diff options
| author | Thomas Haller <thaller@redhat.com> | 2020-04-08 10:37:51 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2020-04-08 12:33:56 +0200 |
| commit | 88756703cf070e37fcfc5fc61a5c09b75de1de2c (patch) | |
| tree | 2fcb39b12170cfef5d96b662928cb66cb768f69c | |
| parent | 9e35b1603216cc4a5a46d6430a6dafb9ea27aaa9 (diff) | |
| download | NetworkManager-88756703cf070e37fcfc5fc61a5c09b75de1de2c.tar.gz | |
clients: set routing search domain with nameservers when importing WireGuard profile
When the users configure a DNS server on the interface, they likely
want to use it, regardless whether there is a default route on the
device.
For that to work, add an explicit "~" search domain.
Otherwise, by default NetworkManager only adds the special search domain
only on devices that have a "best default route" (nm_ip_config_best_default_route_is).
But that only considers a best default route in the main table, and
WireGuard (with ipx-auto-default-route) adds the default route to a
separate table. The heuristic to determine best devices works not well
with policy routing, so explicitly add this search domain during import.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/405
| -rw-r--r-- | clients/common/nm-vpn-helpers.c | 4 | ||||
| -rw-r--r-- | clients/common/tests/test-clients-common.c | 13 | ||||
| -rw-r--r-- | clients/common/tests/wg-test0.conf | 2 |
3 files changed, 19 insertions, 0 deletions
diff --git a/clients/common/nm-vpn-helpers.c b/clients/common/nm-vpn-helpers.c index 0ebc52d591..cfdd7571ad 100644 --- a/clients/common/nm-vpn-helpers.c +++ b/clients/common/nm-vpn-helpers.c @@ -751,6 +751,10 @@ fail_invalid_secret: if (data_dns) { for (i = 0; i < data_dns->len; i++) nm_setting_ip_config_add_dns (s_ip, data_dns->pdata[i]); + + /* the wg-quick file cannot handle search domains. When configuring a DNS server + * in the wg-quick file, assume that the user want to use it for all searches. */ + nm_setting_ip_config_add_dns_search (s_ip, "~"); } if (data_table == _TABLE_AUTO) { diff --git a/clients/common/tests/test-clients-common.c b/clients/common/tests/test-clients-common.c index a5d803df75..70ee2cb19a 100644 --- a/clients/common/tests/test-clients-common.c +++ b/clients/common/tests/test-clients-common.c @@ -137,6 +137,8 @@ test_client_import_wireguard_test0 (void) { gs_unref_object NMConnection *connection; NMSettingWireGuard *s_wg; + NMSettingIPConfig *s_ip4; + NMSettingIPConfig *s_ip6; NMWireGuardPeer *peer; gs_free_error GError *error = NULL; @@ -175,6 +177,17 @@ test_client_import_wireguard_test0 (void) g_assert_cmpstr (nm_wireguard_peer_get_endpoint (peer), ==, "test.wireguard.com:18981"); g_assert_cmpint (nm_wireguard_peer_get_allowed_ips_len (peer), ==, 1); g_assert_cmpstr (nm_wireguard_peer_get_allowed_ip (peer, 0, NULL), ==, "10.10.10.230/32"); + + s_ip4 = nm_connection_get_setting_ip4_config (connection); + s_ip6 = nm_connection_get_setting_ip6_config (connection); + + g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip4), ==, 1); + g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip6), ==, 0); + + g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip4), ==, 1); + g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip6), ==, 0); + + g_assert_cmpstr (nm_setting_ip_config_get_dns_search (s_ip4, 0), ==, "~"); } static void diff --git a/clients/common/tests/wg-test0.conf b/clients/common/tests/wg-test0.conf index 61438c2942..28af4a0003 100644 --- a/clients/common/tests/wg-test0.conf +++ b/clients/common/tests/wg-test0.conf @@ -1,6 +1,8 @@ [Interface] PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= ListenPort = 51820 +Address = 10.10.10.5/32 +DNS = 10.10.10.1 [Peer] PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= |