From 88756703cf070e37fcfc5fc61a5c09b75de1de2c Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 8 Apr 2020 10:37:51 +0200 Subject: clients: set routing search domain with nameservers when importing WireGuard profile When the users configure a DNS server on the interface, they likely want to use it, regardless whether there is a default route on the device. For that to work, add an explicit "~" search domain. Otherwise, by default NetworkManager only adds the special search domain only on devices that have a "best default route" (nm_ip_config_best_default_route_is). But that only considers a best default route in the main table, and WireGuard (with ipx-auto-default-route) adds the default route to a separate table. The heuristic to determine best devices works not well with policy routing, so explicitly add this search domain during import. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/405 --- clients/common/nm-vpn-helpers.c | 4 ++++ clients/common/tests/test-clients-common.c | 13 +++++++++++++ clients/common/tests/wg-test0.conf | 2 ++ 3 files changed, 19 insertions(+) diff --git a/clients/common/nm-vpn-helpers.c b/clients/common/nm-vpn-helpers.c index 0ebc52d591..cfdd7571ad 100644 --- a/clients/common/nm-vpn-helpers.c +++ b/clients/common/nm-vpn-helpers.c @@ -751,6 +751,10 @@ fail_invalid_secret: if (data_dns) { for (i = 0; i < data_dns->len; i++) nm_setting_ip_config_add_dns (s_ip, data_dns->pdata[i]); + + /* the wg-quick file cannot handle search domains. When configuring a DNS server + * in the wg-quick file, assume that the user want to use it for all searches. */ + nm_setting_ip_config_add_dns_search (s_ip, "~"); } if (data_table == _TABLE_AUTO) { diff --git a/clients/common/tests/test-clients-common.c b/clients/common/tests/test-clients-common.c index a5d803df75..70ee2cb19a 100644 --- a/clients/common/tests/test-clients-common.c +++ b/clients/common/tests/test-clients-common.c @@ -137,6 +137,8 @@ test_client_import_wireguard_test0 (void) { gs_unref_object NMConnection *connection; NMSettingWireGuard *s_wg; + NMSettingIPConfig *s_ip4; + NMSettingIPConfig *s_ip6; NMWireGuardPeer *peer; gs_free_error GError *error = NULL; @@ -175,6 +177,17 @@ test_client_import_wireguard_test0 (void) g_assert_cmpstr (nm_wireguard_peer_get_endpoint (peer), ==, "test.wireguard.com:18981"); g_assert_cmpint (nm_wireguard_peer_get_allowed_ips_len (peer), ==, 1); g_assert_cmpstr (nm_wireguard_peer_get_allowed_ip (peer, 0, NULL), ==, "10.10.10.230/32"); + + s_ip4 = nm_connection_get_setting_ip4_config (connection); + s_ip6 = nm_connection_get_setting_ip6_config (connection); + + g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip4), ==, 1); + g_assert_cmpint (nm_setting_ip_config_get_num_addresses (s_ip6), ==, 0); + + g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip4), ==, 1); + g_assert_cmpint (nm_setting_ip_config_get_num_dns_searches (s_ip6), ==, 0); + + g_assert_cmpstr (nm_setting_ip_config_get_dns_search (s_ip4, 0), ==, "~"); } static void diff --git a/clients/common/tests/wg-test0.conf b/clients/common/tests/wg-test0.conf index 61438c2942..28af4a0003 100644 --- a/clients/common/tests/wg-test0.conf +++ b/clients/common/tests/wg-test0.conf @@ -1,6 +1,8 @@ [Interface] PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk= ListenPort = 51820 +Address = 10.10.10.5/32 +DNS = 10.10.10.1 [Peer] PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg= -- cgit v1.2.1