Ubuntu
network-manager package

wireguard connectrion doesn't create route to server ip

Bug #1955589 reported by Paweł Dembicki
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
New
Undecided
Unassigned

Bug Description

lsb_release -rd
Description: Ubuntu 21.10
Release: 21.10

Wireguard from network-manager deosn't create route to server ip. It's a problem when "allowed ips" '0.0.0.0/0' are used.

Steps to reproduce:
Create wireguard connection with 0.0.0.0/0

Steps to workaround:
add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'

Example:

root@laptop:/home/krolik# nmcli
wg0: connected to YYYYYY
        "wg0"
        wireguard, sw, mtu 1420
        ip4 default
        inet4 172.16.15.5/24
        route4 172.16.15.0/24
        route4 0.0.0.0/0
        route4 0.0.0.0/0

wlp2s0: connected to ZZZZZZ
        "Intel 8265 / 8275"
        wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
        inet4 192.168.74.88/24
        route4 192.168.74.0/24
        route4 169.254.0.0/16
        route4 0.0.0.0/0
        inet6 fe80::855c:d923:50d1:f012/64
        route6 fe80::/64

DNS configuration:
        servers: 8.8.8.8
        interface: wg0
        type: vpn

        servers: 8.8.8.8
        interface: wlp2s0

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
root@laptop:/home/krolik# wg
interface: wg0
  public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  private key: (hidden)
  listening port: 35784
  fwmark: 0xcaf8

peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  endpoint: <SERVER IP>:22223
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 1.01 KiB sent
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
^C
--- 172.16.15.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
root@laptop:/home/krolik# wg
interface: wg0
  public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  private key: (hidden)
  listening port: 35784
  fwmark: 0xcaf8

peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  endpoint: 178.235.52.140:22223
  allowed ips: 0.0.0.0/0
  latest handshake: 4 seconds ago
  transfer: 29.73 KiB received, 36.85 KiB sent
root@laptop:/home/krolik# ip ro
default via 172.16.15.3 dev wg0 proto static metric 50
default via 192.168.74.1 dev wlp2s0 proto static metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
<SERVER IP> via 192.168.74.1 dev wlp2s0
192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 600
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms

64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
^C
--- 172.16.15.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms

See original description
Paweł Dembicki (chkdsk88)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.