Fedora Account System
Red Hat Associate
Red Hat Customer
The problem only came after upgrading to Fedora 38. In Fedora 37, it worked fine with the exact same wireguard config. First, wg-quick could not access the config file in /etc/wireguard. I solved that problem by running "sudo touch /.autorelabel" and rebooting. But the actual problem is, that now, despite it being able to access the config file in /etc/wireguard, wg-quick still crashes due to selinux. I verified this by trying again after running "sudo setenforce 0", then, the connection could be established. The wireguard config was created by ProtonVPN. I do have the exact same problem on CentOS Stream 9. I will add the journalctl output from Fedora 38 and Centos Stream 9 and the redacted wireguard config as an attachment. My selinux-policy version is: 38.12 Reproducible: Always Steps to Reproduce: 1. Get a wireguard config from ProtonVPN 2. (I commented out the "DNS" option in the config file) 3. Copy it to /etc/wireguard 4. Try to establish a connection by running "systemctl start wg-quick@config_name" Actual Results: The wireguard connection cannot be established Expected Results: The wireguard connection can be established [root@tx1 ~]# ls -lZ /etc/wireguard/swiss.conf -rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 376 1. Apr 12:25 /etc/wireguard/swiss.conf
Created attachment 1961088 [details] journalctl fedora 38
Created attachment 1961089 [details] journalctl centos stream 9
Created attachment 1961090 [details] redacted wireguard config
I decided it would make more sense to file the bug separately for CentOS Stream 9, instead of just mentioning it here. https://bugzilla.redhat.com/show_bug.cgi?id=2192154
So, I tested it on Fedora 38 now and it works. Thank you, nice work 👍