Description of problem: When trying to establish a wireguard connection including a pre-shared key, the connection will not be enabled.
Version-Release number of selected component (if applicable): nmcli 1.30.4-1.fc34
Steps to Reproduce:
1. Open a terminal window as unpriviledged user and type "nm-connection-editor"
2. Add a new wireguard connection wg0 including a pre-shared key choosing only to save the Pre-shared key and the Private key for the current user.
3. Bring the connection up using "nmcli connection up wg0"
Actual results: The connection will not become active.
Expected results: The connection should become active.
please provide a level=TRACE log.
Read https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/contrib/fedora/rpm/NetworkManager.conf#L27 for hints about logging and how about to get logs. Note also the comments about private sensitive data in the logs and take care of that.
The PSK doesn´t get saved to the GNOME-keyring. preshared-key-flags=1 is set in the config file. That´s all I can provide at the moment.
Without looking deeper into this:
gnome-shell does not support WireGuard yet (). So it would be expected that it is unable to store the WireGuard secret.
The private key gets stored in the GNOME-keyring though.
Created attachment 1801697 [details]
I can reproduce the issue in fedora 34 KDE and changed the log level to trace and attached it.
(In reply to Afox from comment #4)
> The private key gets stored in the GNOME-keyring though.
The private key is a standard property, while the preshared-key is a key in an array of dictionaries (the peers) and must be handled specially by secret agents (GNOME Applet, GNOME Shell or KDE Applet).
This adds support to the GNOME Applet:
Will this fix find its way to Fedora 34? Thank you
Yes, probably when there is the next upstream release. But from what I understood you are using GNOME-Shell while that fix was for the nm-applet, so it doesn't affect you.
If I understood correctly there currently is no wireguard implementation in GNOME-Shell so if using "nm-connection-editor" means using the nm-applet it affects and fixes it for me. Best regards
> so if using "nm-connection-editor" means using the nm-applet
While "nm-connection-editor" and "nm-applet" are part of the same project, they are different binaries. Probably you can run "nm-applet" from GNOME, but the applet icon will not appear anywhere; however it should be able to fetch secrets from the keyring.