You are not logged in.
- Topics: Active | Unanswered
#1 2021-12-15 20:38:15
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
NetworkManager dispatcher script / wireguard
Hi
I'm trying to use (what should be) a simple dispatcher script to enable a Wireguard connection after network is up. (if I set it to autoconnect, it fails, probably because NM is using systemd-resolved as a backend for DNS over TLS.
$ cat /etc/NetworkManager/dispatcher.d/00-wg.sh
#!/bin/sh
nmcli connection up <wg_conn>But this hangs the login for a long time, then just doesn't work...
The example scripts from the wiki seem overly complicated for the simple task that I have to do. I wanted to use https://wiki.archlinux.org/title/Networ … stablished but I don't understand why I need such a long script just to start a wg connection.
Thanks for any tip !
Last edited by Cvlc (2021-12-16 23:34:40)
Offline
#2 2021-12-15 20:59:29
- firecat53
- Member
- From: Lake Stevens, WA, USA
- Registered: 2007-05-14
- Posts: 1,542
- Website
Offline
#3 2021-12-16 01:12:53
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
Re: NetworkManager dispatcher script / wireguard
ok. Changed it to this, but still the same:
#!/bin/sh
WG_NAME="<wg-conn-name>"
interface=$1 status=$2
case "$status" in
up)
nmcli connection up "$WG_NAME"
;;
down)
if nmcli connection show --active | grep "$VPN_NAME"; then
nmcli connection down "$WG_NAME"
fi
;;
esacIt still doesn't work, and the logs get completely flooded:
déc. 16 02:03:12 mdrn nm-dispatcher[4313]: Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/49)
déc. 16 02:03:12 mdrn nm-dispatcher[4334]: NAME UUID TYPE DEVICE
déc. 16 02:03:12 mdrn nm-dispatcher[4334]: hotspot 35bd3f0d-5ac4-4315-81b8-f156759dcb12 wifi wlan0
déc. 16 02:03:12 mdrn nm-dispatcher[4334]: wg_conn 3b6c6abe-0273-42be-af79-5eb72d6b1221 wireguard wg_conn
déc. 16 02:03:12 mdrn nm-dispatcher[4338]: Connection 'wg_conn' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/49)
déc. 16 02:03:22 mdrn nm-dispatcher[4344]: Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/50)
déc. 16 02:03:22 mdrn nm-dispatcher[4363]: NAME UUID TYPE DEVICE
déc. 16 02:03:22 mdrn nm-dispatcher[4363]: hotspot 35bd3f0d-5ac4-4315-81b8-f156759dcb12 wifi wlan0
déc. 16 02:03:22 mdrn nm-dispatcher[4363]: wg_conn 3b6c6abe-0273-42be-af79-5eb72d6b1221 wireguard wg_conn
déc. 16 02:03:22 mdrn nm-dispatcher[4367]: Connection 'wg_conn' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/50)NetworkManager really doesn't like that, it takes more than 10 sec for a mere nmcli connection show, the system hangs, etc... it goes on activating and deactivating every few seconds until I take the script out and restart NetworkManager-dispatch.service
I'm starting to wonder if this isn't due to using iwd as the backend for NetworkManager. I already had a problem before because of this, because the connection comes online but then goes offline again, switching to "unmanaged state" and then comes back online; Sometimes multiple times. And stuff like NetworkManager-wait-online finish before they should, well at least before the system really has a working connection.
Last edited by Cvlc (2021-12-16 01:15:08)
Offline
#4 2021-12-16 08:54:47
- Raynman
- Member
- Registered: 2011-10-22
- Posts: 1,539
Re: NetworkManager dispatcher script / wireguard
The log and other symptoms suggest an infinite loop: script sets a connection to up when any connection changes to "up". You need to check $1 as well.
https://gitlab.freedesktop.org/NetworkM … issues/274
Last edited by Raynman (2021-12-16 09:04:50)
Offline
#5 2021-12-16 23:01:41
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
Re: NetworkManager dispatcher script / wireguard
thanks for the tip, this seems to work :
$ cat /etc/NetworkManager/dispatcher.d/00-wg.sh
#!/bin/sh
WG_NAME="<wg-conn-name>"
interface=$1 status=$2
case "$status" in
up)
if [ "$interface" == "wlan0" ]; then
nmcli connection up "$WG_NAME"
fi
;;
down)
if nmcli connection show --active | grep "$VPN_NAME"; then
nmcli connection down "$WG_NAME"
fi
;;
esacEdit
Not so solved.. I can't manage to make it work with both wifi and lan... when I disconnect lan I get errors like :
req:1 'down' [enp0s20f0u2], "/etc/NetworkManager/dispatcher.d/10-wg.sh": complete: failed with Script '/etc/NetworkManager/dispatcher.d/10-wg.sh' exited with status 10#!/bin/sh
WG_NAME="..."
interface=$1 status=$2
case "$status" in
up)
if [[ "$interface" == "wlan0" || "$interface" == "enp0s20f0u2" ]]; then
nmcli connection up "$WG_NAME"
fi
;;
down)
if [[ "$interface" == "wlan0" || "$interface" == "enp0s20f0u2" ]]; then
if nmcli connection show --active | grep "$VPN_NAME"; then
nmcli connection down "$WG_NAME"
fi
fi
;;
esacLast edited by Cvlc (2021-12-16 23:52:32)
Offline
#6 2021-12-18 12:50:26
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
Re: NetworkManager dispatcher script / wireguard
To be more specific, my ethernet interface is sometimes called enp0s20f0u1, and others enp0s20f0u2. Possibly other subsequent values, but I haven't noticed. If I hard code values that do not exist when the script is run, then NetworkManager-dispatcher throws an error with "interface not found"
How I can indicate "whichever lan connection" in the above script ?
Thanks
Last edited by Cvlc (2021-12-18 12:51:04)
Offline
#7 2021-12-18 12:58:25
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,307
Re: NetworkManager dispatcher script / wireguard
First, double brackets are a bashism, so use /bin/bash instead of /bin/sh. Then use e.g.
if [[ "$interface" == "wlan0" || $interface == enp0s20* ]]; thenhttps://www.gnu.org/software/bash/manua … _005b_005b
Last edited by progandy (2021-12-18 13:01:12)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |
Offline
#8 2021-12-18 16:58:23
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
Re: NetworkManager dispatcher script / wireguard
Thanks for the tip. I'll read that up,
I'm getting errors in nmcli with the wildcard though:
$ nmcli -g GENERAL.STATE device show enp0s20*
Error: Device 'enp0s20**' not found.Last edited by Cvlc (2021-12-18 16:58:39)
Offline
#9 2021-12-18 17:49:51
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,307
Re: NetworkManager dispatcher script / wireguard
nmcli does not support wildcards. In the dispatcher script you have the full interface name in $interface and then you can use bash to match it against a wildcard pattern, but you have to use the full name (e.g. $interface) if you want to call nmcli with it.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' | alias ENGLISH='LANG=C.UTF-8 ' |
Offline
#10 2021-12-18 17:52:50
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
Re: NetworkManager dispatcher script / wireguard
ok thanks. it does work with the script above that doesn't nmcli though, thanks.
The last problem is that transition from GDM to desktop is noticeably longer when I have the script in place. Maybe only a second or two but it definitely hangs there before the desktop shows.
Is this a know problem ?
This is the latest version of the script:
#!/bin/bash
WG_NAME=" ... "
interface=$1 status=$2
case "$status" in
up)
if [[ "$interface" == "wlan0" || "$interface" == enp0s20* ]]; then
nmcli connection up "$WG_NAME"
fi
;;
down)
if [[ "$interface" == "wlan0" || "$interface" == enp0s20* ]]; then
if nmcli connection show --active | grep "$WG_NAME"; then
nmcli connection down "$WG_NAME"
fi
fi
;;
esacI still have to change it though because I only want Wireguard disconnecting if no connection is available, not if I for instance disable WiFi when Ethernet is still there. Even the "up" part is suboptimal because when connecting multiple sources it's going to want to connect Wireguard which already is. Quite a mess, I have to give it some more thought. Incredible that it's so complicated to just enable a permanent Wireguard connection. might switch to wg-quick/
$ systemd-analyze blame
1.651s NetworkManager-wait-online.service
1.314s reflector.service
356ms initrd-switch-root.service
322ms firewalld.service
235ms systemd-journal-flush.service
201ms apparmor.service
172ms upower.service
168ms systemd-udev-trigger.service
138ms systemd-resolved.service
133ms iwd.service
97ms bolt.service
95ms lvm2-monitor.service
......Last edited by Cvlc (2021-12-18 17:58:55)
Offline
#11 2021-12-18 22:13:23
- Cvlc
- Member
- Registered: 2020-03-26
- Posts: 295
Re: NetworkManager dispatcher script / wireguard
last try, before giving up and admitting failure 
I get
nm-dispatcher[8523]: req:1 'down' [enp0s20f0u1], "/etc/NetworkManager/dispatcher.d/10-wg.sh": complete: failed with Script '/etc/NetworkManager/dispatcher.d/10-wg.sh' exited with status 1with the following script, only when taking down wlan0 or ethernet. turning them on seems to work :
default_wg=""..."
interface=$1
status=$2
active_net=$(nmcli connection show --active | grep -E 'ethernet|wifi')
active_wg=$(nmcli connection show --active | grep wireguard | cut -d " " -f1)
case "$status" in
up)
if [[ "$interface" == "wlan0" || "$interface" == enp0s20* ]]; then
[[ ! "$active_wg" ]] && nmcli connection up "$default_wg"
fi
;;
down)
if [[ "$interface" == "wlan0" || "$interface" == enp0s20* ]]; then
[[ ! "$active_net" ]] && [[ "$active_wg" ]] && nmcli connection down "$active_wg"
fi
;;
esac the desired function is :
* if ethernet or wifi is switched on, and there is no active wg, then activate "default_wg"
* if ethernet or wifi is switched off, check if there still is an active connection (wlan or ethernet), and if not turn off wireguard.
But I think that by the time the script gets to the second part, it's already too late, as there is no connection left and wireguard is still running, and NM doesn't like that. It crashes even when doing manually in that order, turning off wifi/ethernet, and attempting to turn off wireguard last.
But I can't think of a way to have wireguard disconnected before the last good connection goes out...
Offline