colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clients: set routing search domain with nameservers when importing WireGuard profile

Browse Source 
When the users configure a DNS server on the interface, they likely
want to use it, regardless whether there is a default route on the
device.

For that to work, add an explicit "~" search domain.

Otherwise, by default NetworkManager only adds the special search domain
only on devices that have a "best default route" (nm_ip_config_best_default_route_is).
But that only considers a best default route in the main table, and
WireGuard (with ipx-auto-default-route) adds the default route to a
separate table. The heuristic to determine best devices works not well
with policy routing, so explicitly add this search domain during import.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/405
This commit is contained in:
Thomas Haller
2020-04-08 10:37:51 +02:00
parent 9e35b16032
commit 88756703cf
3 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clients/common/nm-vpn-helpers.c
View File

@@ -751,6 +751,10 @@ fail_invalid_secret:
if (data_dns) { if (data_dns) {
for (i = 0; i < data_dns->len; i++) for (i = 0; i < data_dns->len; i++)
nm_setting_ip_config_add_dns (s_ip, data_dns->pdata[i]); nm_setting_ip_config_add_dns (s_ip, data_dns->pdata[i]);
/* the wg-quick file cannot handle search domains. When configuring a DNS server
* in the wg-quick file, assume that the user want to use it for all searches. */
nm_setting_ip_config_add_dns_search (s_ip, "~");
} }
if (data_table == _TABLE_AUTO) { if (data_table == _TABLE_AUTO) {

13
clients/common/tests/test-clients-common.c
View File

@@ -137,6 +137,8 @@ test_client_import_wireguard_test0 (void)
{ {
gs_unref_object NMConnection *connection; gs_unref_object NMConnection *connection;
NMSettingWireGuard *s_wg; NMSettingWireGuard *s_wg;
NMSettingIPConfig *s_ip4;
NMSettingIPConfig *s_ip6;
NMWireGuardPeer *peer; NMWireGuardPeer *peer;
gs_free_error GError *error = NULL; gs_free_error GError *error = NULL;
@@ -175,6 +177,17 @@ test_client_import_wireguard_test0 (void)
g_assert_cmpstr (nm_wireguard_peer_get_endpoint (peer), ==, "test.wireguard.com:18981"); g_assert_cmpstr (nm_wireguard_peer_get_endpoint (peer), ==, "test.wireguard.com:18981");
g_assert_cmpint (nm_wireguard_peer_get_allowed_ips_len (peer), ==, 1); g_assert_cmpint (nm_wireguard_peer_get_allowed_ips_len (peer), ==, 1);
g_assert_cmpstr (nm_wireguard_peer_get_allowed_ip (peer, 0, NULL), ==, "10.10.10.230/32"); g_assert_cmpstr (nm_wireguard_peer_get_allowed_ip (peer, 0, NULL), ==, "10.10.10.230/32");
s_ip4 = nm_connection_get_setting_ip4_config (connection);
s_ip6 = nm_connection_get_setting_ip6_config (connection);
g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip4), ==, 1);
g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip6), ==, 0);
g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip4), ==, 1);
g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip6), ==, 0);
g_assert_cmpstr (nm_setting_ip_config_get_dns_search (s_ip4, 0), ==, "~");
} }
static void static void

2
clients/common/tests/wg-test0.conf
View File

@@ -1,6 +1,8 @@
[Interface] [Interface]
PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
ListenPort = 51820 ListenPort = 51820
Address = 10.10.10.5/32
DNS = 10.10.10.1
[Peer] [Peer]
PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=