From 3ac7929e903ac63b12cf1d7da98b486b2fcfed06 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 10 Sep 2020 11:22:45 +0200 Subject: [PATCH] clients: set "ipv[46].dns-priority=-50" during import of WireGuard profiles WireGuard's wg-quick primarily wants to avoid DNS leaks, and thus also our import code should generate profiles that configure exclusive DNS servers. This is done by setting "ipv[46].dns-priority" to a negative value. Note that if a profile leaves the DNS priority at zero (which in many regard is the default), then the zero translates to 50 (for VPN profiles) and 100 (for other profiles). Instead of setting the DNS priority to -10, set it to -50. This gives some more room so that the user can choose priorities that are worse than the WireGuard's one, but still negative (exclusive). Also, since the positive range defaults to 50 and 100, let's stretch the range a bit. Since this only affects import and creation of new profiles, such a change in behavior seems acceptable. --- clients/common/nm-vpn-helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clients/common/nm-vpn-helpers.c b/clients/common/nm-vpn-helpers.c index 74ff52bb2b..6f6a2b410a 100644 --- a/clients/common/nm-vpn-helpers.c +++ b/clients/common/nm-vpn-helpers.c @@ -766,7 +766,7 @@ fail_invalid_secret: * wg-quick does, by calling `resolvconf -x`. */ g_object_set (s_ip, NM_SETTING_IP_CONFIG_DNS_PRIORITY, - (int) -10, + (int) -50, NULL); if (data_addr) {