24/08/25 - VPN on boot with systemd and WireGuard¶
VPN Automation Fix¶
I originally set up ProtonVPN th WireGuard by exporting a config file (proton-NL.conf) to /etc/wireguard/.
To connect I used a shell alias:
alias vpn='sudo resolvconf -u && wg-quick up proton-NL'
So this became my morning project for today.
I forst enabled the wg-quick@proton-NL.service systemd unit, but it failed during startup. On the GDM login screen I saw GNOME report “VPN failed.” Checking logs showed:
resolvconf: signature mismatch: /etc/resolv.conf
wg-quick@proton-NL.service: Main process exited, status=1/FAILURE
So systemd was trying to bring up the tunnel before login, but DNS setup was failing. My manual alias worked only because it refreshed resolvconf first.
Fix¶
Confirmed I was using openresolv on Arch (pacman -S openresolv). Replaced /etc/resolv.conf with an openresolv-managed file:
sudo mv /etc/resolv.conf /etc/resolv.conf.backup
echo "# resolvconf(8) managed" | sudo tee /etc/resolv.conf
sudo resolvconf -u
Added a systemd drop-in for wg-quick@proton-NL.service:
[Unit]
Wants=network-online.target
After=network-online.target
[Service]
ExecStartPre=/usr/bin/resolvconf -u
Enabled NetworkManager-wait-online.service so the VPN waits for networking to begin.
Verification¶
Ran:
systemctl status wg-quick@proton-NL.service
After reboot, the service started cleanly and the VPN successfully activated automatically. Now I don’t need to use the alias anymore, systemd handles it for me.
To Do: Turn this into a github pages web page, it's only markdown it can't be that hard. I was reading about MkDocs this morning and it sounds like what I want.