[Desktop-packages] [Bug 1955589] [NEW] wireguard connectrion doesn't create route to server ip

Wed, 22 Dec 2021 13:45:42 -0800 

Public bug reported:

lsb_release -rd
Description:    Ubuntu 21.10
Release:        21.10

Wireguard from network-manager deosn't create route to server ip. It's a
problem when "allowed ips" '0.0.0.0/0' are used.

Steps to reproduce:
Create wireguard connection with 0.0.0.0/0

Steps to workaround:
add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'

Example:

root@laptop:/home/krolik# nmcli
wg0: connected to YYYYYY
        "wg0"
        wireguard, sw, mtu 1420
        ip4 default
        inet4 172.16.15.5/24
        route4 172.16.15.0/24
        route4 0.0.0.0/0
        route4 0.0.0.0/0

wlp2s0: connected to ZZZZZZ
        "Intel 8265 / 8275"
        wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
        inet4 192.168.74.88/24
        route4 192.168.74.0/24
        route4 169.254.0.0/16
        route4 0.0.0.0/0
        inet6 fe80::855c:d923:50d1:f012/64
        route6 fe80::/64

DNS configuration:
        servers: 8.8.8.8
        interface: wg0
        type: vpn

        servers: 8.8.8.8
        interface: wlp2s0

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
root@laptop:/home/krolik# wg
interface: wg0
  public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  private key: (hidden)
  listening port: 35784
  fwmark: 0xcaf8

peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  endpoint: <SERVER IP>:22223
  allowed ips: 0.0.0.0/0
  transfer: 0 B received, 1.01 KiB sent
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
^C
--- 172.16.15.3 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
root@laptop:/home/krolik# wg
interface: wg0
  public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  private key: (hidden)
  listening port: 35784
  fwmark: 0xcaf8

peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
  endpoint: 178.235.52.140:22223
  allowed ips: 0.0.0.0/0
  latest handshake: 4 seconds ago
  transfer: 29.73 KiB received, 36.85 KiB sent
root@laptop:/home/krolik# ip ro
default via 172.16.15.3 dev wg0 proto static metric 50
default via 192.168.74.1 dev wlp2s0 proto static metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
<SERVER IP> via 192.168.74.1 dev wlp2s0
192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 600
root@laptop:/home/krolik# ping 172.16.15.3
PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms

64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
^C
--- 172.16.15.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms

** Affects: network-manager (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  lsb_release -rd
  Description:  Ubuntu 21.10
  Release:      21.10
  
- 
- Wireguard from network-manager deosn't create route to server ip. It's a 
problem when "allowed ips" '0.0.0.0/0' are used.
+ Wireguard from network-manager deosn't create route to server ip. It's a
+ problem when "allowed ips" '0.0.0.0/0' are used.
  
  Steps to reproduce:
  Create wireguard connection with 0.0.0.0/0
  
- 
  Steps to workaround:
  add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'
  
- 
  Example:
  
- root@laptop:/home/krolik# nmcli 
+ root@laptop:/home/krolik# nmcli
  wg0: connected to YYYYYY
-         "wg0"
-         wireguard, sw, mtu 1420
-         ip4 default
-         inet4 172.16.15.5/24
-         route4 172.16.15.0/24
-         route4 0.0.0.0/0
-         route4 0.0.0.0/0
+         "wg0"
+         wireguard, sw, mtu 1420
+         ip4 default
+         inet4 172.16.15.5/24
+         route4 172.16.15.0/24
+         route4 0.0.0.0/0
+         route4 0.0.0.0/0
  
  wlp2s0: connected to ZZZZZZ
-         "Intel 8265 / 8275"
-         wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
-         inet4 192.168.74.88/24
-         route4 192.168.74.0/24
-         route4 169.254.0.0/16
-         route4 0.0.0.0/0
-         inet6 fe80::855c:d923:50d1:f012/64
-         route6 fe80::/64
+         "Intel 8265 / 8275"
+         wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
+         inet4 192.168.74.88/24
+         route4 192.168.74.0/24
+         route4 169.254.0.0/16
+         route4 0.0.0.0/0
+         inet6 fe80::855c:d923:50d1:f012/64
+         route6 fe80::/64
  
  DNS configuration:
-         servers: 8.8.8.8
-         interface: wg0
-         type: vpn
+         servers: 8.8.8.8
+         interface: wg0
+         type: vpn
  
-         servers: 8.8.8.8
-         interface: wlp2s0
+         servers: 8.8.8.8
+         interface: wlp2s0
  
  Use "nmcli device show" to get complete information about known devices and
  "nmcli connection show" to get an overview on active connection profiles.
  
  Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage 
details.
  root@laptop:/home/krolik# wg
  interface: wg0
-   public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-   private key: (hidden)
-   listening port: 35784
-   fwmark: 0xcaf8
+   public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
+   private key: (hidden)
+   listening port: 35784
+   fwmark: 0xcaf8
  
  peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-   endpoint: <SERVER IP>:22223
-   allowed ips: 0.0.0.0/0
-   transfer: 0 B received, 1.01 KiB sent
+   endpoint: <SERVER IP>:22223
+   allowed ips: 0.0.0.0/0
+   transfer: 0 B received, 1.01 KiB sent
  root@laptop:/home/krolik# ping 172.16.15.3
  PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
  ^C
  --- 172.16.15.3 ping statistics ---
  2 packets transmitted, 0 received, 100% packet loss, time 1006ms
  
  root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
  root@laptop:/home/krolik# wg
  interface: wg0
-   public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-   private key: (hidden)
-   listening port: 35784
-   fwmark: 0xcaf8
+   public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
+   private key: (hidden)
+   listening port: 35784
+   fwmark: 0xcaf8
  
  peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-   endpoint: 178.235.52.140:22223
-   allowed ips: 0.0.0.0/0
-   latest handshake: 4 seconds ago
-   transfer: 29.73 KiB received, 36.85 KiB sent
+   endpoint: 178.235.52.140:22223
+   allowed ips: 0.0.0.0/0
+   latest handshake: 4 seconds ago
+   transfer: 29.73 KiB received, 36.85 KiB sent
  root@laptop:/home/krolik# ip ro
- default via 172.16.15.3 dev wg0 proto static metric 50 
- default via 192.168.74.1 dev wlp2s0 proto static metric 600 
- 169.254.0.0/16 dev wlp2s0 scope link metric 1000 
- 172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50 
- 178.235.52.140 via 192.168.74.1 dev wlp2s0 
- 192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 
600 
+ default via 172.16.15.3 dev wg0 proto static metric 50
+ default via 192.168.74.1 dev wlp2s0 proto static metric 600
+ 169.254.0.0/16 dev wlp2s0 scope link metric 1000
+ 172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
+ <SERVER IP> via 192.168.74.1 dev wlp2s0
+ 192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 
600
  root@laptop:/home/krolik# ping 172.16.15.3
  PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
  64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms
  
  64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
  64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
  64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
  ^C
  --- 172.16.15.3 ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 3003ms
  rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1955589

Title:
  wireguard connectrion doesn't create route to server ip

Status in network-manager package in Ubuntu:
  New

Bug description:
  lsb_release -rd
  Description:  Ubuntu 21.10
  Release:      21.10

  Wireguard from network-manager deosn't create route to server ip. It's
  a problem when "allowed ips" '0.0.0.0/0' are used.

  Steps to reproduce:
  Create wireguard connection with 0.0.0.0/0

  Steps to workaround:
  add route 'ip ro add <SERVER IP> via <REGULAR GATEWAY>'

  Example:

  root@laptop:/home/krolik# nmcli
  wg0: connected to YYYYYY
          "wg0"
          wireguard, sw, mtu 1420
          ip4 default
          inet4 172.16.15.5/24
          route4 172.16.15.0/24
          route4 0.0.0.0/0
          route4 0.0.0.0/0

  wlp2s0: connected to ZZZZZZ
          "Intel 8265 / 8275"
          wifi (iwlwifi), 98:2C:BC:28:4D:99, hw, mtu 1500
          inet4 192.168.74.88/24
          route4 192.168.74.0/24
          route4 169.254.0.0/16
          route4 0.0.0.0/0
          inet6 fe80::855c:d923:50d1:f012/64
          route6 fe80::/64

  DNS configuration:
          servers: 8.8.8.8
          interface: wg0
          type: vpn

          servers: 8.8.8.8
          interface: wlp2s0

  Use "nmcli device show" to get complete information about known devices and
  "nmcli connection show" to get an overview on active connection profiles.

  Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage 
details.
  root@laptop:/home/krolik# wg
  interface: wg0
    public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
    private key: (hidden)
    listening port: 35784
    fwmark: 0xcaf8

  peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
    endpoint: <SERVER IP>:22223
    allowed ips: 0.0.0.0/0
    transfer: 0 B received, 1.01 KiB sent
  root@laptop:/home/krolik# ping 172.16.15.3
  PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
  ^C
  --- 172.16.15.3 ping statistics ---
  2 packets transmitted, 0 received, 100% packet loss, time 1006ms

  root@laptop:/home/krolik# ip ro add <SERVER IP>/32 via 192.168.74.1
  root@laptop:/home/krolik# wg
  interface: wg0
    public key: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
    private key: (hidden)
    listening port: 35784
    fwmark: 0xcaf8

  peer: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
    endpoint: 178.235.52.140:22223
    allowed ips: 0.0.0.0/0
    latest handshake: 4 seconds ago
    transfer: 29.73 KiB received, 36.85 KiB sent
  root@laptop:/home/krolik# ip ro
  default via 172.16.15.3 dev wg0 proto static metric 50
  default via 192.168.74.1 dev wlp2s0 proto static metric 600
  169.254.0.0/16 dev wlp2s0 scope link metric 1000
  172.16.15.0/24 dev wg0 proto kernel scope link src 172.16.15.5 metric 50
  <SERVER IP> via 192.168.74.1 dev wlp2s0
  192.168.74.0/24 dev wlp2s0 proto kernel scope link src 192.168.74.88 metric 
600
  root@laptop:/home/krolik# ping 172.16.15.3
  PING 172.16.15.3 (172.16.15.3) 56(84) bytes of data.
  64 bytes from 172.16.15.3: icmp_seq=1 ttl=64 time=48.7 ms

  64 bytes from 172.16.15.3: icmp_seq=2 ttl=64 time=48.0 ms
  64 bytes from 172.16.15.3: icmp_seq=3 ttl=64 time=46.8 ms
  64 bytes from 172.16.15.3: icmp_seq=4 ttl=64 time=45.5 ms
  ^C
  --- 172.16.15.3 ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 3003ms
  rtt min/avg/max/mdev = 45.473/47.266/48.743/1.245 ms

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1955589/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to