Ubuntu
network-manager package

  1. Bug #1955589
  2. Comment #0

Comment 0 for bug 1955589

Revision history for this message
Paweł Dembicki (chkdsk88) wrote :

lsb_release -rd
Description: Ubuntu 21.10
Release: 21.10

Wireguard from network-manager deosn't create route to server ip. It's a problem when "allowed ips" '0.0.0.0/0' are used.

Steps to reproduce:
Create wireguard connection with 0.0.0.0/0

Steps to workaround:
add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'

Example:

root@laptop:/home/krolik# nmcli
wg0: connected to YYYYYY
        "wg0"
        wireguard, sw, mtu 1420
        ip4 default
        inet4 172.16.15.5/24
        route4 172.16.15.0/24
        route4 0.0.0.0/0
        route4 0.0.0.0/0

wlp2s0: connected to ZZZZZZ
        "Intel 8265 / 8275"
        wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
        inet4 192.168.74.88/24
        route4 192.168.74.0/24
        route4 169.254.0.0/16
        route4 0.0.0.0/0
        inet6 fe80::855c:d923:50d1:f012/64
        route6 fe80::/64

DNS configuration:
        servers: 8.8.8.8
        interface: wg0
        type: vpn

        servers: 8.8.8.8
        interface: wlp2s0

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
root@laptop:/home/krolik# wg
interface: wg0
  public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  private key: (hidden)
  listening port: 35784
  fwmark: 0xcaf8

peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  endpoint: <SERVER IP>:22223
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 1.01 KiB sent
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
^C
--- 172.16.15.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
root@laptop:/home/krolik# wg
interface: wg0
  public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  private key: (hidden)
  listening port: 35784
  fwmark: 0xcaf8

peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  endpoint: 178.235.52.140:22223
  allowed ips: 0.0.0.0/0
  latest handshake: 4 seconds ago
  transfer: 29.73 KiB received, 36.85 KiB sent
root@laptop:/home/krolik# ip ro
default via 172.16.15.3 dev wg0 proto static metric 50
default via 192.168.74.1 dev wlp2s0 proto static metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
178.235.52.140 via 192.168.74.1 dev wlp2s0
192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 600
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms

64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
^C
--- 172.16.15.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms