[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
> I can confirm this issue with systemd/bionic-updates are you sure? The original cause of this bug isn't present in Bionic so if something isn't working for you, it probably is a new bug, not the same as this one. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
I can confirm this issue with systemd/bionic-updates, now 237-3ubuntu10.39 amd64 Is there a way to get an bionic update as well? This is very annoying bug, as systemd-networkd intergrates with systemd- resolve and wg-quick does not. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
This bug was fixed in the package systemd - 240-6ubuntu5.1 --- systemd (240-6ubuntu5.1) disco; urgency=medium * d/p/ask-password-prevent-buffer-overrow-when-reading-fro.patch: - prevent buffer overflow when reading keyring (LP: #1814373) * d/p/network-wireguard-fixes-sending-wireguard-peer-setti.patch, d/p/test-network-add-more-checks-in-NetworkdNetDevTests..patch, d/p/sd-netlink-introduce-sd_netlink_message_append_socka.patch, d/p/network-wireguard-use-sd_netlink_message_append_sock.patch: - systemd doesn't set wireguard peer endpoint (LP: #1825378) * d/t/boot-smoke: - Fix false negative checking for running jobs after boot (LP: #1825997) -- Dan Streetman Thu, 16 May 2019 06:07:49 -0400 ** Changed in: systemd (Ubuntu Disco) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
This bug was fixed in the package systemd - 240-6ubuntu9 --- systemd (240-6ubuntu9) eoan; urgency=medium * Fix typpo in storage test. File: debian/tests/storage https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f28aa5fe4ab175b99b6ea702559c59ca473b4ca8 * Fix bashism File: debian/extra/dhclient-enter-resolved-hook https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=0725c1169ddde4f41cacba7af3e546704e2206be systemd (240-6ubuntu8) eoan; urgency=medium * Only restart resolved on changes in dhclient enter hook. This prevents spurious restarts of resolved on rebounds when the addresses did not change. (LP: #1805183) Author: Julian Andres Klode File: debian/extra/dhclient-enter-resolved-hook https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=258893bae8cbb12670e4807636fe8f7e9fb5407a * Wait for cryptsetup unit to start, before stopping. Patch from cascardo. Plus small refactor for readability. (LP: #1814373) File: debian/tests/storage https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b65aa350be7e61c65927fbc0921a750fcfaa51cd * Wait for systemctl is-system-running state. File: debian/tests/boot-smoke https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=776998f1f55c445b6e385cab69a4219c42d00838 systemd (240-6ubuntu7) eoan; urgency=medium * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE" This reverts commit 60407728a1a453104e3975ecfdf25a254dd7cc44. Files: - debian/patches/Add-check-to-switch-VTs-only-between-K_XLATE-or-K_UNICODE.patch - debian/patches/Move-verify_vc_kbmode-to-terminal-util.c-as-vt_verify_kbm.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18029ab5ff436bfb3b401f24cd1e3a4cf2a1579c * Cherrypick missing systemd-stable patches to unbreak wireguard peer endpoints. Signed-off-by: Dimitri John Ledkov (LP: #1825378) Author: Dan Streetman Files: - debian/patches/network-wireguard-fixes-sending-wireguard-peer-setti.patch - debian/patches/network-wireguard-use-sd_netlink_message_append_sock.patch - debian/patches/sd-netlink-introduce-sd_netlink_message_append_socka.patch - debian/patches/test-network-add-more-checks-in-NetworkdNetDevTests..patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4046f515e40c4dc80d18d2303466737f1f451f11 * Remove expected failure from passing test. Signed-off-by: Dimitri John Ledkov (LP: #1829450) Author: Dan Streetman File: debian/tests/systemd-fsckd https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c43b12037d08555dc1d26593307726d7c7992df0 * Fix false negative checking for running jobs after boot. Signed-off-by: Dimitri John Ledkov (LP: #1825997) Author: Dan Streetman File: debian/tests/boot-smoke https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=aeb01631efbaf3fe851dee15d496e0b66b5c347f * Cherrypick ask-password: prevent buffer overrow when reading from keyring. Signed-off-by: Dimitri John Ledkov (LP: #1814373) Author: Dan Streetman File: debian/patches/ask-password-prevent-buffer-overrow-when-reading-fro.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6d6e9cbd4fc6e018031a4762e88f2c3aa19e24e8 -- Dimitri John Ledkov Thu, 30 May 2019 21:45:50 +0100 ** Changed in: systemd (Ubuntu Eoan) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
autopkgtest failures for this upload analyzed in bug 1825997 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
disco-proposed fixed it for me as well: - Clean disco installation. - Create .netdev file. - reboot --> Endpoint is not set. - Update systemd from disco-proposed. - reboot --> Endpoint is set. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
Tested with disco-proposed and confirmed this issue has been resolved. # apt list systemd Listing... Done systemd/disco-proposed,now 240-6ubuntu5.1 amd64 [installed] ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
Hello Ko-Zu, or anyone else affected, Accepted systemd into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/240-6ubuntu5.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: systemd (Ubuntu Disco) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Tags removed: ddstreet-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Changed in: systemd (Ubuntu Eoan) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Patch added: "lp1825378-eoan.debdiff" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+attachment/5267419/+files/lp1825378-eoan.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Also affects: systemd (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Cosmic) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
I don't have access to the affected systems at the moment, but the test case and your summary looks correct. Thanks for taking a look at this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
This issue can be reproduced without remote server. thanks for the brushup. ** Description changed: [impact] systemd does not set endpoints for wireguard interfaces correctly. This makes wireguard unusable. [test case] install a disco or eoan system and set up a wireguard interface: $ sudo add-apt-repository ppa:wireguard/wireguard $ sudo apt install wireguard ...(this does a lot of stuff)... - set up a wireguard server on a separate (pre-disco) system - (I used instructions from https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/#configure-wireguard-server) - - create a file as below; the private key doesn't matter (can create one - with 'wg genkey'), but the WireGuardPeer public key and ip addresses - should match what the wireguard server set up above is using: + create a file as below; There is no need to setup remote server to + reproduce this issue, but PublicKey/PrivateKey should be valid one (used + instructions from https://www.linode.com/docs/networking/vpn/set-up- + wireguard-vpn-on-ubuntu/#configure-wireguard-server): $ cat /etc/systemd/network/wg0.netdev [NetDev] Name=wg0 Kind=wireguard [WireGuard] - PrivateKey=* + PrivateKey=uMuCbguKYdKanRYMbDSriIdgxGxJR57Us1zEy8wRc1M= ListenPort=51820 [WireGuardPeer] - PublicKey=* + PublicKey=ZRyl+kvb6o2/6Da5YLum6GnSrzDj3J002+2kmK5CnS4= AllowedIPs=10.0.0.0/8 Endpoint=192.168.1.1:51820 $ sudo systemctl restart systemd-networkd $ sudo wg show wg0 interface: wg0 - public key: * - private key: (hidden) - listening port: 51820 + public key: BnvFgvPiVb5xURfzZ5liV1P77qeGeJDIX3C1iNquA2k= + private key: (hidden) + listening port: 51820 - peer: * - allowed ips: 10.0.0.0/8 + peer: ZRyl+kvb6o2/6Da5YLum6GnSrzDj3J002+2kmK5CnS4= + allowed ips: 10.0.0.0/8 the last command should print remote endpoint address, e.g.: - peer: * - endpoint: 192.168.1.1:51820 - allowed ips: 10.0.0.0/8 + peer: ZRyl+kvb6o2/6Da5YLum6GnSrzDj3J002+2kmK5CnS4= + endpoint: 192.168.1.1:51820 + allowed ips: 10.0.0.0/8 [regression potential] any changes to systemd contain the potential for serious regressions. However, this is cherry picked directly from upstream, with the releases requiring patching (disco and eoan) being at exactly the same version and very close to upstream already. Additionally, while this does add 2 new functions (from upstream commit https://github.com/systemd/systemd/pull/11580/commits/abd48ec87f2ac5dd571a99dcb4db88c4affdffc8), they are only used - and code is only changed in - wireguard.c, so any regressions should be limited to wireguard interfaces (unless systemd crashes completely). [other info] this bug is not present in cosmic and earlier, and is already fixed in upstream systemd, so this is needed only for disco and eoan. original description: --- systemd/disco 240 shipped with Ubuntu 19.04 beta does not set endpoints for [WireguradPeer] properly. This regression was introduced in v241 and merged into v240. systemd 241 doesn't set wireguard peer endpoint https://github.com/systemd/systemd/issues/11579 Revert of the regression was landed on v240 stable branch https://github.com/systemd/systemd-stable/pull/39 1)2) confirmed with, systemd/disco 240-6ubuntu5 amd64 3) put a netdev file /etc/systemd/network/wg0.netdev --- [NetDev] Name=wg0 Kind=wireguard [WireGuard] PrivateKey=** ListenPort=51820 [WireGuardPeer] PublicKey=* AllowedIPs=10.0.0.0/8 Endpoint=192.168.1.1:51820 and run --- # systemctl restart systemd-networkd # wg show wg0 interface: wg0 public key: * private key: (hidden) listening port: 51820 peer: * allowed ips: 10.0.0.0/8 4) the last command should print remote endpoint address. --- # wg show wg0 interface: wg0 public key: * private key: (hidden) listening port: 51820 peer: * endpoint: 192.168.1.1:51820 allowed ips: 10.0.0.0/8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
@causeless, @jdoefp, can either of you review my SRU template info, especially the test case section, to make sure it is correct. I've reproduced locally but would like to make sure the steps I mentioned are correct. ** Description changed: + [impact] + + systemd does not set endpoints for wireguard interfaces correctly. This + makes wireguard unusable. + + [test case] + + install a disco or eoan system and set up a wireguard interface: + + $ sudo add-apt-repository ppa:wireguard/wireguard + $ sudo apt install wireguard + ...(this does a lot of stuff)... + + set up a wireguard server on a separate (pre-disco) system + (I used instructions from https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/#configure-wireguard-server) + + create a file as below; the private key doesn't matter (can create one + with 'wg genkey'), but the WireGuardPeer public key and ip addresses + should match what the wireguard server set up above is using: + + $ cat /etc/systemd/network/wg0.netdev + [NetDev] + Name=wg0 + Kind=wireguard + + [WireGuard] + PrivateKey=* + ListenPort=51820 + + [WireGuardPeer] + PublicKey=* + AllowedIPs=10.0.0.0/8 + Endpoint=192.168.1.1:51820 + + + $ sudo systemctl restart systemd-networkd + $ sudo wg show wg0 + + interface: wg0 + public key: * + private key: (hidden) + listening port: 51820 + + peer: * + allowed ips: 10.0.0.0/8 + + the last command should print remote endpoint address, e.g.: + + peer: * + endpoint: 192.168.1.1:51820 + allowed ips: 10.0.0.0/8 + + [regression potential] + + any changes to systemd contain the potential for serious regressions. + However, this is cherry picked directly from upstream, with the releases + requiring patching (disco and eoan) being at exactly the same version + and very close to upstream already. Additionally, while this does add 2 + new functions (from upstream commit + https://github.com/systemd/systemd/pull/11580/commits/abd48ec87f2ac5dd571a99dcb4db88c4affdffc8), + they are only used - and code is only changed in - wireguard.c, so any + regressions should be limited to wireguard interfaces (unless systemd + crashes completely). + + [other info] + + original description: + + --- + systemd/disco 240 shipped with Ubuntu 19.04 beta does not set endpoints for [WireguradPeer] properly. This regression was introduced in v241 and merged into v240. systemd 241 doesn't set wireguard peer endpoint https://github.com/systemd/systemd/issues/11579 Revert of the regression was landed on v240 stable branch https://github.com/systemd/systemd-stable/pull/39 1)2) confirmed with, systemd/disco 240-6ubuntu5 amd64 3) put a netdev file /etc/systemd/network/wg0.netdev --- [NetDev] Name=wg0 Kind=wireguard [WireGuard] PrivateKey=** ListenPort=51820 [WireGuardPeer] PublicKey=* AllowedIPs=10.0.0.0/8 Endpoint=192.168.1.1:51820 and run --- # systemctl restart systemd-networkd # wg show wg0 interface: wg0 - public key: * - private key: (hidden) - listening port: 51820 + public key: * + private key: (hidden) + listening port: 51820 peer: * - allowed ips: 10.0.0.0/8 + allowed ips: 10.0.0.0/8 - 4) + 4) the last command should print remote endpoint address. --- # wg show wg0 interface: wg0 - public key: * - private key: (hidden) - listening port: 51820 + public key: * + private key: (hidden) + listening port: 51820 peer: * - endpoint: 192.168.1.1:51820 - allowed ips: 10.0.0.0/8 + endpoint: 192.168.1.1:51820 + allowed ips: 10.0.0.0/8 ** Description changed: [impact] systemd does not set endpoints for wireguard interfaces correctly. This makes wireguard unusable. [test case] install a disco or eoan system and set up a wireguard interface: $ sudo add-apt-repository ppa:wireguard/wireguard $ sudo apt install wireguard ...(this does a lot of stuff)... set up a wireguard server on a separate (pre-disco) system (I used instructions from https://www.linode.com/docs/networking/vpn/set-up-wireguard-vpn-on-ubuntu/#configure-wireguard-server) create a file as below; the private key doesn't matter (can create one with 'wg genkey'), but the WireGuardPeer public key and ip addresses should match what the wireguard server set up above is using: $ cat /etc/systemd/network/wg0.netdev [NetDev] Name=wg0 Kind=wireguard [WireGuard] PrivateKey=* ListenPort=51820 [WireGuardPeer] PublicKey=* AllowedIPs=10.0.0.0/8 Endpoint=192.168.1.1:51820 - $ sudo systemctl restart systemd-networkd $ sudo wg show wg0 interface: wg0 public key: * private key: (hidden) listening
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Also affects: systemd (Ubuntu Eoan) Importance: Undecided Status: Confirmed ** Also affects: systemd (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Eoan) Status: Confirmed => In Progress ** Changed in: systemd (Ubuntu Disco) Status: New => In Progress ** Changed in: systemd (Ubuntu Eoan) Importance: Undecided => Medium ** Changed in: systemd (Ubuntu Disco) Importance: Undecided => Medium ** Changed in: systemd (Ubuntu Eoan) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: systemd (Ubuntu Disco) Assignee: (unassigned) => Dan Streetman (ddstreet) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: systemd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
Hi all, could the package maintainer(s) please take a look at this? This breaks (almost) any WireGuard endpoint configured by systemd- networkd. Worse, it breaks them silently, which makes for a fun debugging adventure. The fixed patch (https://github.com/systemd/systemd-stable/pull/39) has been applied upstream since early February, how did the broken one get backported without testing during a release freeze? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1825378] Re: systemd-networkd doesn't set wireguard peer endpoint
** Tags added: regression -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1825378 Title: systemd-networkd doesn't set wireguard peer endpoint To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1825378/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
