Update: 31 August 2020 - Added command to stop WG VPN launching on OS Startup
Update: 30 Aug 2020 - Added nm-connection-editor information following reddit conversation
Published 29 Aug 2020
September is (or was depending when you read this) Fedora 32 Month, and a departure to Gnome 3 having spent over a year using KDE Plasma.
After setting up Fedora I got to the VPN setup and then it hit me, in the Network Manager GUI on Fedora 32 Gnome, unlike just about every other mainstream distro there is no Wireguard option.
This option doesn't exist yet. It is possible in Fedora32 to setup Wireguard as a Network Device, it just doesn't show up as a VPN in any of the Gnome Gui Interfaces
Note: this is not the same as Fedora 32 KDE which does have the above option.
This caused me an issue because I have a Wireguard VPN at home and would like to use it from the GUI rather than the command line.
Assumptions
I'm writing this based on my existing Wireguard Roadwarrior server setup which i've documented here (and rebuilt twice using these instructions)
Tech Blog Posts - David Field
I'm aware i could use the inbuilt wireguard tools, nmcli seemed to be a tidier answer for my needs.
Client setup
The answer, or at least part of it is the Network Manager CLI (nmcli) which provides us addtional functionality than the standard wg-quick command.
Ensure under /etc/wireguard/ the following are available
public and private keys
These are generated using the command
wg genkey | tee privatekey | wg pubkey > publickey
This command will generate two files
privatekey and publickey
use the commands to view the random key information
cat privatekey
cat publickeywgo.conf
A client configuation is needed to connect back to the main Wireguard server. I've kept mine purposefully light. I am also running a pi-hole DNS on the Wireguard server.
[Interface]
Address = 10.10.10.11/32
PrivateKey = theprivatekeyyoumadeearlier
ListenPort = 21841
DNS = 10.10.10.1
[Peer]
PublicKey = thepublickeyofyourwireguardserver
Endpoint = 34.123.234.65:51230
AllowedIPs = 0.0.0.0/0
You can test this using the commands
wg-quick up wg0
wg-quick down wg0If this works and you can sucessfully connect to the VPN, then move forward
Import using NMCLI
If the config is working we can now import it into Network Manager
CONF_FILE="wg0.conf"
nmcli connection import type wireguard file "$CONF_FILE"
If you want to delete the config use
nmcli connection delete wg0
To check the config which has been imported run
nmcli --overview connection show wg0this should return something like this
connection.id: wg0
connection.uuid: 35cf8681-bc42-482f-b686-d2f6ad567fe5
connection.type: wireguard
connection.interface-name: wg0
connection.timestamp: 1598731025
ipv4.method: manual
ipv4.dns: 10.10.10.1
ipv4.addresses: 10.10.10.11/32
ipv6.method: disabled
wireguard.private-key-flags: 0 (none)
wireguard.listen-port: 21841
To launch the VPN run the command
nmcli connection up wg0Re run the command
nmcli --overview connection show wg0This time there should be a lot more displayed
connection.id: wg0
connection.uuid: 35cf8681-bc42-482f-b686-d2f6ad567fe5
connection.type: wireguard
connection.interface-name: wg0
connection.timestamp: 1598733549
ipv4.method: manual
ipv4.dns: 10.10.10.1
ipv4.addresses: 10.10.10.11/32
ipv6.method: disabled
wireguard.private-key-flags: 0 (none)
wireguard.listen-port: 21841
GENERAL.NAME: wg0
GENERAL.UUID: 35cf8681-bc42-482f-b686-d2f6ad567fe5
GENERAL.DEVICES: wg0
GENERAL.IP-IFACE: wg0
GENERAL.STATE: activated
GENERAL.DEFAULT: no
GENERAL.DEFAULT6: no
GENERAL.SPEC-OBJECT: --
GENERAL.VPN: no
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveC>
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Setting>
GENERAL.ZONE: --
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 10.10.10.11/32
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 0.0.0.0, mt = 200>
IP4.DNS[1]: 10.10.10.1
The important line is
GENERAL.STATE: activatedTo shutdown the vpn run
nmcli connection up wg0The last thing we need to do here is to stop Wireguard launching when the OS starts
nmcli con mod wg0 connection.autoconnect noThe other useful command for troubleshooting is just
nmcliWhich will also show the network card status
Next we will wrap a gui around these commands using bash and Zenity
Using the GUI
Open the Network Manager Connection Editor from the command line
nm-connection-editor
Click on the + Button and select Wireguard from the drop down
Complete the General, Wireguard and IPV4 Tabs (if you're not sure how, scroll up to the Setup Wireguard Roadwarrior link, and scroll to near the end of that post)
Done
You will notice that even using the nm-connection-editor when you look at the available VPN's the new Wireguard connection isn't shown
Also at time of writing I wasn't able to get any Wireguard Gnome extention to work either.
Zenity
Zenity is a rewrite of gdialog, the GNOME port of dialog which allows you to display dialog boxes from the commandline and shell scripts.
Using Zenity a bash script in Gnome can generate dialog boxes like this
There are links at the end of this post which will help provide a starting point with Zenity.
Script
With the nmcli commands and zenity I was able to create this script
DISCLAIMER: I know running functions from within functions within bash is frowned upon, it was the quickest and dirtiest way of getting this sorted. I'd happily go over better ways to do this.
#!/bin/bash
## VARIABLES
## FUNCTIONS
func_mainmenu(){
# Bash runction for the main menu, split out into a function as it rill be looped back to
ans=$(zenity --list --text "Wireguard HomeVPN" --radiolist --column "Pick" --column "Item" TRUE "Wireguard UP" FALSE "Wireguard DOWN" FALSE "Wireguard STATUS")
}
func_UP(){
nmcli connection up wg0
zenity --question --text "Do you want to check NMCLI status?"
if [ $? = 0 ]; then
func_nmcli
else
func_mainmenu
fi
}
func_DOWN(){
nmcli connection down wg0
zenity --question --text "Do you want to check NMCLI status?"
if [ $? = 0 ]; then
func_nmcli
else
func_mainmenu
fi
}
func_STATUS(){
nmcli --overview connection show wg0 | zenity --text-info --width 600 --height 800
func_mainmenu
}
func_nmcli(){
nmcli | zenity --text-info --width 600 --height 800
func_mainmenu
}
##SCRIPT
##Call the main menu function
func_mainmenu
## take the output of the zenity command and use it over an
## array in a for do look
echo $ans
array=( UP DOWN STATUS )
for i in "${array[@]}"
do
echo $ans | grep $i
result=$(echo $?)
echo $result
if [ $result = 0 ]; then
func_$i
fi
doneThis Runs the following
Click on Wireguard UP and the Wireguard connection will be brought up, once done you'll be asked if you want to see the status of the connection
Clicking No goes back to the main menu, clicking yes
Shows all the enabled connections in Network Manager, and we can see the wg0 interface is up.
Click on OK/Cancel and the main menu is displayed
Selecting Wireguard DOWN reverses the process and drops the connection.
Selecting Wireguard STATUS provides the status of the connection.
Last bits
I linked the script to /usr/local/bin/wglauncher and pulled an icon off a google search.
I created a wglauncher.desktop file in /usr/share/applications
[Desktop Entry]
Version=1.0
Name=Wireguard
Icon=/home/david/Pictures/icon/wireguard.png
Type=Application
Terminal=false
Keywords=Network;
Exec=/usr/local/bin/wglauncherThis created a simple bash driven Wireguard launcher.
Git Repo
GitLab
Useful Links
A complete zenity dialog examples 2
A complete zenity dialog examples 1
WireGuard in NetworkManager