From 7b630d8dba5d1363be87dba499a5852aec67da9a Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 8 Apr 2020 13:42:00 +0200
Subject: [PATCH] clients: set ipv4.dns-priority to a exclusive value (-10)
 when importing WireGuard profiles

---
 clients/common/nm-vpn-helpers.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/clients/common/nm-vpn-helpers.c b/clients/common/nm-vpn-helpers.c
index cfdd7571ad..35ed445187 100644
--- a/clients/common/nm-vpn-helpers.c
+++ b/clients/common/nm-vpn-helpers.c
@@ -744,6 +744,14 @@ fail_invalid_secret:
 		              data_addr ? method_manual : method_disabled,
 		              NULL);
 
+		/* For WireGuard profiles, always set dns-priority to a negative value,
+		 * so that DNS servers on other profiles get ignored. This is also what
+		 * wg-quick does, by calling `resolvconf -x`. */
+		g_object_set (s_ip,
+		              NM_SETTING_IP_CONFIG_DNS_PRIORITY,
+		              (int) -10,
+		              NULL);
+
 		if (data_addr) {
 			for (i = 0; i < data_addr->len; i++)
 				nm_setting_ip_config_add_address (s_ip, data_addr->pdata[i]);