Ubuntu
netplan.io package

Unable to configure Wireguard connection at NetworkManager interface

Bug #2024661 reported by Blaze
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
netplan.io (Ubuntu)
In Progress
High
Unassigned
network-manager (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Repro steps:

1) Open NetworkManager GUI.
2) Click "Add new Connection" and select "Wireguard" connection type.
3) Then you have to configure new connection. Basic configuration looks like that:
    a) Write down connection name,
    b) Write down local private key,
    c) Create new peer and populate peer's parameters: public key of the peer, allowed IPs (i.e. 0.0.0.0/0), peer's IP address and port.
4) Click "OK" and "Save".
5) Open "Peers" again. Ensure that settings were not stored. All fields are empty.

Found in Kubuntu flavor version 23.10 (development), Plasma Network Manager interface.
netplan.io 0.106.1-2
network-manager 1.42.4-1ubuntu7

See original description
Blaze (blaze)
description: updated
description: updated
Blaze (blaze)
description: updated
description: updated
Lukas Märdian (slyon)
tags: added: netplan-everywhere
Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

Thanks for your bug report.

May I ask you to attach the NetworkManager's journal (journalctl -u NetworkManager) to the ticket, please?

I can't reproduce it in Ubuntu Mantic using the NM GUI...

Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

Ok, I think I see what the problem is.

The GUI tool will, by default, not add the private key to the .nmconnection file. It will use some existing key chain agent to do that.

We will need to take this into account when parsing the keyfile in Netplan.

Changed in netplan.io (Ubuntu):
importance: Undecided → High
status: New → Confirmed
Danilo Egea Gondolfo (danilogondolfo)
Changed in network-manager (Ubuntu):
status: New → Invalid
Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

After some more digging, turns out it's not a problem with Netplan. Although, the problem will manifest depending on how Netplan generates the configuration for Network Manager.

When selecting the option to store the private key in the KDE wallet agent, the option "private-key-flags=1" will be added to the resulting .nmconnection file and the private key will be omitted.

In this case, all the properties set in the group [wireguard] in the keyfile are not supported by the netplan's keyfile parser and will be left to be added to the keyfile *after* the wireguard peers, like this:

-----------------
[connection]
id=wg0
type=wireguard
...

[wireguard-peer.M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=]
endpoint=10.20.30.40:51820
allowed-ips=0.0.0.0/0;

[wireguard]
#Netplan: passthrough setting
private-key-flags=1
#Netplan: passthrough setting
listen-port=51820
-------------------

For some reason, Network Manager will load the connection but *will not* load the wireguard-peer section.

Moving the [wireguard] section to above [wireguard-peer...] resolves the issue.

I can't find a reference that says that [wireguard] is supposed to come before [wireguard-peer].

A workaround you can use while we work on a fix is not use the option to encrypt the private key and store it in the network manager .nmconnection file.

Revision history for this message
Lukas Märdian (slyon) wrote :

https://github.com/canonical/netplan/pull/371

Changed in netplan.io (Ubuntu):
status: Confirmed → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.