Description of problem: --- Hello. After connecting to the WireGuard server, the "wg0" interface is raised, but it is displayed incorrectly in the Network Center and is not managed (on/off) (see the screenshot in the attachment). Steps to Reproduce: --- 1. Installed package: urpmi --auto wireguard-tools 2. Download the free configuration (*.conf) from https://sshocean.com/wireguard 3. Go to the terminal (su/password) 4. mkdir /etc/wireguard; cp -f my_configuration.conf /etc/wireguard/wg0.conf 5. modprobe wireguard; wg-quick up wg0 6. Open the Network Center and view the status and manageability of the "wg0" interface
Created attachment 11951 [details] wg0-interface-is-unmanaged
It won't solve this bug but I think NetworkManager has support for Wireguard. I never tested it though.
CC: (none) => olav
Hello, Olav Vitters. Thank you for the dialogue. Using net_applet (LXDE, LXQt, MATE, Cinnamon) or NetworkManager + nm-applet (GNOME, KDE), of course, depends on preferences and tasks. With all this diversity, there is only one Network Center in Mageia. It is quite logical that it must correctly analyze the status of any system interfaces and at least allow them to be managed. Do you agree with this? Sincerely, Alex
If there's a tool it should work, that's what I meant with "it won't solve this bug". IMO it's better to align tools as much as possible mostly because it seems there isn't enough time spent on maintaining it. Further, it relies on support in initscripts which is marked as deprecated.
Hi, Olav Vitters. I have difficulties understanding translation from English even through an online translator, because sometimes the result is not very convenient phrases in Russian, sorry. I understand that NetworkManager has support for WireGuard, which is not tested, but You recommend using ready-made tools. I don't use NetworkManager at all, but I decided to test this plugin: https://github.com/Intika-Linux-Wireguard/Network-Manager-Wireguard urpmi --auto git make automake intltool libtool gtk3-devel libnma-devel libmn-devel libsecret-devel wireguard-tools git clone https://github.com/Intika-Linux-Wireguard/Network-Manager-Wireguard.git cd ./Network-Manager-Wireguard ./autogen.sh --without-libnm-glib ./configure --without-libnm-glib \ --prefix=/usr \ --sysconfdir=/etc \ --libdir=/usr/lib64 make; make install As a result, the "WireGuard" item appeared in the menu for adding VPN connections, and NetworkManager began to understand ready-made *.conf configurations when loading externally. I downloaded the *.conf file downloaded from the above address and a WireGuard connection appeared. The Internet didn't appear until I disabled iptables, because I don't have time to deal with UDP ports. And so, VPN WireGuard works well and being in Russia, I show my new geolocation-Germany (see the screenshot). I want to note that in Mageia there is no such package "network-manager-wireguard". I don't know why I did all this, but it was interesting. If necessary, I will definitely use this plugin. Thank you for your good advice. With respect, Alex
Created attachment 11955 [details] NetworkManager WireGuard Plugin
Hello, Olav Vitters. I built an rpm package for my distribution "networkmanager-wireguard": https://cloud.mail.ru/public/gHeT/3RvbdBvuW This package was used as a basis: https://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/cauldron/SRPMS/core/release/networkmanager-openvpn-1.8.12-1.mga8.src.rpm While I was redoing *. spec, I accidentally found Your comments "<ovitters>". Olav, I didn't know you were a Mageia employee. I hope I didn't do something illegal by changing Your *.spec? If Yes, then please delete the information about "my" package. The fact is that creating *.spec from scratch is very tedious and I have almost no experience in this due to lack of time, so I decided that it would be faster and easier for me. p.s. The networkmanager-wireguard Plugin generally works well, but after loading the *.conf configuration and creating a connection, you need to additionally specify the "PostDown" event settings: systemctl restart NetworkManager, otherwise /etc/resolv.conf will be empty when the VPN is disabled (see the screenshot "NetworkManager WireGuard Plugin PostDown Settings"). Sincerely, Alex
Created attachment 11958 [details] NetworkManager WireGuard Plugin PostDown Settings
Hi, thanks for reporting this bug. I really tend to say we can even try to fix this. WireGuard is a recent technology to support. Our tools drakx-net (and net_applet) were designed in time there was no desktop-agnostic tool available. Today, recent desktops (Plasma, Gnome, Xfce...) can rely on NetworkManager which is well maintained. If NetworkManager has good support for WireGuard, let's use on it. Also, as Olav previously said, our tools rely on initscripts which are deprecated upstream in favour of systemd and unit files. We can't afford to reinvent the wheel when a better and widely supported tools is available. I have no solution for this. Assigning to Mageia Tools maintainers for advice on it.
Severity: normal => enhancementKeywords: (none) => TriagedSource RPM: (none) => drakx-net-2.51-1.mga8.src.rpmAssignee: bugsquad => mageiatools
Only to say that NetworkManager has proper support of WireGuard connection. Upstream says: https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/ NetworkManager 1.16 has support for WireGuard VPN. So, in Mageia 7.1 core_updates : networkmanager-1.18.8-1.mga7 We should be OK. Please see above link to a good blog that describe support in NetworkManager.
CC: (none) => ouaurelien
Hello, Aurelien Oudelet. From Your comments, I understand what Olav Vitters meant. :) So I went a little bit the wrong way. I intuitively feel that there may be some changes in the support of WireGuard from the drakx-net (and net_applet) tools, but since all this is outdated on a moral and physical level, it is not productive to change anything. Ok. The link from the upstream contains material that informs that NetworkManager now provides an API for creating a WireGuard connection. This is good news, but it's only an API. I suspect that the author of the Network-Manager-Wireguard Plugin was inspired by the idea of humanizing this connection, but for some reason his invention was not accepted in any distribution other than Arch Linux. But it doesn't really matter. In Russia, the topic of VPN is now very relevant due to the tightening of the existing order of things and norms. Users are very concerned about preserving their personal information and confidentiality. Therefore, in fact, there was this topic about VPN. Aurelien, so that I don't get confused again and mislead others, please decide for yourself whether to consider this a bug or just close this report. Thank you for your patience and help. Kind regards, Alex
Aurelien Oudelet, I forgot to mention this... Since drakx-net (and net_applet) do not allow you to load ready-made OpenVPN client configurations (*.ovpn) and ready-made WireGuard client configurations (*.conf), I wrote a couple of GUIs on Lazarus for this and now I have no problems with quickly anonymizing my connection. If this is allowed, I will leave here links to GUI clients with the fact that they may be useful to someone: 1. OpenVPN-GUI: https://cloud.mail.ru/public/5b3q/mm83JrnRv You can download ready-made configurations here: https://www.vpngate.net/en/ 2. WireGuard-GUI: https://cloud.mail.ru/public/4UN4/25nzd48EY You can download ready-made configurations here: https://sshocean.com/wireguard Notes: --- a) depending on the configurations, certain UDP/TCP ports must be open in iptables b) there Are problems displaying the tray icon in GNOME and partially in KDE c) do not attempt to rebuild the package from *.src.rpm. This is an Amateur build and the compilation process is outside of *.spec d) source code of Lazarus (*.tar.gz) attached The code is far from professional, but it is a way out of the situation. Aurelien Oudelet, if such posts are not allowed in BugZilla, then please delete this post. I have nothing more to add on this issue. Now it seems everything and the topic of VPN is fully disclosed :) Sincerely, Alex
upd 05.11.2021 --- Three fresh projects for working with VPN in Mageia-8/9. Maybe it will also come in handy for someone: ProtonVPN-GUI - client for ProtonVPN: https://github.com/AKotov-dev/protonvpn-gui Luntik - simple OpenVPN connector: https://github.com/AKotov-dev/luntik LuntikWG - simple WireGuard connector: https://github.com/AKotov-dev/luntikwg Hello, friends. Please forgive my importunity, but as always I am bursting with curiosity... :) Why doesn't the wireguard-tools package have any dependencies (Requires)? Moreover, there are no dependencies in all Linux distributions. In the meantime, in order to establish a connection through WireGuard, at least these packages must be installed: iproute2, resolvconf, iptables, systemd, raise the kernel module and active ipv4/ipv6 forwarding. This is for OpenVPN, by and large, nothing is needed except systemd, but with WireGuard, it's not like that... For example (Enabling/Turning off wg0): [root@localhost luntik_wg]# wg-quick up /etc/luntik_wg/wg0.conf [#] ip link add wg0 type wireguard [#] wg setconf wg0 /dev/fd/63 [#] ip -4 address add 10.9.3.7/24 dev wg0 [#] ip link set mtu 1420 up dev wg0 [#] resolvconf -a tun.wg0 -m 0 -x [#] wg set wg0 fwmark 51820 [#] ip -6 route add ::/0 dev wg0 table 51820 [#] ip -6 rule add not fwmark 51820 table 51820 [#] ip -6 rule add table main suppress_prefixlength 0 [#] ip6tables-restore -n [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820 [#] ip -4 rule add not fwmark 51820 table 51820 [#] ip -4 rule add table main suppress_prefixlength 0 [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1 [#] iptables-restore -n [root@localhost luntik_wg]# wg-quick down /etc/luntik_wg/wg0.conf [#] ip -4 rule delete table 51820 [#] ip -4 rule delete table main suppress_prefixlength 0 [#] ip -6 rule delete table 51820 [#] ip -6 rule delete table main suppress_prefixlength 0 [#] ip link delete dev wg0 [#] resolvconf -d tun.wg0 -f [#] iptables-restore -n [#] ip6tables-restore -n See for yourself how many things are involved here. :) I have not met configurations that would not pull everything in a row, as here, in order to raise and then correctly lower the WireGuard connection. So why is there nothing but the kernel module in the dependencies? Sincerely, Alex
(In reply to Alex Kotov from comment #13) > Why doesn't the wireguard-tools package have any dependencies (Requires)? > Moreover, there are no dependencies in all Linux distributions. In the > meantime, in order to establish a connection through WireGuard, at least > these packages must be installed: iproute2, resolvconf, iptables, systemd, > raise the kernel module and active ipv4/ipv6 forwarding. This is for > OpenVPN, by and large, nothing is needed except systemd, but with WireGuard, > it's not like that... iproute2 and systemd are basesystem-minmal requires, so wireguard-tools dont need to require then. and resolvconf and iptables are not necessary to build a wireguard tunnel, so they wont be added / forced on users...
Hi, Thomas. Thanks for the clarification, now I'll know. :) p.s. I understand that curiosity is a disadvantage, but sometimes I can't do anything about it. Sorry.
Hi, curiosity is NOT a disadvantage... it's the best way of learning new stuff :)
@Thomas Backlund Very strange. In Russia, there is a saying "A curious Varvara (Varvara is a female name) had her nose torn off at the bazaar." Literally, this means that a certain curious woman allegedly walked around the market and looked at each seller on the counter, asking them in order to buy something more profitable. Finally, one of the sellers got tired of it and grabbed the woman by the nose and tore it turn off. Conclusion: there is no need to poke your nose where it is not necessary and tear people away from work. So in Russia they treat the curious with distrust. But since this is probably not a disadvantage abroad, then, with your permission, I will ask questions more often. Thanks. :) Sincerely, Alex