fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-05 13:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/libnm-core
History
Thomas Haller 10e05bf8ab wireguard: support configuring policy routing to avoid routing loops 
For WireGuard (like for all IP-tunnels and IP-based VPNs), the IP addresses of
the peers must be reached outside the tunnel/VPN itself.

For VPN connections, NetworkManager usually adds a direct /32 route to
the external VPN gateway to the underlying device. For WireGuard that is
not done, because injecting a route to another device is ugly and error
prone. Worse: WireGuard with automatic roaming and multiple peers makes this
more complicated.

This is commonly a problem when setting the default-route via the VPN,
but there are also other subtle setups where special care must be taken
to prevent such routing loops.

WireGuard's wg-quick provides a simple, automatic solution by adding two policy
routing rules and relying on the WireGuard packets having a fwmark set (see [1]).

Let's also do that. Add new properties "wireguard.ip4-auto-default-route"
and "wireguard.ip6-auto-default-route" to enable/disable this. Note that
the default value lets NetworkManager automatically choose whether to
enable it (depending on whether there are any peers that have a default
route). This means, common scenarios should now work well without additional
configuration.

Note that this is also a change in behavior and upon package upgrade
NetworkManager may start adding policy routes (if there are peers that
have a default-route). This is a change in behavior, as the user already
clearly had this setup working and configured some working solution
already.

The new automatism picks the rule priority automatically and adds the
default-route to the routing table that has the same number as the fwmark.
If any of this is unsuitable, then the user is free to disable this
automatism. Note that since 1.18.0 NetworkManager supports policy routing (*).
That means, what this automatism does can be also achieved via explicit
configuration of the profile, which gives the user more flexibility to
adjust all parameters explicitly).

(*) but only since 1.20.0 NetworkManager supports the "suppress_prefixlength"
rule attribute, which makes it impossible to configure exactly this rule-based
solution with 1.18.0 NetworkManager.

[1] https://www.wireguard.com/netns/#improved-rule-based-routing
2019-07-29 20:45:49 +02:00
..
tests libnm/crypto: accept TPM2-wrapped PEM keys 2019-07-10 17:31:48 +02:00
meson.build libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-connection-private.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-connection.c libnm: accept %NULL argument in nmtst_connection_assert_unchanging() 2019-07-16 12:35:36 +02:00
nm-connection.h libnm: add NM_CONNECTION_SERIALIZE_WITH_SECRETS_AGENT_OWNED serialization flag 2019-06-17 12:12:02 +02:00
nm-core-enum-types.c.template libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-core-enum-types.h.template build: use template files for enum types' sources generation 2017-12-18 11:25:06 +01:00
nm-core-internal.h libnm: add internal _nm_connection_get_setting() accessor 2019-07-29 18:39:49 +02:00
nm-core-types-internal.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-core-types.h libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-crypto-gnutls.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-crypto-impl.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-crypto-nss.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-crypto.c libnm/crypto: accept TPM2-wrapped PEM keys 2019-07-10 17:31:48 +02:00
nm-crypto.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-dbus-interface.h dbus-interface: add Mesh support 2019-07-29 10:28:22 +02:00
nm-dbus-utils.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-errors.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-errors.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-json.c libnm-core: don't use RTLD_DEEPBIND when building with asan 2018-02-15 15:34:03 +01:00
nm-json.h shared: move most of "shared/nm-utils" to "shared/nm-glib-aux" 2019-04-18 18:59:09 +02:00
nm-keyfile-internal.h settings: support storing "shadowed-storage" to [.nmmeta] section for keyfiles in /run 2019-07-25 22:02:00 +02:00
nm-keyfile-utils.c libnm: add nm_key_file_get_boolean() helper 2019-07-16 12:35:36 +02:00
nm-keyfile-utils.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-keyfile.c settings: rework tracking settings connections and settings plugins 2019-07-16 19:09:08 +02:00
nm-property-compare.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-property-compare.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-6lowpan.c libnm-core: reorder code in settings 2019-01-15 09:55:24 +01:00
nm-setting-6lowpan.h libnm-core: add NMSetting{6Lowpan,Wpan}Class to a public header 2018-06-29 22:34:23 +02:00
nm-setting-8021x.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-8021x.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-adsl.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-adsl.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bluetooth.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bluetooth.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bond.c libnm,core: support more "arp_validate" bond options 2019-07-18 12:17:35 +02:00
nm-setting-bond.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bridge-port.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bridge-port.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bridge.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-bridge.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-cdma.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-cdma.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-connection.c libnm,cli,ifcfg-rh: add connection:wait-device-timeout property 2019-07-10 12:43:06 +02:00
nm-setting-connection.h libnm,cli,ifcfg-rh: add connection:wait-device-timeout property 2019-07-10 12:43:06 +02:00
nm-setting-dcb.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-dcb.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-dummy.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-dummy.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-ethtool.c libnm: belatedly expose nm_ethtool_optname_is_feature() in libnm 2019-06-11 14:58:14 +02:00
nm-setting-ethtool.h libnm: belatedly expose nm_ethtool_optname_is_feature() in libnm 2019-06-11 14:58:14 +02:00
nm-setting-generic.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-generic.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-gsm.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-gsm.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-infiniband.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-infiniband.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-ip-config.c all: codespell fixes 2019-07-24 11:30:19 +02:00
nm-setting-ip-config.h libnm,core: add support for "suppress_prefixlength" rule attribute 2019-07-16 10:03:17 +02:00
nm-setting-ip-tunnel.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-ip-tunnel.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-ip4-config.c libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-setting-ip4-config.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-ip6-config.c libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-setting-ip6-config.h ipv6: add 'disabled' method 2019-06-11 16:22:04 +02:00
nm-setting-macsec.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-macsec.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-macvlan.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-macvlan.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-match.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-match.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-olpc-mesh.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-olpc-mesh.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-ovs-bridge.c core: add ovs-bridge.datapath-type property 2019-07-25 12:32:20 +02:00
nm-setting-ovs-bridge.h core: add ovs-bridge.datapath-type property 2019-07-25 12:32:20 +02:00
nm-setting-ovs-dpdk.c libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-setting-ovs-dpdk.h libnm-core: add ovs-dpdk setting 2019-06-14 12:10:20 +02:00
nm-setting-ovs-interface.c core/ovs-interface: add support for dpdk type 2019-06-14 12:10:20 +02:00
nm-setting-ovs-interface.h libnm-core: add ovs-interface setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-patch.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-ovs-patch.h libnm-core: add ovs-patch setting 2017-10-30 17:40:08 +01:00
nm-setting-ovs-port.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-ovs-port.h libnm-core: add ovs-port setting 2017-10-30 17:40:08 +01:00
nm-setting-ppp.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-ppp.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-pppoe.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-pppoe.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-private.h libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-setting-proxy.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-proxy.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-serial.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-serial.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-sriov.c wireguard: support configuring policy routing to avoid routing loops 2019-07-29 20:45:49 +02:00
nm-setting-sriov.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-tc-config.c libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-setting-tc-config.h libnm: don't return deep-copied strv array from nm_tc_qdisc_get_attribute_names() 2019-04-20 08:09:52 +02:00
nm-setting-team-port.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-team-port.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-team.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-team.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-tun.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-tun.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-user.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-user.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-vlan.c libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-setting-vlan.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-vpn.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-setting-vpn.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-vxlan.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-vxlan.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-wifi-p2p.c shared: build helper "libnm-libnm-core-{intern|aux}.la" library for libnm-core 2019-04-18 18:59:09 +02:00
nm-setting-wifi-p2p.h core/setting-wifi-p2p: Add WFD IEs property to P2P settings 2019-02-21 10:10:20 +01:00
nm-setting-wimax.c all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-wimax.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-wired.c core/wired: include the invalide MAC address in error messages 2019-07-02 16:06:03 +02:00
nm-setting-wired.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-wireguard.c wireguard: support configuring policy routing to avoid routing loops 2019-07-29 20:45:49 +02:00
nm-setting-wireguard.h wireguard: support configuring policy routing to avoid routing loops 2019-07-29 20:45:49 +02:00
nm-setting-wireless-security.c wireless-security: ensure Mesh networks can't use anything but SAE 2019-07-29 11:00:24 +02:00
nm-setting-wireless-security.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-setting-wireless.c man: setting-wireless: add "mesh" to the available modes 2019-07-29 14:20:20 +02:00
nm-setting-wireless.h setting-wireless: allow Mesh mode 2019-07-29 10:47:44 +02:00
nm-setting-wpan.c libnm-core: reorder code in settings 2019-01-15 09:55:24 +01:00
nm-setting-wpan.h core/setting-wpan: add page and channel properties 2018-10-07 15:46:02 +02:00
nm-setting.c libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-setting.h all: drop empty first line from sources 2019-06-11 10:15:06 +02:00
nm-simple-connection.c libnm: workaround assertion failure for nmtst_connection_assert_unchanging() when disposing connection 2019-06-26 09:53:54 +02:00
nm-simple-connection.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-team-utils.c libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-team-utils.h libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-utils-private.h libnm: add nm_connection_to_dbus_full() with options argument 2019-06-28 16:48:17 +02:00
nm-utils.c libnm-core: add nm_utils_wifi_freq_to_band 2019-07-29 11:00:24 +02:00
nm-utils.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-version.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-vpn-dbus-interface.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-vpn-editor-plugin.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-vpn-editor-plugin.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-vpn-plugin-info.c all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00
nm-vpn-plugin-info.h all: drop emacs file variables from source files 2019-06-11 10:04:00 +02:00