Ubuntu
netapplet package

Network Manager Improper OpenVPN & Wireguard Recognition

Bug #2019048 reported by ROG
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
netapplet (Ubuntu)
New
Undecided
Unassigned

Bug Description

Hello,

I am running 23.04 with Gnome 44.0.

I'm noticing that the Network Manager or applet, is not properly recognizing OpenVPN and Wireguard, in regards to connectivity.

When I first installed 23.04 and set it up, I created ufw rules for both of OpenVPN and Wireguard, to route traffic only through them, so you had to be connected to either one to be online.

The first time I started using the Network Manager, I noticed the applet icon in the system tray, for the Wired connection, would disply the 3 computers in white, showing it was online/connected, when I was using ufw for the OpenVPN rules, while I was not connected to OpenVPN, my understanding, this is incorrect behaviour.

Later, at some point, the applet began to display what I believe is suppose to be the correct behvaiour, if I'm not connected to OpenVPN, the three computers started to then appear grayed out, displaying a question mark.

So now, when I connect to OpenVPN, the 3 computers go from gray with a question mark, and turn white, appearing online.

So the first problem is why was the system tray applet always displaying white connected/online, isn't the correct behvaiour, when having rules, blocking connectivity, unless connected to either OpenVPN or Wireguard suppose to be displayed as 3 grayed out computers with a question mark?

The next problem, is when I use the ufw Wireguard rules and make a connection with Wireguard, the 3 computers stay grayed out with a question mark and never turn white. This to me, looks like the Network Manager, or applet doesn't proerply recognize the Wireguard connection.

I'm attaching two screen shots for OpenVPN, please tell me if this is the correct appearance the applet should display when not connected to OpenVPN, and then connected, as I've described above?

I believe computer security should at many levels, where it needs to be addressed a very serious thing, and I believe not having the network working properly in this situation, also a very serious situation.

I hope this will get serious attention, and we can please get the network manager, or if this is only a problem with the nm applet to get this fixed and working properly, so VPN protocols will be properly shown working and recognized.

THANKS

See original description
Revision history for this message
ROG (xgates) wrote :
Revision history for this message
ROG (xgates) wrote :
Revision history for this message
ROG (xgates) wrote :

Here's a screen shot, I've attached, when I am connected to Wireguard, and nm applet doesn't change the 3 computers, they remain grayed out with a quesiton mark, but the VPN icon appears to the right of it.

description: updated
Revision history for this message
ROG (xgates) wrote :

I originally created a post here in regards to Wireguard and the applet;

https://bugs.launchpad.net/ubuntu/+source/netapplet/+bug/2018701

The issues I described above with OpenVPN, later appeared after this post.

description: updated
Revision history for this message
ROG (xgates) wrote (last edit ):
Download full text (3.2 KiB)

Here's how this looks from nmcli when connected to OpenVPN;

nmcli connection
NAME UUID TYPE DEVICE
OpenVPN b6080992-6e7b-4f43-894a-0feaa287bd9f vpn enp5s0
tun0 5d5f7a17-442e-429e-a783-cf2bfad3a5eb tun tun0
lo 52b96564-d84c-4cb9-8d99-ba259cf3bd81 loopback lo
Wired Connection 0c288f04-eb9d-309e-b15a-6fde9e55c487 ethernet enp5s0
Wireguard b1aa9b00-6fab-43cc-aa38-f21efd136ed5 wireguard --

nmcli device
DEVICE TYPE STATE CONNECTION
tun0 tun connected (externally) tun0
enp5s0 ethernet connected Wired Connection
lo loopback connected (externally) lo

nmcli networking connectivity
Full

Here's how the connection looks with the ufw OpenVPN rules and disconnected to OpenVPN

nmcli connection
NAME UUID TYPE DEVICE
Wired Connection 0c288f04-eb9d-309e-b15a-6fde9e55c487 ethernet enp5s0
lo 52b96564-d84c-4cb9-8d99-ba259cf3bd81 loopback lo
OpenVPN b6080992-6e7b-4f43-894a-0feaa287bd9f vpn --
Wireguard b1aa9b00-6fab-43cc-aa38-f21efd136ed5 wireguard --

nmcli device
DEVICE TYPE STATE CONNECTION
enp5s0 ethernet connected Wired Connection
lo loopback connected (externally) lo

nmcli networking connectivity
limited

Here's how the connection looks with the ufw Wireguard rules and connected to Wireguard.

nmcli connection
NAME UUID TYPE DEVICE
Wired Connection 0c288f04-eb9d-309e-b15a-6fde9e55c487 ethernet enp5s0
lo 52b96564-d84c-4cb9-8d99-ba259cf3bd81 loopback lo
Wireguard b1aa9b00-6fab-43cc-aa38-f21efd136ed5 wireguard wg0
OpenVPN b6080992-6e7b-4f43-894a-0feaa287bd9f vpn --

nmcli device
DEVICE TYPE STATE CONNECTION
enp5s0 ethernet connected Wired Connection
lo loopback connected (externally) lo
wg0 wireguard connected Wireguard

nmcli networking connectivity
limited

Ahh the last one; nmcli networking connectivity limited, is this the problem, it's not 'Full', is this the reason the applet with the 3 gray computers and question mark never change white?

Here's how the connection looks with the ufw Wireguard rules and disconnected from Wireguard.

nmcli connection
NAME UUID TYPE DEVICE
Wired Connection 0c288f04-eb9d-309e-b15a-6fde9e55c487 ethernet enp5s0
lo 52b96564-d84c-4cb9-8d99-ba259cf3bd81 loopback lo
OpenVPN b6080992-6e7b-4f43-894a-0feaa287bd9f vpn --
Wireguard b1aa9b00-6fab-43cc-aa38-f21efd136ed5 wireguard --

nmcli device
DEVICE TYPE STATE CONNECTION
enp5s0 ethernet connected Wired Connection
lo loopback connected ...

Read more...

Revision history for this message
ROG (xgates) wrote (last edit ):

I found the culprit!

/usr/lib/NetworkManager/conf.d/
20-connectivity-ubuntu.conf
uri=http://connectivity-check.ubuntu.com./

I commented this out;

#uri=http://connectivity-check.ubuntu.com./

Then I rebooted, and now, no matter which set of ufw rules I am using, OpenVPN or Wireguard, the nm applet always displays the Wired Connection as white when offline line from OpenVPN or Wireguard. Is this the correct behaviour we want to see, or should it always show as grayed out and a question mark, until making the VPN connection?

I've attached a screen shot, that now shows the Wired applet connection always white, when using ufw rules for OpenVPN and Wireguard, to route only connectivity over these, and not allow to go online, unless connected to them.

Also with uri=http://connectivity-check.ubuntu.com./ commented out #

Now nmcli networking connectivity shows full when using Wireguard instead of limited before.

nmcli networking connectivity
full

nmcli connection
NAME UUID TYPE DEVICE
Wired Connection 0c288f04-eb9d-309e-b15a-6fde9e55c487 ethernet enp5s0
lo 1168dc16-3322-46e7-a17d-9f22291109a4 loopback lo
Wireguard b1aa9b00-6fab-43cc-aa38-f21efd136ed5 wireguard wg0
OpenVPN b6080992-6e7b-4f43-894a-0feaa287bd9f vpn --

nmcli device
DEVICE TYPE STATE CONNECTION
enp5s0 ethernet connected Wired Connection
lo loopback connected (externally) lo
wg0 wireguard connected Wireguard

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.