Public bug reported:
lsb_release -rd
Description: Ubuntu 21.10
Release: 21.10
Wireguard from network-manager deosn't create route to server ip. It's a
problem when "allowed ips" '0.0.0.0/0' are used.
Steps to reproduce:
Create wireguard connection with 0.0.0.0/0
Steps to workaround:
add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'
Example:
root@laptop:/home/krolik# nmcli
wg0: connected to YYYYYY
"wg0"
wireguard, sw, mtu 1420
ip4 default
inet4 172.16.15.5/24
route4 172.16.15.0/24
route4 0.0.0.0/0
route4 0.0.0.0/0
wlp2s0: connected to ZZZZZZ
"Intel 8265 / 8275"
wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
inet4 192.168.74.88/24
route4 192.168.74.0/24
route4 169.254.0.0/16
route4 0.0.0.0/0
inet6 fe80::855c:d923:50d1:f012/64
route6 fe80::/64
DNS configuration:
servers: 8.8.8.8
interface: wg0
type: vpn
servers: 8.8.8.8
interface: wlp2s0
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
root@laptop:/home/krolik# wg
interface: wg0
public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
private key: (hidden)
listening port: 35784
fwmark: 0xcaf8
peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
endpoint: <SERVER IP>:22223
allowed ips: 0.0.0.0/0
transfer: 0 B received, 1.01 KiB sent
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
^C
--- 172.16.15.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
root@laptop:/home/krolik# wg
interface: wg0
public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
private key: (hidden)
listening port: 35784
fwmark: 0xcaf8
peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
endpoint: 178.235.52.140:22223
allowed ips: 0.0.0.0/0
latest handshake: 4 seconds ago
transfer: 29.73 KiB received, 36.85 KiB sent
root@laptop:/home/krolik# ip ro
default via 172.16.15.3 dev wg0 proto static metric 50
default via 192.168.74.1 dev wlp2s0 proto static metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
<SERVER IP> via 192.168.74.1 dev wlp2s0
192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 600
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms
64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
^C
--- 172.16.15.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
lsb_release -rd
Description: Ubuntu 21.10
Release: 21.10
-
- Wireguard from network-manager deosn't create route to server ip. It's a
problem when "allowed ips" '0.0.0.0/0' are used.
+ Wireguard from network-manager deosn't create route to server ip. It's a
+ problem when "allowed ips" '0.0.0.0/0' are used.
Steps to reproduce:
Create wireguard connection with 0.0.0.0/0
-
Steps to workaround:
add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'
-
Example:
- root@laptop:/home/krolik# nmcli
+ root@laptop:/home/krolik# nmcli
wg0: connected to YYYYYY
- "wg0"
- wireguard, sw, mtu 1420
- ip4 default
- inet4 172.16.15.5/24
- route4 172.16.15.0/24
- route4 0.0.0.0/0
- route4 0.0.0.0/0
+ "wg0"
+ wireguard, sw, mtu 1420
+ ip4 default
+ inet4 172.16.15.5/24
+ route4 172.16.15.0/24
+ route4 0.0.0.0/0
+ route4 0.0.0.0/0
wlp2s0: connected to ZZZZZZ
- "Intel 8265 / 8275"
- wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
- inet4 192.168.74.88/24
- route4 192.168.74.0/24
- route4 169.254.0.0/16
- route4 0.0.0.0/0
- inet6 fe80::855c:d923:50d1:f012/64
- route6 fe80::/64
+ "Intel 8265 / 8275"
+ wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
+ inet4 192.168.74.88/24
+ route4 192.168.74.0/24
+ route4 169.254.0.0/16
+ route4 0.0.0.0/0
+ inet6 fe80::855c:d923:50d1:f012/64
+ route6 fe80::/64
DNS configuration:
- servers: 8.8.8.8
- interface: wg0
- type: vpn
+ servers: 8.8.8.8
+ interface: wg0
+ type: vpn
- servers: 8.8.8.8
- interface: wlp2s0
+ servers: 8.8.8.8
+ interface: wlp2s0
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage
details.
root@laptop:/home/krolik# wg
interface: wg0
- public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
- private key: (hidden)
- listening port: 35784
- fwmark: 0xcaf8
+ public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
+ private key: (hidden)
+ listening port: 35784
+ fwmark: 0xcaf8
peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
- endpoint: <SERVER IP>:22223
- allowed ips: 0.0.0.0/0
- transfer: 0 B received, 1.01 KiB sent
+ endpoint: <SERVER IP>:22223
+ allowed ips: 0.0.0.0/0
+ transfer: 0 B received, 1.01 KiB sent
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
^C
--- 172.16.15.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
root@laptop:/home/krolik# wg
interface: wg0
- public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
- private key: (hidden)
- listening port: 35784
- fwmark: 0xcaf8
+ public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
+ private key: (hidden)
+ listening port: 35784
+ fwmark: 0xcaf8
peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
- endpoint: 178.235.52.140:22223
- allowed ips: 0.0.0.0/0
- latest handshake: 4 seconds ago
- transfer: 29.73 KiB received, 36.85 KiB sent
+ endpoint: 178.235.52.140:22223
+ allowed ips: 0.0.0.0/0
+ latest handshake: 4 seconds ago
+ transfer: 29.73 KiB received, 36.85 KiB sent
root@laptop:/home/krolik# ip ro
- default via 172.16.15.3 dev wg0 proto static metric 50
- default via 192.168.74.1 dev wlp2s0 proto static metric 600
- 169.254.0.0/16 dev wlp2s0 scope link metric 1000
- 172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
- 178.235.52.140 via 192.168.74.1 dev wlp2s0
- 192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric
600
+ default via 172.16.15.3 dev wg0 proto static metric 50
+ default via 192.168.74.1 dev wlp2s0 proto static metric 600
+ 169.254.0.0/16 dev wlp2s0 scope link metric 1000
+ 172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
+ <SERVER IP> via 192.168.74.1 dev wlp2s0
+ 192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric
600
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms
64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
^C
--- 172.16.15.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1955589
Title:
wireguard connectrion doesn't create route to server ip
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1955589/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
