From db53e5f3cdee368c58bff7386bdd04fa2d094837 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 27 Oct 2021 19:45:01 +0200 Subject: [PATCH] nmcli: fix import WireGuard profile with DNS domain and address family disabled In NetworkManager, a profile cannot have "ipvx.dns" or "ipvx.dns-search" while the corresponding IP method is disabled. Together with the oddity that in NetworkManager DNS settings are separate per IPv4 and IPv6, this causes problems: $ cat wg0.conf [Interface] PrivateKey = CBXpiLxQ98TLISJ2cypEFtQb/djzYzENyy0jzhWa/UA= Address = 192.168.1.100 DNS = 10.11.12.13, foobar.de [Peer] PublicKey = Wus1sBzZiQkyxr6ZitUFNvfYD7KJkwTsWlcxvJ/4SHI= Endpoint = 1.2.3.4:51827 AllowedIPs = 0.0.0.0/0 $ nmcli connection import type wireguard file wg0.conf Error: failed to import 'wg0.conf': Failed to create WireGuard connection: ipv6.dns-search: this property is not allowed for 'method=disabled'. Fixes: 3ab082ed962d ('cli: support dns-search for import of WireGuard profiles') --- src/libnmc-base/nm-vpn-helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libnmc-base/nm-vpn-helpers.c b/src/libnmc-base/nm-vpn-helpers.c index 60b5ecc47..99a692762 100644 --- a/src/libnmc-base/nm-vpn-helpers.c +++ b/src/libnmc-base/nm-vpn-helpers.c @@ -746,7 +746,7 @@ fail_invalid_secret: GPtrArray * data_addr = is_v4 ? data_addr_v4 : data_addr_v6; GPtrArray * data_dns_search2 = data_dns_search; - if (data_dns && !data_addr) { + if (!data_addr) { /* When specifying "DNS", we also require an "Address" for the same address * family. That is because a NMSettingIPConfig cannot have @method_disabled * and DNS settings at the same time.