dustin
/
dustin.web
1
0
Fork 0
Code Pull Requests Releases Activity

blog: WireGuard with NetworkManager

pull/1/head
Dustin 2022-04-23 11:32:23 -05:00
parent 45c1c98151
commit 12ccaab26c
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
content/blog/wireguard-networkmanager.md Normal file
View File

@ -0,0 +1,54 @@
+++
title = 'WireGuard with NetworkManager'
date = 2022-04-23T10:51:05-05:00
+++
Since [NetworkManager] added support for managing WireGuard interfaces, I have
been using it on my laptop to provide a simple point-and-click interface for
connecting to my home VPN while away. Unfortunately, it has some quirky
behavior. For example, when I put my computer to sleep, the WLAN interface
disconnects, but the WireGuard interface does not. This causes a bunch of
network problems when I wake the computer. To work around this, I put this
script in `/usr/lib/systemd/system-sleep/`:
```sh
#!/bin/sh
nmcli -t connection show --active \
| awk -F: '$3=="wireguard"{print $2}' \
| xargs -r -n1 nmcli connection down
```
This script takes down any active any WireGuard connections before the system
goes to sleep.
I believe this problem stems from the fact that I want to route all traffic
over the VPN as long as it is connected. To accomplish this, I configured the
WireGuard connection to define the default gateway. Unfortunately,
NetworkManager does not seem to handle this very well, and it ends up
configuring the routing table to route the WireGuard traffic over the
WireGuard tunnel. I imagine if I can figure out how to get this working
correctly, I will not need the system-sleep script.
[NetworkManager]: https://developer-old.gnome.org/NetworkManager/stable/NetworkManager.html
[WireGuard]: https://www.wireguard.com/
**UPDATE**: While writing this post, I decided to try again to figure out why
routing all traffic over the WireGuard interface wasn't working. Lo and
behold, I found some information about this specific problem in the
NetworkManager Blog: [Routing All Your Traffic]. I was able to fix the issue
by changing a few of the connection settings:
```sh
nmcli connection modify Pyrocufflink \
ipv4.gateway '' \
wireguard.peer-routes yes \
wireguard.ip4-auto-default-route yes
```
This disables setting an explicit default gateway and enables receiving routes
from the WireGuard peer. NetworkManager puts these routes into a different
routing table and correctly configures all traffic except WireGuard itself to
be routed over the WireGuard tunnel.
[Routing All Your Traffic]: https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/#routing-all-your-traffic