How to get WireGuard working on boot/startup

I have 2 WireGuard profiles uploaded into Settings → Network → VPN → “+” → Import from file…

It works just fine but it does not connect automatically on startup. I’ve tried using nm-connection-editor in terminal to get it to automatically connect to VPN, but the dropbox doesn’t show any options when I check the box.

For the record, I am using Fedora Silverblue 40.
(And no, it does not connect on startup, hence, why I am making this post)

For me, WireGuard activates at startup like this:

sudo nmcli connection modify VPN_CONNECTION \
    connection.autoconnect "" \
    connection.permissions ""

But you need to specify the endpoint peer by its IP address, otherwise apparently leads to a race condition with systemd-resolved, assuming that you route everything to the VPN.

I have that setting enabled as well, but it doesn’t do anything at startup for me.

Am I suppose to install some other WireGuard client to be able to get it to work on startup? I’m willing to switch to Workstation if that would make it work.

If the issue persists, it must be due to using a domain name for the endpoint.
To avoid deadlocks in that case, WireGuard activation should be delayed until connectivity check reports success:

CON_UUID="$(nmcli -g TYPE,UUID connection show \
| awk -F ":" -e '$1=="wireguard"{print $2}')"
do sudo nmcli connection modify uuid ${CON_UUID} \
connection.autoconnect no
sudo tee /etc/NetworkManager/\
dispatcher.d/00-wireguard << "EOF" > /dev/null
CON_UUID="$(nmcli -g TYPE,UUID connection show \
| awk -F ":" -e '$1=="wireguard"{print $2;exit}')"
connection show uuid "${CON_UUID}")"
if [ "${NM_DISPATCHER_ACTION}" = "connectivity-change" ] \
&& [ "${CON_STATE}" != "activated" ]
then nmcli connection up uuid "${CON_UUID}"
sudo chmod +x /etc/NetworkManager/dispatcher.d/*

NetworkManager-dispatcher: NetworkManager Reference Manual

1 Like

As far I remember, it’s not possible to enable Wireguard connections automatically using NetworkManager. See Auto-connect to VPN fails for WireGuard link (#205) · Issues · NetworkManager / NetworkManager · GitLab.

I have the following systemd user unit for my session that does it automatically:

$ cat .config/systemd/user/
Description=Start Wireguard connection for foo

ExecStart=/usr/bin/nmcli connection up foo

1 Like

Call me a noob but I can’t find a file called

I also don’t have a folder named in systemd/user

Am I doing something wrong?

The above code creates and populates the file when copy-pasted to the terminal.

Hi, thanks for this. I am a total noob, rarely use Terminal. Do I just paste that entire chunk of code into my terminal and hit enter to get VPN auto-connecting on startup?

(It auto connected fine on several other machines running the same OS (F40WS) without the need for this, and using the exact same config files, so I am a bit stumped as to why it’s happening at all, but glad if I (you!) can solve it!)

thanks again

Yes, and that should ask your sudo password.

There’s a race condition that makes automatic WireGuard connection problematic in some cases, unless you utilize the above workaround.

1 Like

Thanks again. I ran it and it DOES now auto connect to VPN, but not the one I was using (and use 90% of the time!)

I use one in my home country most of the time, just for easier DuckDuckGo results mainly! But I have about 8 other connections in other countries which I sometimes use. One I rarely use is Lithuania, but every time I reboot now it’s connected to that one!
Is there any way to adjust this so it always uses the preferred connection (or indeed the one I was connected to before rebooting which would be the ideal behaviour)
thanks again for your help

SCRATCH THAT! I think I have sussed it.
It seems to pick the first one at the top of the list, which is sorted alphabetically, so I removed my favourite connection and re-added it, prefixing it with an A to put at top of list. rebooted to test and working now, picks the first on list after boot, in case anyone else has similar issue in future. You’re a star Vladislav thank you!

Oh and PS - Do you think they will ever spend any time improving this VPN feature in Gnome? It’s so basic, the worst thing is that you can’t switch from one connection to another without temporarily turning off the VPN to expose native IP/connection, which is really kinda bad! Just wondered if you knew of any planned improvements? I may have to install an app if not, which i really don’t want to do, and not sure if it will even work since Gnome doesn’t like having a taskbar with app icons!

thanks again, all good now on the auto connect issue

1 Like