Vanessa Wireguard config

[monkeybrainz]

I'm new to Mint and starting today with Vanessa. Got it installed and all went well. I'm loving the Cinnamon desktop. Very slick.

I am, however, completely confused with configuring wireguard in NetworkManager. I've got smany questions and suggestions.

1. Is there no way to import a wireguard config file? We use a tool (wireguard-easy) to generate config files and QR codes for easy connections. I've found no way in the NetMan GUI to import a config. I've found a way to do it with nmcli, but it isn't trivial.

2. Is there no way in the GUI to bring wireguard up? It seems that my only options are to have it always on or use nmcli to bring the connection up. Once I bring it up, I can disconnect with the GUI, but I cannot reconnect without using nmcli.

It seems like wireguard is treated as a virtual-nic instead of a VPN connection and therein lies the rub. While it IS a virtual NIC, that isn't how many (most?) of us would use it. I would prefer that it be listed with the wireless connections with a slider to turn it on and off

Wireguard is just so much faster than OpenVPN it isn't funny. We've converted most of our users to it and the results have been impressive. We are even toying with FireZone for a self configuration tool for end-users.

Can someone please confirm my findings or point me in the right direction if I am as clueless as I feel right now?

[jannbjorn]

1. Is there no way to import a wireguard config file? We use a tool (wireguard-easy) to generate config files and QR codes for easy connections. I've found no way in the NetMan GUI to import a config. I've found a way to do it with nmcli, but it isn't trivial.

nmcli is a way of importing an existing config. Though it looks to be designed for importing configs from wg-quick. You might need to convert your current config to match the wg-quick format.

nmcli connection import type wireguard file {FILENAME}

This worked without issue when I tried importing my wg-configs. The config immediately showing up in Network Connections.

It is documented that that the PreUp, PostUp, PreDown, and PostDown statements are ignored during import and that the connection will be set to start automatically.

2. Is there no way in the GUI to bring wireguard up? It seems that my only options are to have it always on or use nmcli to bring the connection up. Once I bring it up, I can disconnect with the GUI, but I cannot reconnect without using nmcli.

NetworkManager does treat WireGuard as a separate connection type and while visible in Network Settings I've only been able to turn an existing connection off.

You could toggle a connection via Network Connections by changing the automatic start behavior on the general tab of the connection definition.


As I also use PostUp and PreDown to route all traffic over the wg vpn, and that these are not yet handled by NetworkManager, I'm continuing to use wg-quick for the moment.


I found these sites useful:

https://www.xmodulo.com/wireguard-vpn-n ... r-gui.html
https://blogs.gnome.org/thaller/2019/03 ... rkmanager/

HTH

[mladenp]

In Linux mint 21 Xfce edition, when added via network-connections, the Wireguard does appear under VPN section so you can turn it on and off much easier.
Will this function be added to Cinnamon edition as well?

[Coggy]

If you have a wireguard wg-quick config file and put it in /etc/wireguard/vpn_name.conf then you can control it with
sudo systemctl start wg-quick@vpn_name.service.
sudo systemctl stop wg-quick@vpn_name.service.
You can enable (or disable) the service for start on boot.
Don't know it that's good enough for you though, but it's an option.

[mladenp]

Thank you for the info! I didn't know about wg-quick.

I have created wq-quick config files and putted them in /etc/wireguard folder.

After that I installed Wireguard applet(wireguard@nicoulaj.net) for Cinnamon. Which can be used to control wireguard interfaces.

Only issue is that you need to provide sudo password everytime you try to turn wireguard interface on or off.

But it all works.