Can't use systemctl to start wireguard interface in Fedora 38

reegmo · May 4, 2023, 9:05pm

In Fedora 37 I was able to have systemctl automatically enable my wireguard interface by simply putting a valid wg0.conf file in /etc/wireguard/ and then running sudo systemctl enable wg-quick@wg0.service

Since upgrading to Fedora 38, i get this error in the journal when systemctl tries to start wg-quick@wg0.service:

[#] nft -f /dev/fd/63
internal:0:0-0: Error: Could not open file "/dev/fd/63": Permission denied

I can still start the wireguard interface using wg-quick up wg0, but I can’t do automatically with systemctl.

Does anyone know why?

vgaetera · May 4, 2023, 9:12pm

On Fedora, it is best to configure WireGuard with NetworkManager:

nmcli connection import type wireguard file /path/to/wg.conf

WireGuard in NetworkManager – Thomas Haller's Blog

axels · May 22, 2023, 12:28pm

“Use something else” is not an ideal solution.
It would be good to figure out what broke this in the first place, as having both options is better than just having to obligated to use NetworkManager.

Even weirder considering a straight up “sudo wg-quick up wg0” works.

vgaetera · May 22, 2023, 12:47pm

There are best practices to help you avoid unnecessary problems.
You must have a good reason to justify going against it.