Edit 2: Fixed! Thanks to @just_another_person@lemmy.world for this github issue link.

The solution is in the last comment suggesting to set ManageForeignRoutingPolicyRules=no in /etc/systemd/networkd.conf

Original post is below…

So I’ve got something I don’t quite know how to find a solution for and I’m hoping this lovely community can help!

I’ve been experimenting with Arch (btw) with Hyprland to learn more about the install process, and linux in general, and to see if I like tiling window managers (I do).

I’ve installed this on a thinkpad I use for tinkering/learning, and the problem I’m encountering is that when I open up the laptop and the system resumes from suspend, the VPN connection is active, but broken, or maybe leaky.

What I mean by that is prior to suspending, with the vpn connection active, if I run curl ip.me, the result is the vpn server ip, Which is the expected behavior.

After resuming from suspend, when I run curl ip.me, I get my naked home ip instead of the vpn ip.

At first I thought I was losing the vpn connection, but when I check the status with sudo wg, it will show the vpn connection is still active, like so:

interface: wg0
  public key: pubkeyhere
  private key: (hidden)
  listening port: 38014
  fwmark: 0xca6c

peer: peer here
  endpoint: ip.endpoint.here:51820
  allowed ips: 0.0.0.0/0
  latest handshake: 7 seconds ago
  transfer: 8.07 KiB received, 3.77 KiB sent

I’ve tried searching for this to figure out what’s happening, and I’m not finding anything, likely because I don’t know how to properly query for results.

What I’ve been doing is just manually running an alias on resume that brings the vpn connection down, and then back up again with:

sudo wg-quick down wg0 && sleep 2 && sudo wg-quick up wg0

I’ve tried different variations on a script placed in /usr/lib/systemd/system-sleep to no avail. I have verified that that the script is running properly. I tested first with echo "sometext" > ~/somefile for both pre and post and the script is executed on suspend and again on resume.

Script example:

#! /usr/bin/bash

case $1/$2 in
	pre/*)
		;;
	post/*)
		sleep 2
		/usr/bin/wg-quick down wg0
		sleep 2
		/usr/bin/wg-quick up wg0
		;;
esac

Despite this script executing what is essentially the same command as my alias on resume, my home ip is what results from running curl ip.me.

Other details that may or may not be relevant.

I’ve got a wg-quick@wg0.service systemd service that runs on startup to connect to the vpn.

System is Arch with Hyprland, iwctl to manage the wifi connection. I’m not using hyprlock. When I close the laptop it suspends the session, and when I open it back up it just resumes it, no lock screen or password needed.

I don’t really understand what’s going on here, and I haven’t been able to find any information that helps me figure out what’s happening or how to address it. Any help would be greatly appreciated!

Edit: just wanted to add that I’ve also looked through journalctl and I haven’t found anything useful (to me) there.