[Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

-thc · 2022-02-25 10:44:02

After the latest updates for networkmanager and libnm (1.34.0-1 => 1.36.0-1) existing wireguard client connections (networkmanager-wireguard-git r87.0e1124d-2) no longer work.

Feb 25 10:24:30 bex NetworkManager[497]: <warn>  [1645781070.0688] vpn[0xhex_id,connection_id,"WireGuard 007",if:8,dev:2:(WireGuard-007)]: config: no VPN gateway address received
Feb 25 10:24:30 box NetworkManager[497]: <warn>  [1645781070.0688] vpn[0xhex_id,connection_id,"WireGuard 007",if:8,dev:2:(WireGuard-007)]: did not receive valid IP config information

Workaround: Downgrade networkmanager/libnm to 1.34 or use wireguard-tools.

Last edited by -thc (2023-02-11 07:47:51)

GeorgeJP · 2022-02-25 13:12:05

I think that problem is in *.nmconnection file format.
networkmanager-wireguard plugin uses it's own format, different from format used by NetworkManager as default.

networkmanager-wireguard plugin example from Github:

[connection]
id=wiretest
uuid=8298d5ea-73d5-499b-9376-57409a7a2331
type=vpn
autoconnect=false
permissions=

[vpn]
local-ip4=192.168.1.2/24
local-listen-port=51820
local-private-key=CBomGS37YC4ak+J2+NPuHtmgIk6gC7yQZKHnboJd3F8=
peer-allowed-ips=192.168.1.254
peer-endpoint=8.16.32.11:51820
peer-public-key=GRk7K3A3JCaoVN1ZhFEtEvyU6+g+FdGaCtSObIYvXX0=
service-type=org.freedesktop.NetworkManager.wireguard

[vpn-secrets]
password
verysecurepassword

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto

NetworkManager

[connection]
id=My WG Connection
uuid=d7060905-27f6-4513-9fd4-aaaaaaaaaaaa
type=wireguard
autoconnect=false
interface-name=MyWgCon1
permissions=

[wireguard]
listen-port=51820
private-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxx=

[wireguard-peer.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=]
endpoint=aa.bb.cc.dd:51820
allowed-ips=10.0.0.0/24;10.5.5.0/24;
persistent-keepalive=25

[ipv4]
address1=10.0.0.3/24
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore

[proxy]

Personally I prefer to import profiles via nmcli and edit them with text editor as in past there were some troubles in GUI (not preserving persistent-keepalive on save ...)

-thc · 2022-02-25 14:45:44

Thanks, but I'm pretty sure you compare a "WireGuard VPN" (client) and a "WireGuard" (server) profile.
An error not unknown to me BTW .

GeorgeJP · 2022-02-25 14:57:09

-thc wrote:

Thanks, but I'm pretty sure you compare a "WireGuard VPN" (client) and a "WireGuard" (server) profile.

I am comparing example from README.md on Github https://github.com/max-moser/network-manager-wireguard

with my working client configuration (private info redacted - id, keys and server IP)

Edit: Wireguard is peer to peer network, who is "server" and who is "client" is only word play...

Last edited by GeorgeJP (2022-02-25 15:25:50)

-thc · 2022-02-25 15:27:47

O.K. - then I just can't make sense of your configuration.

GeorgeJP · 2022-02-25 16:05:09

Pretty easy config.

When activated, it connects to "server" aa.bb.cc.dd:51820 (his wg ip is 10.0.0.1/24) which is my router at home.
I have acces to all my stuff at home (ip 10.5.5.0/24)

See comments included

[connection]
id=My WG Connection                                           # Name displayed in Network Manager
uuid=d7060905-27f6-4513-9fd4-aaaaaaaaaaaa                     # UUID assigned by Network Manager
type=wireguard                                                # self explanatory
autoconnect=false                                             # I don't want to connect it automatically on login
interface-name=MyWgCon1                                       # Interface name (by default something like wg0) - displayed by "ip a" or "sudo wg"command
permissions=

[wireguard]
listen-port=51820                                             # listenning port
private-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxx=                     # my local ("client") private key

[wireguard-peer.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=]      # remote peer ("server") public key
endpoint=aa.bb.cc.dd:51820                                    # remote peer ("server") ip address and listenning port (must be reachable)
allowed-ips=10.0.0.0/24;10.5.5.0/24;                          # to which address(es) I need access via remote peer
persistent-keepalive=25                                       # keep link active over NAT connection

[ipv4]
address1=10.0.0.3/24                                          # my local ("client") wireguard interface addres
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore                                                 # I don't use ipv6

[proxy]

-thc · 2022-02-25 16:51:37

Thanks. Let's leave it at that.

-thc · 2022-03-01 12:44:27

I finally had some spare time to revisit this.

1. GeorgeJP's connection is of the (nm-connection-monitor) type "Virtual -> WireGuard", not "VPN -> WireGuard".
2. Those connections are only visible to the nm-connection-editor and not to the "Network Manager" applets.
3. They can only be started or stopped via nmcli.
4. They have actually nothing to do with the main problem.

GeorgeJP · 2022-03-01 19:13:05

ad 1) There is only one Wireguard, What is "Virtual -> WireGuard" and "VPN -> WireGuard" ?
ad 2) They are visible to the "Network Manager" applets. They can only be edited manually and updated by "sudo nmcli connection reload"
ad 3) They can be started/stopped by the "Network Manager" applet.
ad 4) Please provide your config file, which is not working in NetworkManager

-thc · 2022-03-01 20:25:00

You probably have no NetworkManager VPN plugin (OpenConnect, OpenVPN, WireGuard (AUR) ) installed - then there is only one "WireGuard".

I created a "Virtual -> WireGuard" connection with nm-connection-editor by transferring all info's from one (of my 6) WireGuard configuration sets. It looks exactly like yours - with only minor differences:

[connection]
id=WireGuard Test
uuid=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyyy
type=wireguard
autoconnect=false
interface-name=nmwg-test
permissions=user:thc:;

[wireguard]
private-key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[wireguard-peer.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
endpoint=NN.NNN.NN.NN:PPPPP
preshared-key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
preshared-key-flags=0
allowed-ips=10.1.1.1/32;192.168.0.0/24;

[ipv4]
address1=10.1.1.2/24
dns-search=
method=manual
never-default=true
route1=192.168.0.0/24,10.1.1.1

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore

[proxy]

I tested it and it works. It's nevertheless invisible to network-manager-applet 1.24.0.

Last edited by -thc (2022-03-01 20:25:38)

GeorgeJP · 2022-03-01 21:35:40

-thc wrote:

You probably have no NetworkManager VPN plugin (OpenConnect, OpenVPN, WireGuard (AUR) ) installed - then there is only one "WireGuard".

You are right, I have only networkmanager-openvpn plugin. For WireGuard I am using built-in feature with

sudo nmcli connection import type wireguard file wg0.conf

-thc wrote:

I tested it and it works. It's nevertheless invisible to network-manager-applet 1.24.0.

I am using it on KDE plasma with network-manager-applet (1.24.0-1) and networkmanager-qt (5.91.0-1) without problems (Daily usage for work, sometimes two simultaneous connections).

Der Chefkoch · 2022-03-07 22:06:08

I am having the same problem, only a downgrade of libnm and networkmanager could now fix it. How to get it to work under 1.36?

loqs · 2022-03-08 07:16:58

Der Chefkoch wrote:

How to get it to work under 1.36?

Wait for https://github.com/max-moser/network-ma … /issues/59 if you mean the plugin.

GeorgeJP · 2022-03-08 10:36:56

loqs wrote:

Wait for https://github.com/max-moser/network-ma … /issues/59 if you mean the plugin.

It looks, that development of this plugin was abandoned >3 years ago.
I will consider uninstall it and use NetworkManager built-in features.

-thc · 2022-03-08 16:31:27

The networkmanager/libnm update 1.36.2 resolves this issue.
Some kind of weird transient effect. After upgrading to 1.36.2, logging off and logging on it worked. After a shutdown and a reboot it doesn't work anymore.

Last edited by -thc (2022-03-09 06:21:00)

ndttt · 2022-03-09 00:06:26

-thc wrote:

The networkmanager/libnm update 1.36.2 resolves this issue.

Doesn't seem like it.

I updated to 1.36.2-1 and it broke the networkmanager-wireguard-git package. When I try to connect using it, it still fails.

GeorgeJP wrote:

loqs wrote:
Wait for https://github.com/max-moser/network-ma … /issues/59 if you mean the plugin.
It looks, that development of this plugin was abandoned >3 years ago.
I will consider uninstall it and use NetworkManager built-in features.

What built-in feature are you referencing? Is there a GUI method (on Gnome) to connect to Wireguard with NetworkManager built in? AFAIK, when I update to 1.36.2, and remove networkmanager-wireguard-git, there is no longer an option to add WireGuard profiles, just OpenVPN.

Last edited by ndttt (2022-03-09 00:07:37)

GeorgeJP · 2022-03-09 00:59:53

ndttt wrote:

What built-in feature are you referencing? Is there a GUI method (on Gnome) to connect to Wireguard with NetworkManager built in? AFAIK, when I update to 1.36.2, and remove networkmanager-wireguard-git, there is no longer an option to add WireGuard profiles, just OpenVPN.

Please check here: https://wiki.gnome.org/Projects/NetworkManager/VPN
I am not using Gnome. In Plasma is WireGuard available.

ndttt · 2022-03-09 04:11:59

GeorgeJP wrote:

ndttt wrote:
What built-in feature are you referencing? Is there a GUI method (on Gnome) to connect to Wireguard with NetworkManager built in? AFAIK, when I update to 1.36.2, and remove networkmanager-wireguard-git, there is no longer an option to add WireGuard profiles, just OpenVPN.
Please check here: https://wiki.gnome.org/Projects/NetworkManager/VPN
I am not using Gnome. In Plasma is WireGuard available.

Ah I think I understand what you mean...

NetworkManager already has wireguard built-in, it's been that way for a while. networkmanager-wireguard-git provides a GUI interface to add it to the VPN list in Gnome's settings. That way it's easily toggled in control center.

1.36.2 breaks the GUI aspect.

Gnome users will have to hold NetworkManager until there's an update... some people are trying to merge it into Gnome, but it'll probably be a while before that happens.

-thc · 2022-03-22 15:37:04

"networkmanager-wireguard" and "networkmanager-wireguard-git" have disappeared from AUR.

loqs · 2022-03-22 15:43:39

-thc wrote:

"networkmanager-wireguard" and "networkmanager-wireguard-git" have disappeared from AUR.

https://lists.archlinux.org/pipermail/a … 68087.html
https://lists.archlinux.org/pipermail/a … 68088.html

Scimmia · 2022-03-22 15:44:01

Because, as stated many times, NM has wireguard built in already. If your GUI frontend doesn't have it, that's where the issue is.

-thc · 2022-03-22 16:07:49

@Admins: Please close this thread, Thank you.

V1del · 2022-03-22 16:29:46

You should mark it as [SOLVED] if you feel the question to have been sufficiently answered.

dalu · 2022-06-09 09:54:14

I have the same issue and this topic isn't solved.
Should I create a new topic or continue here?

Also -thc, if you solved your problem please post HOW you did it. Nothing is worse than reading a long thread and in the end getting "I solved it", but not how. Waste of time and polluting the search index.

-thc · 2022-06-09 10:20:36

My first post contains my "solution" - I am still using networkmanager 1.34.0.

Please re-read my posts in this thread - I did not write "I solved it" or "It's solved". Otherwise I would have written about it and marked it as such.

Arch Linux

#1 2022-02-25 10:44:02

[Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#2 2022-02-25 13:12:05

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#3 2022-02-25 14:45:44

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#4 2022-02-25 14:57:09

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#5 2022-02-25 15:27:47

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#6 2022-02-25 16:05:09

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#7 2022-02-25 16:51:37

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#8 2022-03-01 12:44:27

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#9 2022-03-01 19:13:05

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#10 2022-03-01 20:25:00

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#11 2022-03-01 21:35:40

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#12 2022-03-07 22:06:08

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#13 2022-03-08 07:16:58

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#14 2022-03-08 10:36:56

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#15 2022-03-08 16:31:27

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#16 2022-03-09 00:06:26

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#17 2022-03-09 00:59:53

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#18 2022-03-09 04:11:59

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#19 2022-03-22 15:37:04

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#20 2022-03-22 15:43:39

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#21 2022-03-22 15:44:01

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#22 2022-03-22 16:07:49

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#23 2022-03-22 16:29:46

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#24 2022-06-09 09:54:14

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

#25 2022-06-09 10:20:36

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

Board footer