When NetworkManager takes over

October 21, 2025

ProtonVPN kinda broke my WireGuard config and took down dnsmasq

It’s always DNS. Well, kinda, but not really.

Symptoms

My WireGuard connection was working, but I wasn’t able to access my services.

# Everything was normal both on the client and on the server
sudo wg show

Hopping on to the server, I quickly discovered that dnsmasq wasn’t running and would not start.

sudo systemctl restart dnsmasq.service
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xeu dnsmasq.service" for details.

# Relevant part of journalctl
journalctl -xeu dnsmasq.service
systemd-helper[6549]: dnsmasq: unknown interface wg0
dnsmasq[6549]: unknown interface wg0
dnsmasq[6549]: FAILED to start up

Finding out the issue

For reference, my server is running Ubuntu 24.04.

Turns out that the WireGuard interface is registered with NetworkManager when I open Proton VPN. It also shows up in Ubuntu’s Quick Settings menu. This persists even after closing Proton VPN and rebooting.

This does not itself cause any issues, but I found it interesting.

# Before opening Proton VPN
nmcli connection show | grep wg0


# After opening Proton VPN
nmcli connection show | grep wg0
wg0                 63281d2d-14d7-xxxx-xxxx-14a9318fb206  wireguard  wg0

This did not yet gimp my WireGuard connection, as it still had an IP address.

ip -4 addr show dev wg0
16: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 10.8.0.1/32 scope global wg0
       valid_lft forever preferred_lft forever

Now if I shut down the WireGuard connection through the Quick Settings menu, it loses its IP address. This also happens to hide the menu item from the Quick Settings menu, so I can’t use it to restart the connection.

ip -4 addr show dev wg0

The solution

Thankfully, the solution for me was straightforward. Shut down the WireGuard connection, add the Address field back to the config file and restart it.

Modifying the config while the connection is up reset the connection when it’s shut down.

sudo wg-quick down wg0
sudoedit /etc/wireguard/wg0.conf

[Interface]
Address = 10.8.0.1/32

sudo wg-quick up wg0

After that, dnsmasq started working again without any issues.

sudo systemctl restart dnsmasq.service