pm

It’s alma 8 on a kvm vps. I had no issues with these config on my local kvm and oracle’s.

I ran these after reboot. There are five commands here, the first ip a doesn’t show an address for the interface and the tunnel doesn’t work, but the service status doesn’t show any errors.

After a manual service restart it shows the ip address and the tunnel works.

[root@server ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether xxxxxxxxxxxxxxxxxxxxx brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet xxxxxxxxxxx scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet xxxxxxxxxxxxxxxx scope global secondary noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 xxxxxxxxxxxxxxxxxxx scope link
       valid_lft forever preferred_lft forever
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
[root@server ~]# systemctl status wg-quick@wg0
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled)
   Active: active (exited) since Wed 2024-02-14 18:36:02 EET; 30s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 691 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 691 (code=exited, status=0/SUCCESS)

Feb 14 18:36:02 server.vmid20354 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Feb 14 18:36:02 server.vmid20354 wg-quick[691]: [#] ip link add wg0 type wireguard
Feb 14 18:36:02 server.vmid20354 wg-quick[691]: [#] wg setconf wg0 /dev/fd/63
Feb 14 18:36:02 server.vmid20354 wg-quick[691]: [#] ip -4 address add 10.1.0.0/24 dev wg0
Feb 14 18:36:02 server.vmid20354 wg-quick[691]: [#] ip link set mtu 1420 up dev wg0
Feb 14 18:36:02 server.vmid20354 systemd[1]: Started WireGuard via wg-quick(8) for wg0.
[root@server ~]# systemctl restart wg-quick@wg0
[root@server ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether xxxxxxxxxxxxxxxxxxxxxxx brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet xxxxxxxxxxxxxxxxxxxxxxxscope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx scope global secondary noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 xxxxxxxxxxxxxxxxxxx scope link
       valid_lft forever preferred_lft forever
4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.1.0.0/24 scope global wg0
       valid_lft forever preferred_lft forever
[root@server ~]# systemctl status wg-quick@wg0
● wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
   Loaded: loaded (/usr/lib/systemd/system/wg-quick@.service; enabled; vendor preset: disabled)
   Active: active (exited) since Wed 2024-02-14 18:36:40 EET; 15s ago
     Docs: man:wg-quick(8)
           man:wg(8)
           https://www.wireguard.com/
           https://www.wireguard.com/quickstart/
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
           https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
  Process: 1816 ExecStop=/usr/bin/wg-quick down wg0 (code=exited, status=0/SUCCESS)
  Process: 1838 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
 Main PID: 1838 (code=exited, status=0/SUCCESS)

Feb 14 18:36:39 server.vmid20354 systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
Feb 14 18:36:40 server.vmid20354 wg-quick[1838]: [#] ip link add wg0 type wireguard
Feb 14 18:36:40 server.vmid20354 wg-quick[1838]: [#] wg setconf wg0 /dev/fd/63
Feb 14 18:36:40 server.vmid20354 wg-quick[1838]: [#] ip -4 address add 10.1.0.0/24 dev wg0
Feb 14 18:36:40 server.vmid20354 wg-quick[1838]: [#] ip link set mtu 1420 up dev wg0
Feb 14 18:36:40 server.vmid20354 systemd[1]: Started WireGuard via wg-quick(8) for wg0.

Here’s the wg0 conf for the server

[Interface]
# Wireguard interface will be run at 10.1.0.0
Address = 10.1.0.0/24

PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxx

ListenPort = 51820

# CSABA-WG
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 10.1.0.1/32

Any idea how to solve this, so it will work without intervention? Somehow trigger a service restart or maybe delay this service start a few seconds?

Topic		Replies	Views
Wireguard issue with AlmaLinux 8.5 Support	20	2653	May 5, 2022
Installed to AWS via AMI - No Firewall? Support	2	377	August 1, 2021
Almalinux 9 as wireguard gateway General Discussion & Chat	2	664	December 17, 2022
Server requires reboot after modifying the interface configuration file Support	3	414	September 19, 2022
Almalinux 8 unstable link BCM57414 Support	0	395	February 22, 2023

Wireguard interface gets address only after wg-quick service restart

Related Topics