Public bug reported:
When "Add Peer Routes" is enabled on a Wireguard tunnel in network
manager (meaning wireguard.peer-routes: "true" is enabled), this causes
the Allowed IPs for a tunnel to be added to the routing. For general
purpose tunnels, though (where the intention is for the tunnel to route
substantially all traffic), this has the added consequence of causing
the endpoint address to also be routed INTO the tunnel.
It is never desirable for a peer's endpoint address to be routed into
its own tunnel. This always creates a tunnel Klein bottle, which always
renders the tunnel unusable.
Currently the only remedies are to either:
1) Enter endpoint's IP address into a manual routing entry for the WiFi or
wired connection, or
2) Manually create a long Allowed IP list of ranges for the peer that
surgically exclude the peer's own endpoint IP.
Neither of these options are good, as they effectively prevent the use
of a hostname for an endpoint, and will cause the connection to fail if
the endpoint's IP changes. They also both require substantial
configuration and essentially render Network Manager useless to the
majority of users to create a Wireguard tunnel.
The expectation is that Network Manager will automatically exclude the
endpoint's resolved IP address at tunnel activation time from any peer
routes that are dynamically created. Making this change will have no
adverse effect, since there is no possible use case for the above
described Klein bottle routing.
This problem has existed since at least Unbuntu v22.
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: New
** Tags: endpoint wireguard
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2126614
Title:
wireguard.peer-routes: "true" causes Network Manager to route endpoint
address through the tunnel
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2126614/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
