How to Debug WireGuard: Enabling Kernel Logging

WireGuard, as far as I know, does not create log files, which can make it difficult to troubleshoot issues with the AllowedIPs configuration, particularly when not all traffic is intended to be routed through the tunnel.

However, as a kernel module, it is possible to enable verbose logging for this module. To enable kernel logging, execute this command:

echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control

The log messages will be recorded in the kernel log, which can be monitored using:

sudo dmesg -wT

To disable logging, run:

echo "module wireguard -p" | sudo tee /sys/kernel/debug/dynamic_debug/control

In conclusion, debugging WireGuard can be facilitated by enabling kernel logging. This allows the capture and recording of log messages within the kernel log, which can then be monitored. It's important to remember to disable logging once done.