are WG clients expected to automatically handle it when the endpoint is within the AllowedIPs
Kajetan Staszkiewicz
vegeta at tuxpowered.net
Thu Jun 5 10:27:22 UTC 2025
On 2025-05-23 00:36, Christoph Anton Mitterer wrote:
> (re-posting, now that the list seems to work again)
>
>
> Hey folks.
>
> In science/education, many organisations (I could find the total list
> only in the Android app, but there it seems to be several 1000) use
> eduVPN to provide VPN access to their users.
> It comes with a client which, AFAIU, either sets up some OpenVPN or WG
> VPN.
>
> I've previously used the OpenVPN profile files successfully with
> NetworkManager but now wanted to switch to WG, and again I don't wanna
> use the eduVPN client, because I think this should be done with the
> native tools that integrate nicely into the system (e.g. NM for desktop
> environments, ifupdown/systemd-networkd/etc. for servers).
>
> …
>
> Using that config with NM fails
NetworkManager's Wireguard implemmentation already has a way of
supporting it by using fwmarks. It's just that the fwmark operation is
not automatically turned unless the tunnel is configured with
AllowedIPs=::/0
See my comment and a workaround which always forces the fwmark operation
on
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1157#note_2426757
--
| pozdrawiam / regards | Powered by Debian and FreeBSD |
| Kajetan Staszkiewicz | www: http://tuxpowered.net |
| | matrix: @vegeta:tuxpowered.net |
`----------------------^--------------------------------'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20250605/ff134055/attachment.sig>
More information about the WireGuard
mailing list