NetworkManager Wireguard connection to pivpn wireguard not passing traffic

,

Hey all,

I’ve got Manjaro on a little test VM on my laptop; I’ve run Manjaro in the past on my main rig and I like it a lot, thanks for all the work you all do.

I’ve got a new pivpn VM running as a wireguard server behind a Mikrotik firewall, with the selected UDP port passed through to the VM. I’m able to connect and get traffic across this link from iOS, MacOS, and Windows clients, but so far with Manjaro it’s no dice.

NM (and wg show) indicate the tunnel is connected and even passing small amounts of traffic, but I can’t access anything - not the normal internet nor on my (target) private network.

It appears the pivpn config includes a preshared key for the peer that networkmanager doesn’t have after starting the VPN entry from the exported file, so I added that manually.

Here’s what the server says:

~$ sudo wg show
interface: wg0
  public key: $publickey-server
  private key: (hidden)
  listening port: 51820

...

peer: $publickey-client
  preshared key: (hidden)
  endpoint: 1.2.3.4:55354
  allowed ips: 10.6.0.5/32
  latest handshake: 1 minute, 32 seconds ago
  transfer: 16.54 KiB received, 11.34 KiB sent

Here’s what the Manjaro (client) system says:

 sudo wg show                                                                  ✔ 
[sudo] password for ndr: 
interface: tailgater-dtl2
  public key: $publickey-client
  private key: (hidden)
  listening port: 35365
  fwmark: 0xcb15

peer: $publickey-server
  preshared key: (hidden)
  endpoint: 5.6.7.8:51820
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 25 seconds ago
  transfer: 156 B received, 12.35 KiB sent

but not able to pass traffic to either the remote network, or the interwebs…pings to the router on the target network fail, pings to 8.8.8.8 fail. pings to my local network still succeed.

Keen for suggestions, thanks!

PS: how do i add wireguard as a tag to the forums?

figured it out…looks like the process of creating a vpn from a config file exported by pivpn in networkmanager is behaving differently than the native wireguard client on windows, macos, and ios in two ways, in this instance:

  • the pre shared key that was in the config file was not added to the connection. this might be working its way down if you find redhat bugzilla 1981025 ; the proposed fix appears to have been merged.

  • the IP of the client was incorrectly imported; it should have been 10.6.0.5/24 (and is correct in the config file) but NetworkManager had 10.6.0.0/24. changing that fourth octet to match the config file expected by the server gave me connectivity.

1 Like