You are not logged in.

#1 2022-02-25 10:44:02

-thc
Member
Registered: 2017-03-15
Posts: 485

[Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

After the latest updates for networkmanager and libnm (1.34.0-1 => 1.36.0-1) existing wireguard client connections (networkmanager-wireguard-git r87.0e1124d-2) no longer work.

Feb 25 10:24:30 bex NetworkManager[497]: <warn>  [1645781070.0688] vpn[0xhex_id,connection_id,"WireGuard 007",if:8,dev:2:(WireGuard-007)]: config: no VPN gateway address received
Feb 25 10:24:30 box NetworkManager[497]: <warn>  [1645781070.0688] vpn[0xhex_id,connection_id,"WireGuard 007",if:8,dev:2:(WireGuard-007)]: did not receive valid IP config information

Workaround: Downgrade networkmanager/libnm to 1.34 or use wireguard-tools.

Last edited by -thc (2023-02-11 07:47:51)

Offline

#2 2022-02-25 13:12:05

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

I think that problem is in *.nmconnection file format.
networkmanager-wireguard plugin uses it's own format, different from format used by NetworkManager as default.

networkmanager-wireguard plugin example from Github:

[connection]
id=wiretest
uuid=8298d5ea-73d5-499b-9376-57409a7a2331
type=vpn
autoconnect=false
permissions=

[vpn]
local-ip4=192.168.1.2/24
local-listen-port=51820
local-private-key=CBomGS37YC4ak+J2+NPuHtmgIk6gC7yQZKHnboJd3F8=
peer-allowed-ips=192.168.1.254
peer-endpoint=8.16.32.11:51820
peer-public-key=GRk7K3A3JCaoVN1ZhFEtEvyU6+g+FdGaCtSObIYvXX0=
service-type=org.freedesktop.NetworkManager.wireguard

[vpn-secrets]
password
verysecurepassword

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto

NetworkManager

[connection]
id=My WG Connection
uuid=d7060905-27f6-4513-9fd4-aaaaaaaaaaaa
type=wireguard
autoconnect=false
interface-name=MyWgCon1
permissions=

[wireguard]
listen-port=51820
private-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxx=

[wireguard-peer.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=]
endpoint=aa.bb.cc.dd:51820
allowed-ips=10.0.0.0/24;10.5.5.0/24;
persistent-keepalive=25

[ipv4]
address1=10.0.0.3/24
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore

[proxy]

Personally I prefer to import profiles via nmcli and edit them with text editor as in past there were some troubles in GUI (not preserving persistent-keepalive on save ...)

Offline

#3 2022-02-25 14:45:44

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

Thanks, but I'm pretty sure you compare a "WireGuard VPN" (client) and a "WireGuard" (server) profile.
An error not unknown to me BTW wink .

Offline

#4 2022-02-25 14:57:09

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

-thc wrote:

Thanks, but I'm pretty sure you compare a "WireGuard VPN" (client) and a "WireGuard" (server) profile.

I am comparing example from README.md on Github https://github.com/max-moser/network-manager-wireguard

with my working client configuration (private info redacted - id, keys and server IP)

Edit: Wireguard is peer to peer network, who is "server" and who is "client" is only word play...

Last edited by GeorgeJP (2022-02-25 15:25:50)

Offline

#5 2022-02-25 15:27:47

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

O.K. - then I just can't make sense of your configuration.

Offline

#6 2022-02-25 16:05:09

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

Pretty easy config.

When activated, it connects to "server" aa.bb.cc.dd:51820 (his wg ip is 10.0.0.1/24) which is my router at home.
I have acces to all my stuff at home (ip 10.5.5.0/24)

See comments included

[connection]
id=My WG Connection                                           # Name displayed in Network Manager
uuid=d7060905-27f6-4513-9fd4-aaaaaaaaaaaa                     # UUID assigned by Network Manager
type=wireguard                                                # self explanatory
autoconnect=false                                             # I don't want to connect it automatically on login
interface-name=MyWgCon1                                       # Interface name (by default something like wg0) - displayed by "ip a" or "sudo wg"command
permissions=

[wireguard]
listen-port=51820                                             # listenning port
private-key=xxxxxxxxxxxxxxxxxxxxxxxxxxxx=                     # my local ("client") private key

[wireguard-peer.yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=]      # remote peer ("server") public key
endpoint=aa.bb.cc.dd:51820                                    # remote peer ("server") ip address and listenning port (must be reachable)
allowed-ips=10.0.0.0/24;10.5.5.0/24;                          # to which address(es) I need access via remote peer
persistent-keepalive=25                                       # keep link active over NAT connection

[ipv4]
address1=10.0.0.3/24                                          # my local ("client") wireguard interface addres
dns-search=
method=manual

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore                                                 # I don't use ipv6

[proxy]

Offline

#7 2022-02-25 16:51:37

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

Thanks. Let's leave it at that.

Offline

#8 2022-03-01 12:44:27

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

I finally had some spare time to revisit this.

1. GeorgeJP's connection is of the (nm-connection-monitor) type "Virtual -> WireGuard", not  "VPN -> WireGuard".
2. Those connections are only visible to the nm-connection-editor and not to the "Network Manager" applets.
3. They can only be started or stopped via nmcli.
4. They have actually nothing to do with the main problem.

Offline

#9 2022-03-01 19:13:05

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

ad 1) There is only one Wireguard, What is "Virtual -> WireGuard" and "VPN -> WireGuard" ?
ad 2) They are visible to  the "Network Manager" applets. They can only be edited manually and updated by "sudo nmcli connection reload"
ad 3) They can be started/stopped by the "Network Manager" applet.
ad 4) Please provide your config file, which is not working in NetworkManager

Offline

#10 2022-03-01 20:25:00

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

You probably have no NetworkManager VPN plugin (OpenConnect, OpenVPN, WireGuard (AUR) ) installed - then there is only one "WireGuard".

I created a "Virtual -> WireGuard" connection with nm-connection-editor by transferring all info's from one (of my 6) WireGuard configuration sets. It looks exactly like yours - with only minor differences:

[connection]
id=WireGuard Test
uuid=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyyy
type=wireguard
autoconnect=false
interface-name=nmwg-test
permissions=user:thc:;

[wireguard]
private-key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[wireguard-peer.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX]
endpoint=NN.NNN.NN.NN:PPPPP
preshared-key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
preshared-key-flags=0
allowed-ips=10.1.1.1/32;192.168.0.0/24;

[ipv4]
address1=10.1.1.2/24
dns-search=
method=manual
never-default=true
route1=192.168.0.0/24,10.1.1.1

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=ignore

[proxy]

I tested it and it works. It's nevertheless invisible to network-manager-applet 1.24.0.

Last edited by -thc (2022-03-01 20:25:38)

Offline

#11 2022-03-01 21:35:40

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

-thc wrote:

You probably have no NetworkManager VPN plugin (OpenConnect, OpenVPN, WireGuard (AUR) ) installed - then there is only one "WireGuard".

You are right, I have only networkmanager-openvpn plugin. For WireGuard I am using built-in feature with

sudo nmcli connection import type wireguard file wg0.conf
-thc wrote:

I tested it and it works. It's nevertheless invisible to network-manager-applet 1.24.0.

I am using it on KDE plasma with network-manager-applet (1.24.0-1) and networkmanager-qt (5.91.0-1) without problems (Daily usage for work, sometimes two simultaneous connections).

Offline

#12 2022-03-07 22:06:08

Der Chefkoch
Member
Registered: 2020-12-05
Posts: 100

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

I am having the same problem, only a downgrade of libnm and networkmanager could now fix it. How to get it to work under 1.36?

Offline

#13 2022-03-08 07:16:58

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

Der Chefkoch wrote:

How to get it to work under 1.36?

Wait for https://github.com/max-moser/network-ma … /issues/59 if you mean the plugin.

Offline

#14 2022-03-08 10:36:56

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

loqs wrote:

It looks, that development of this plugin was abandoned >3 years ago.
I will consider uninstall it and use NetworkManager built-in features.

Offline

#15 2022-03-08 16:31:27

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

The networkmanager/libnm update 1.36.2 resolves this issue.
Some kind of weird transient effect. After upgrading to 1.36.2, logging off and logging on it worked. After a shutdown and a reboot it doesn't work anymore.

Last edited by -thc (2022-03-09 06:21:00)

Offline

#16 2022-03-09 00:06:26

ndttt
Member
Registered: 2017-03-19
Posts: 38

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

-thc wrote:

The networkmanager/libnm update 1.36.2 resolves this issue.

Doesn't seem like it.

I updated to 1.36.2-1 and it broke the networkmanager-wireguard-git package. When I try to connect using it, it still fails.

GeorgeJP wrote:
loqs wrote:

It looks, that development of this plugin was abandoned >3 years ago.
I will consider uninstall it and use NetworkManager built-in features.

What built-in feature are you referencing? Is there a GUI method (on Gnome) to connect to Wireguard with NetworkManager built in? AFAIK, when I update to 1.36.2, and remove networkmanager-wireguard-git, there is no longer an option to add WireGuard profiles, just OpenVPN.

Last edited by ndttt (2022-03-09 00:07:37)

Offline

#17 2022-03-09 00:59:53

GeorgeJP
Member
From: Czech Republic
Registered: 2020-01-28
Posts: 185

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

ndttt wrote:

What built-in feature are you referencing? Is there a GUI method (on Gnome) to connect to Wireguard with NetworkManager built in? AFAIK, when I update to 1.36.2, and remove networkmanager-wireguard-git, there is no longer an option to add WireGuard profiles, just OpenVPN.

Please check here: https://wiki.gnome.org/Projects/NetworkManager/VPN
I am not using Gnome. In Plasma is WireGuard available.

Offline

#18 2022-03-09 04:11:59

ndttt
Member
Registered: 2017-03-19
Posts: 38

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

GeorgeJP wrote:
ndttt wrote:

What built-in feature are you referencing? Is there a GUI method (on Gnome) to connect to Wireguard with NetworkManager built in? AFAIK, when I update to 1.36.2, and remove networkmanager-wireguard-git, there is no longer an option to add WireGuard profiles, just OpenVPN.

Please check here: https://wiki.gnome.org/Projects/NetworkManager/VPN
I am not using Gnome. In Plasma is WireGuard available.

Ah I think I understand what you mean...

NetworkManager already has wireguard built-in, it's been that way for a while. networkmanager-wireguard-git provides a GUI interface to add it to the VPN list in Gnome's settings. That way it's easily toggled in control center.

1.36.2 breaks the GUI aspect.

Gnome users will have to hold NetworkManager until there's an update... some people are trying to merge it into Gnome, but it'll probably be a while before that happens.

Offline

#19 2022-03-22 15:37:04

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

"networkmanager-wireguard" and "networkmanager-wireguard-git" have disappeared from AUR.

Offline

#20 2022-03-22 15:43:39

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

-thc wrote:

"networkmanager-wireguard" and "networkmanager-wireguard-git" have disappeared from AUR.

https://lists.archlinux.org/pipermail/a … 68087.html
https://lists.archlinux.org/pipermail/a … 68088.html

Offline

#21 2022-03-22 15:44:01

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,463

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

Because, as stated many times, NM has wireguard built in already. If your GUI frontend doesn't have it, that's where the issue is.

Offline

#22 2022-03-22 16:07:49

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

@Admins: Please close this thread, Thank you.

Offline

#23 2022-03-22 16:29:46

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,422

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

You should mark it as [SOLVED] if you feel the question to have been sufficiently answered.

Online

#24 2022-06-09 09:54:14

dalu
Member
Registered: 2014-04-16
Posts: 77

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

I have the same issue and this topic isn't solved.
Should I create a new topic or continue here?

Also -thc, if you solved your problem please post HOW you did it. Nothing is worse than reading a long thread and in the end getting "I solved it", but not how. Waste of time and polluting the search index.

Offline

#25 2022-06-09 10:20:36

-thc
Member
Registered: 2017-03-15
Posts: 485

Re: [Workaround] networkmanager 1.36 breaks networkmanager-wireguard-git

My first post contains my "solution" - I am still using networkmanager 1.34.0.

Please re-read my posts in this thread  - I did not write "I solved it" or "It's solved". Otherwise I would have written about it and marked it as such.

Offline

Board footer

Powered by FluxBB