Bug 1981025 - Wireguard with Pre-shared key not working
Summary: Wireguard with Pre-shared key not working
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: network-manager-applet
Version: 36
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lubomir Rintel
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-10 16:23 UTC by Afox
Modified: 2023-05-25 17:40 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-05-25 17:40:17 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
networkmanager logs (2.61 MB, text/plain)
2021-07-15 01:12 UTC, fabian.quintanar.crx
no flags Details

Description Afox 2021-07-10 16:23:10 UTC
Description of problem: When trying to establish a wireguard connection including a pre-shared key, the connection will not be enabled.


Version-Release number of selected component (if applicable): nmcli 1.30.4-1.fc34


Steps to Reproduce:
1. Open a terminal window as unpriviledged user and type "nm-connection-editor"
2. Add a new wireguard connection wg0 including a pre-shared key choosing only to save the Pre-shared key and the Private key for the current user.
3. Bring the connection up using "nmcli connection up wg0"

Actual results: The connection will not become active.


Expected results: The connection should become active.

Comment 1 Thomas Haller 2021-07-11 14:51:37 UTC
please provide a level=TRACE log.

Read https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/contrib/fedora/rpm/NetworkManager.conf#L27 for hints about logging and how about to get logs. Note also the comments about private sensitive data in the logs and take care of that.

Comment 2 Afox 2021-07-12 09:06:21 UTC
The PSK doesn´t get saved to the GNOME-keyring. preshared-key-flags=1 is set in the config file. That´s all I can provide at the moment.

Comment 3 Thomas Haller 2021-07-12 15:09:02 UTC
Without looking deeper into this:

gnome-shell does not support WireGuard yet ([1]). So it would be expected that it is unable to store the WireGuard secret.

[1] https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2989

Comment 4 Afox 2021-07-12 16:53:37 UTC
The private key gets stored in the GNOME-keyring though.

Comment 5 fabian.quintanar.crx 2021-07-15 01:12:57 UTC
Created attachment 1801697 [details]
networkmanager logs

I can reproduce the issue in fedora 34 KDE and changed the log level to trace and attached it.

Comment 6 Beniamino Galvani 2021-08-03 08:38:30 UTC
(In reply to Afox from comment #4)
> The private key gets stored in the GNOME-keyring though.

The private key is a standard property, while the preshared-key is a key in an array of dictionaries (the peers) and must be handled specially by secret agents (GNOME Applet, GNOME Shell or KDE Applet).

This adds support to the GNOME Applet: 

  https://gitlab.gnome.org/GNOME/network-manager-applet/-/merge_requests/102/commits

Comment 7 Afox 2021-08-05 13:01:11 UTC
Will this fix find its way to Fedora 34? Thank you

Comment 8 Beniamino Galvani 2021-08-06 15:19:06 UTC
Yes, probably when there is the next upstream release. But from what I understood you are using GNOME-Shell while that fix was for the nm-applet, so it doesn't affect you.

Comment 9 Afox 2021-08-06 15:35:13 UTC
If I understood correctly there currently is no wireguard implementation in GNOME-Shell so if using "nm-connection-editor" means using the nm-applet it affects and fixes it for me. Best regards

Comment 10 Beniamino Galvani 2021-08-06 15:42:04 UTC
> so if using "nm-connection-editor" means using the nm-applet 

While "nm-connection-editor" and "nm-applet" are part of the same project, they are different binaries. Probably you can run "nm-applet" from GNOME, but the applet icon will not appear anywhere; however it should be able to fetch secrets from the keyring.

Comment 11 Ben Cotton 2022-05-12 16:05:03 UTC
This message is a reminder that Fedora Linux 34 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 34 on 2022-06-07.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '34'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 34 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 12 Afox 2022-05-13 08:53:54 UTC
Using network-manager-applet version 1.24.0 this issue doesn´t seem to be resolved as also stated in this issue on gitlab: https://gitlab.gnome.org/GNOME/network-manager-applet/-/issues/157

Comment 13 Ben Cotton 2023-04-25 16:43:11 UTC
This message is a reminder that Fedora Linux 36 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '36'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 36 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 14 Ludek Smid 2023-05-25 17:40:17 UTC
Fedora Linux 36 entered end-of-life (EOL) status on 2023-05-16.

Fedora Linux 36 is no longer maintained, which means that it
will not receive any further security or bug fix updates. As a result we
are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora Linux
please feel free to reopen this bug against that version. Note that the version
field may be hidden. Click the "Show advanced fields" button if you do not see
the version field.

If you are unable to reopen this bug, please file a new report against an
active release.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.