Bug 1732487

Summary: Wireguard can't start with current systemd
Product: [Fedora] Fedora Reporter: Vasiliy Glazov <vascom2>
Component: systemdAssignee: systemd-maint
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: innocent.bustander, lnykryn, msekleta, ssahani, s, systemd-maint, vitaly, xshram, yaneti, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-05 19:57:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vasiliy Glazov 2019-07-23 12:46:18 UTC 
Description of problem:
I use WireGuard VPN from rpmfusion. It is activated via systemd. After upgrade to systemd-241-9.gitb67ecf2.fc30 VPN-client can't up and module failed. After downgrade to systemd-241-8.git9ef65cb.fc30 it work normal again.

So it is seems as regress in systemd.


Version-Release number of selected component (if applicable):
systemd-241-9.gitb67ecf2.fc30
wireguard-0.0.20190702-1.fc30.x86_64
akmod-wireguard-0.0.20190702-1.fc30.x86_64


How reproducible:
Always


Steps to Reproduce:
1. Upgrade to systemd-241-9.gitb67ecf2.fc30.
2. Reboot

Actual results:

июл 23 14:31:30 v-glazov systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
июл 23 14:31:30 v-glazov wg-quick[4101]: [#] ip link add wg0 type wireguard
июл 23 14:31:30 v-glazov wg-quick[4101]: [#] wg setconf wg0 /dev/fd/63
июл 23 14:31:30 v-glazov wg-quick[4101]: [#] ip -4 address add 10.9.0.5/24 dev wg0
июл 23 14:31:30 v-glazov wg-quick[4101]: [#] ip link set mtu 1420 up dev wg0
июл 23 14:31:30 v-glazov wg-quick[4101]: [#] resolvconf -a wg0 -m 0 -x
июл 23 14:31:30 v-glazov wg-quick[4101]: Failed to set DNS configuration: Could not activate remote peer.
июл 23 14:31:30 v-glazov wg-quick[4101]: [#] ip link delete dev wg0
июл 23 14:31:30 v-glazov systemd[1]: wg-quick: Main process exited, code=exited, status=1/FAILURE
июл 23 14:31:30 v-glazov systemd[1]: wg-quick: Failed with result 'exit-code'.
июл 23 14:31:30 v-glazov systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.


Expected results:
Normal connection to wireguard VPN server.
Comment 1 Vladislav Vekyu 2019-07-23 13:10:36 UTC 
The same bug after upgrade and reboot.
Comment 2 Vitaly 2019-07-23 13:57:01 UTC 
I can confirm this issue. Broken in systemd-241-9.gitb67ecf2.fc30. Downgrading to systemd-241-8.git9ef65cb.fc30 helps.
Comment 3 Zbigniew Jędrzejewski-Szmek 2019-07-23 14:32:58 UTC 
It looks like systemd-resolved might not be running. Does it help
if you run 'sudo systemctl enable --now systemd-resolved' ?
Comment 4 Vasiliy Glazov 2019-07-24 06:18:48 UTC 
(In reply to Zbigniew Jędrzejewski-Szmek from comment #3)
> It looks like systemd-resolved might not be running. Does it help
> if you run 'sudo systemctl enable --now systemd-resolved' ?

Thanks, it helped.
Comment 5 Vasiliy Glazov 2019-07-25 05:59:14 UTC 
Any changes in next systemd build will be done or we must enable systemd-resolved manually now?
Comment 6 Zbigniew Jędrzejewski-Szmek 2019-08-05 19:57:33 UTC 
Current Fedora(*) default is to not enable systemd-resolved. It is true that in the
past systemd-resolved would be enabled after the package was installed, but that was a bug.
Wireguard should not rely on systemd-resolved running, since it's an optional component.
Sorry, but the bug is the wireguard script. Most likely, the service needs to declare
a dependency on systemd-resolved.service.

(*) /usr/lib/systemd/system-preset/90-default.preset is owned by fedora-release-common.