Wireguard via Networkmanager GUI
Hi,
I'm trying to get the Wireguard VPN working with Networkmanager.
I can get it working via the cli with wg-quick, but via Networkmanager the VPN seems up, but does not give access to the other side.
First let me show the wg-quick way.
I created a config-file in /etc/wireguard :
So this works.
Now via Networkmanager GUI.
I seem unable to add screenshots so you will have to believe me the setup is the same as the config-file. These are the results :
And via the Networkmanager cli :
So what am I missing ? You could say : use wg-quick, but I have some users who would object to use the cli.
Thanks.
I'm trying to get the Wireguard VPN working with Networkmanager.
I can get it working via the cli with wg-quick, but via Networkmanager the VPN seems up, but does not give access to the other side.
First let me show the wg-quick way.
I created a config-file in /etc/wireguard :
Code:
# cat wg0.conf [Interface] PrivateKey = <private key client> Address = 10.0.0.4/24 DNS = 192.168.1.10 [Peer] PublicKey = <public key server> AllowedIPs = 0.0.0.0/0 Endpoint = <wireguard-server>:<listen-port> $ wg-quick up wg0 [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.0.0.4/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a wg0 -m 0 -x [#] wg set wg0 fwmark 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] nft -f /dev/fd/63 # wg showconf wg0 [Interface] ListenPort = 35200 FwMark = 0xca6c PrivateKey = <private key client> [Peer] PublicKey = <public key server> AllowedIPs = 0.0.0.0/0 Endpoint = <wireguard-server>:<listen-port> $ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 10:e7:c6:e1:50:7e brd ff:ff:ff:ff:ff:ff 3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether f4:46:37:82:7d:0f brd ff:ff:ff:ff:ff:ff inet 192.168.1.127/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp3s0 valid_lft 3533sec preferred_lft 3533sec inet6 fe80::85ec:1ef0:7d52:fa6a/64 scope link noprefixroute valid_lft forever preferred_lft forever 11: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.0.0.4/24 scope global wg0 valid_lft forever preferred_lft forever $ ip r default via 192.168.1.120 dev wlp3s0 proto dhcp src 192.168.1.127 metric 600 10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.4 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.127 metric 600 $ tracepath grafana.home.lan 1?: [LOCALHOST] pmtu 1420 1: 10.0.0.1 33.115ms 1: 10.0.0.1 37.424ms 2: server.home.lan 35.606ms reached Resume: pmtu 1420 hops 2 back 2 $ wg-quick down wg0 [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] resolvconf -d wg0 -f [#] nft -f /dev/fd/63
Now via Networkmanager GUI.
I seem unable to add screenshots so you will have to believe me the setup is the same as the config-file. These are the results :
Code:
$ <networkmanager gui> WireguardHome up # wg showconf WireguardHome [Interface] ListenPort = 54994 FwMark = 0xcad0 PrivateKey = <private key client> [Peer] PublicKey = <public key server> AllowedIPs = 0.0.0.0/0 Endpoint = <wireguard-server>:<listen-port> $ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 10:e7:c6:e1:50:7e brd ff:ff:ff:ff:ff:ff 3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether f4:46:37:82:7d:0f brd ff:ff:ff:ff:ff:ff inet 192.168.1.127/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp3s0 valid_lft 3264sec preferred_lft 3264sec inet6 fe80::85ec:1ef0:7d52:fa6a/64 scope link noprefixroute valid_lft forever preferred_lft forever 12: WireguardHome: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.0.0.4/32 scope global noprefixroute WireguardHome valid_lft forever preferred_lft forever inet6 fe80::67df:bf9d:fbb5:fce5/64 scope link stable-privacy valid_lft forever preferred_lft forever $ ip r default via 10.0.0.1 dev WireguardHome proto static metric 50 default via 192.168.1.120 dev wlp3s0 proto dhcp src 192.168.1.127 metric 600 10.0.0.1 dev WireguardHome proto static scope link metric 50 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.127 metric 600 $ tracepath grafana.home.lan tracepath: grafana.home.lan: Tijdelijk probleem in naamsherleiding $ <networkmanager gui> WireguardHome down
Code:
$ nmcli connection up WireguardHome Secrets are required to connect WireGuard VPN 'WireguardHome' Waarschuwing: wachtwoord voor ‘wireguard.private-key’ niet opgegeven in 'passwd-file' en nmcli kan niet vragen zonder de ‘--ask’-optie. Verbinding is met succes geactiveerd (actief D-Bus-pad: /org/freedesktop/NetworkManager/ActiveConnection/22) # wg showconf WireguardHome [Interface] ListenPort = 33955 FwMark = 0xcad0 PrivateKey = <private key client> [Peer] PublicKey = <public key server> AllowedIPs = 0.0.0.0/0 Endpoint = <wireguard-server>:<listen-port> $ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 10:e7:c6:e1:50:7e brd ff:ff:ff:ff:ff:ff 3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether f4:46:37:82:7d:0f brd ff:ff:ff:ff:ff:ff inet 192.168.1.127/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp3s0 valid_lft 2890sec preferred_lft 2890sec inet6 fe80::85ec:1ef0:7d52:fa6a/64 scope link noprefixroute valid_lft forever preferred_lft forever 14: WireguardHome: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.0.0.4/32 scope global noprefixroute WireguardHome valid_lft forever preferred_lft forever inet6 fe80::bb4:ebf0:244e:2170/64 scope link stable-privacy valid_lft forever preferred_lft forever $ ip r default via 10.0.0.1 dev WireguardHome proto static metric 50 default via 192.168.1.120 dev wlp3s0 proto dhcp src 192.168.1.127 metric 600 10.0.0.1 dev WireguardHome proto static scope link metric 50 192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.127 metric 600 $ tracepath grafana.home.lan tracepath: grafana.home.lan: Tijdelijk probleem in naamsherleiding
Thanks.
Comment