clients: set routing search domain with nameservers when importing WireGuard profile

When the users configure a DNS server on the interface, they likely want to use it, regardless whether there is a default route on the device. For that to work, add an explicit "~" search domain. Otherwise, by default NetworkManager only adds the special search domain only on devices that have a "best default route" (nm_ip_config_best_default_route_is). But that only considers a best default route in the main table, and WireGuard (with ipx-auto-default-route) adds the default route to a separate table. The heuristic to determine best devices works not well with policy routing, so explicitly add this search domain during import. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/405
2020-04-08 10:37:51 +02:00
parent 9e35b16032
commit 88756703cf
3 changed files with 19 additions and 0 deletions
--- a/clients/common/nm-vpn-helpers.c
+++ b/clients/common/nm-vpn-helpers.c
@@ -751,6 +751,10 @@ fail_invalid_secret:
 		if (data_dns) {
 			for (i = 0; i < data_dns->len; i++)
 				nm_setting_ip_config_add_dns (s_ip, data_dns->pdata[i]);
+
+			/* the wg-quick file cannot handle search domains. When configuring a DNS server
+			 * in the wg-quick file, assume that the user want to use it for all searches. */
+			nm_setting_ip_config_add_dns_search (s_ip, "~");
 		}

 		if (data_table == _TABLE_AUTO) {
--- a/clients/common/tests/test-clients-common.c
+++ b/clients/common/tests/test-clients-common.c
@@ -137,6 +137,8 @@ test_client_import_wireguard_test0 (void)
 {
 	gs_unref_object NMConnection *connection;
 	NMSettingWireGuard *s_wg;
+	NMSettingIPConfig *s_ip4;
+	NMSettingIPConfig *s_ip6;
 	NMWireGuardPeer *peer;
 	gs_free_error GError *error = NULL;

@@ -175,6 +177,17 @@ test_client_import_wireguard_test0 (void)
 	g_assert_cmpstr (nm_wireguard_peer_get_endpoint (peer), ==, "test.wireguard.com:18981");
 	g_assert_cmpint (nm_wireguard_peer_get_allowed_ips_len (peer), ==, 1);
 	g_assert_cmpstr (nm_wireguard_peer_get_allowed_ip (peer, 0, NULL), ==, "10.10.10.230/32");
+
+	s_ip4 = nm_connection_get_setting_ip4_config (connection);
+	s_ip6 = nm_connection_get_setting_ip6_config (connection);
+
+	g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip4), ==, 1);
+	g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip6), ==, 0);
+
+	g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip4), ==, 1);
+	g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip6), ==, 0);
+
+	g_assert_cmpstr (nm_setting_ip_config_get_dns_search (s_ip4, 0), ==, "~");
 }

 static void
--- a/clients/common/tests/wg-test0.conf
+++ b/clients/common/tests/wg-test0.conf
@@ -1,6 +1,8 @@
 [Interface]
 PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
 ListenPort = 51820
+Address = 10.10.10.5/32
+DNS = 10.10.10.1

 [Peer]
 PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=