Updating wireguard-peer.allowed-ips gets wrong default netmask for IPv6 addresses
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netplan.io (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
network-manager (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In https:/
# cat /etc/netplan/
network:
version: 2
tunnels:
wg0:
renderer: NetworkManager
addresses:
- "10.0.0.2/24"
mode: "wireguard"
port: 51820
keys:
private: "KDI3xiJN6uthba
peers:
- keys:
public: "RsfKtJHMIAYs/
- "10.0.0.1/32"
networkma
uuid: "b5edee2d-
name: "con-wg0"
proxy._: ""
which gets rendered as
# cat /run/NetworkMan
[connection]
id=con-wg0
type=wireguard
uuid=b5edee2d-
interface-name=wg0
[wireguard]
private-
listen-port=51820
[wireguard-
allowed-
[ipv4]
method=manual
address1=
[ipv6]
#Netplan: passthrough override
method=disabled
#Netplan: passthrough setting
addr-gen-
[proxy]
Now the UI modifies the "allowed-ips" setting to ["10.0.0.1", "2001::1"]. Notably the addresses do *not* have a netmask, neither in the original config nor that update. Unfortunately that update cannot be done on the CLI:
# nmcli con modify con-wg0 "wireguard-
Error: invalid or not allowed setting 'wireguard-peer': 'wireguard-peer' not among [connection, wireguard, match, ipv4, ipv6, hostname, link, tc, proxy].
So it has to happen via D-Bus:
"/org/freedeskt
But this generates a wrong "/32" default netmask in the netplan config for the IPv6 address:
- "10.0.0.1/32"
- "2001::1/32"
On Fedora, with NM's default .nmconnection files, such a netmask is not added on this call. The netplan backend should do that (not second-guessing NM) or at least default to /128 for an IPv6 address.
Doing this D-Bus call with `busctl` is a nuisance. If you need a reproducer at this level, I can spend an hour or so trying to stitch it together, but I hope your unit tests make this easier somehow.
This was fine until 22.10, but with NM's new "netplan by default" backend this regressed.
DistroRelease: Ubuntu 23.10
Package: network-manager 1.44.2-1ubuntu1.2
description: | updated |
tags: | added: foundations-todo |
Changed in netplan.io (Ubuntu): | |
status: | Confirmed → Fix Committed |
Hi Martin, thanks so much for your bug report.
I can confirm it's a problem in libnetplan. I created a small fix for it https:/ /github. com/canonical/ netplan/ pull/428