Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AllowedIPs not working properly #61

Open
jhuber1965 opened this issue Apr 4, 2022 · 0 comments
Open

AllowedIPs not working properly #61

jhuber1965 opened this issue Apr 4, 2022 · 0 comments

Comments

@jhuber1965
Copy link

jhuber1965 commented Apr 4, 2022
edited
Loading

Hello!

I am running Ubuntu 20.04 LTS with NetworkManager version 1.22.10

The WireGuard configuration is :

[Interface]
PrivateKey = removed
Address = 10.200.85.2/32
MTU = 1412
DNS = 10.200.85.1

[Peer]
PublicKey = removed
Endpoint = removed
AllowedIPs = 0.0.0.0/0

When starting the VPN through NetworkManager, this works as expected, and all traffic is routed through the VPN. However, I only want traffic for 10.x.x.x routed through the VPN. If I set AllowedIPs = 10.0.0.0/8 in the NetworkManager WireGuard dialog box, nothing is routed through the VPN. This latter change works fine and as expected when using sudo wg-quick up from the command line.

When the VPN is started from NetworkManager:

jhuber@t5610:~$ sudo wg
interface: APC-Wireguard
  public key: <removed>
  private key: (hidden)
  listening port: 60669

peer: <removed>
  endpoint: x.x.x.x:51820
  allowed ips: 10.0.0.0/8
  latest handshake: 13 seconds ago
  transfer: 380 B received, 372 B sent
jhuber@t5610:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 enp0s25
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp0s25
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp0s25
jhuber@t5610:~$ ip route get 10.0.15.113
10.0.15.113 via 192.168.0.1 dev enp0s25 src 192.168.0.31 uid 1000

When the VPN is started from the command line with sudo wg-quick up /home/jhuber/Desktop/APC-Wireguard.conf:

jhuber@t5610:~$ sudo wg
interface: APC-Wireguard
  public key: <removed>
  private key: (hidden)
  listening port: 51548

peer: <removed>
  endpoint: x.x.x.x:51820
  allowed ips: 10.0.0.0/8
  latest handshake: 8 seconds ago
  transfer: 7.42 KiB received, 4.99 KiB sent
jhuber@t5610:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 enp0s25
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 APC-Wireguard
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp0s25
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp0s25
jhuber@t5610:~$ ip route get 10.0.15.113
10.0.15.113 dev APC-Wireguard src 10.200.85.2 uid 1000

Comparing the two, there seems to be a route missing for APC-Wireguard when the VPN is started from within NetworkManager. Manually adding this missing route on the IPV4 tab for the WireGuard VPN in NetworkManager seems to solve the issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jhuber1965