I fucking hate modern linux. Fuck netplan. Fuck systemd. Fuck resolved. Fuck wayland. Fuck snaps. Fuck flatpaks and fuck appimages. Also fuck apparmor. NetworkManager you're on thin fucking ice after today but you're allowed to stay.
Conversation
Notices
-
Embed this notice
reldred (reldred@social.bcicorporate.com)'s status on Thursday, 04-Apr-2024 01:59:12 JST 
reldred
-
Embed this notice
受不了包 (shibao@misskey.bubbletea.dev)'s status on Thursday, 04-Apr-2024 01:59:10 JST
受不了包
@reldred@social.bcicorporate.com NetworkManager is on my bad list cuz there's still no gui option to import wireguard configs after years, and when it activates it doesn't to post up and post down commands to actually tunnel your traffic which I assume is what 99% of people want with wireguard so your wireguard IPs just get slapped into your existing network situation
-
Embed this notice
受不了包 (shibao@misskey.bubbletea.dev)'s status on Thursday, 04-Apr-2024 02:42:10 JST
受不了包
@thatbrickster@shitposter.world @reldred@social.bcicorporate.com hmm ok maybe but i'm only using nm-applet and not gnome, i think i should probably just go with netctl but I'm lazy and want something that works, seems like networkmanager isn't going to be that though
-
Embed this notice
Bricky (thatbrickster@shitposter.world)'s status on Thursday, 04-Apr-2024 02:42:11 JST 
Bricky
@shibao I can at least say importing WireGuard configs on GNOME can be done through the GUI and isn't a PITA (yet).
@reldred -
Embed this notice
受不了包 (shibao@misskey.bubbletea.dev)'s status on Thursday, 04-Apr-2024 04:07:01 JST
受不了包
@mr64bit@p.mr64.net @reldred@social.bcicorporate.com it doesn't do a full tunnel or at least that's what network manager was doing ._.
-
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 04-Apr-2024 04:07:02 JST 
mr64bit
@shibao @reldred Huh, Wireguard should tunnel traffic by setting up rule tables, without needing a PostUp to further modify anything. -
Embed this notice
受不了包 (shibao@misskey.bubbletea.dev)'s status on Thursday, 04-Apr-2024 04:10:41 JST
受不了包
@mr64bit@p.mr64.net @reldred@social.bcicorporate.com yep, and then i'd run netstat -r and it'd show 192.168 addresses on my wireless network interface and then 10.0 addresses on the wireguard tunnel
-
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 04-Apr-2024 04:10:42 JST
mr64bit
@shibao @reldred You've got allowed-ips=0.0.0.0/0;::/0; I assume? (happy to help troubleshoot if you're up for it)
-
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 04-Apr-2024 04:40:38 JST
mr64bit
@shibao @reldred Have you tcpdumped your external interface to verify though? Instead of modifying your main routing table, Wireguard uses packet marking and routing rules. It marks its own packets with a tag, and adds a routing rule to redirect all non-tagged packets to a different routing table that sends them through the tunnel.
~ % ip rule 0: from all lookup local 31492: from all lookup main suppress_prefixlength 0 31493: not from all fwmark 0x1337 lookup 4919 32766: from all lookup main 32767: from all lookup default ~ % ip route sh table 4919 default dev wg0 proto static scope link metric 50 -
Embed this notice
mr64bit (mr64bit@p.mr64.net)'s status on Thursday, 04-Apr-2024 04:40:38 JST
mr64bit
@shibao If yours isn't setting the other table up, try setting "fwmark" in your .nmconnection file I guess (then sudo nmcli con reload). I don't remember if I added it because it's required, or just to set the tag to 0x1337.
[wireguard] fwmark=4919 -
Embed this notice
受不了包 (shibao@misskey.bubbletea.dev)'s status on Thursday, 04-Apr-2024 04:41:24 JST
受不了包
@mr64bit@p.mr64.net @reldred@social.bcicorporate.com huhe, i didn't know that. I might need to try with it, I wonder if that's only a wg-quick thing though, network manager doesn't use wg-quick iirc
-
Embed this notice
All GNU social JP content and data are available under the