Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: Can't get Wireguard killswitch to work (Read 708 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

Can't get Wireguard killswitch to work

I set up my VPN via Wireguard and it's working but I can't get a killswitch to work.

My /etc/wireguard/wg0.conf looks like this
Code: [Select]
[Interface]
Address = [edited]
PrivateKey = [edited]
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PersistentKeepalive = 25
PublicKey = [edited]
AllowedIPs = 0.0.0.0/0
Endpoint = [edited]

It's already running but if I try to restart WG it fails with this error.
Code: [Select]
[iota@Strelizia ~]$ sudo rc-service wireguard restart
 * Stopping wireguard ...
[#] iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
iptables: No chain/target/match by that name.                                                                                                                    [ !! ]
 * ERROR: wireguard failed to stop

The fwmark I get from that command is
Code: [Select]
[iota@Strelizia ~]$ sudo wg show wg0 fwmark
0xca6c

I'm at a loss on how to fix this, I'd like to get it working.

Re: Can't get Wireguard killswitch to work

Reply #1
I've solved it myself.
Turns out the PostUp command never executed (since I was doing a restart and not a start).
Embarrassing but it's working now!