Ubuntu
netplan.io package

the wireguard netplan is being created in the wrong format - still creates tunnels instead of nm-devices

Bug #1966047 reported by Rahul
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
netplan.io (Ubuntu)
New
Undecided
Unassigned

Bug Description

How to recreate my error:
I ran it on CM4 arm64 architechture with Ubuntu Server 20.04 with :
netplan.io at 0.103-0ubuntu5~20.04.6 arm64
network-manager snap at 20/stable: 1.22.10-11

- Install network manager snap:
    sudo snap install network-manager

- Remove network manager that is installed as apt package(if any):
    sudo apt remove network-manager

- Install wireguard and wireguard tools:
    sudo apt install wireguard wireguard-tools

- Create a wiregurad conf file in /etc/wireguard in the format:
    Ref: https://www.wireguard.com/quickstart/
    #########
    [Interface]
    Address = 10.0.0.5/32
    PrivateKey = <private key>

    [Peer]
    PublicKey = <public key>
    AllowedIPs = 10.0.0.0/24
    Endpoint = < end point>
    PersistentKeepalive = 20
    ##########

- bring up this connection:
    sudo wg-quick up <conf file name>

    This would perform the following steps:
    [#] ip link add <conf file name> type wireguard
    [#] wg setconf <conf file name> /dev/fd/63
    [#] ip -4 address add 10.0.0.5/32 dev <conf file name>
    [#] ip link set mtu 1420 up dev <conf file name>
    [#] ip -4 route add 10.0.0.0/24 dev <conf file name>

- This creates a NM snap connection which would be active and also creates a netplan in /etc/netplan:

- Run netplan generate, this would fail because the netplan generated is in wrong format:
    sudo netplan generate

- Returns:
    missing 'mode' property for tunnel
      renderer: NetworkManager
      ^

- the netplan generated is:
    network:
    version: 2
    tunnels:
      nm-name:
        renderer: NetworkManager
        addresses:
        - "<address>"
        ipv6-address-generation: "stable-privacy"
        networkmanager:
          uuid: "<uuid>"
          name: "<name>"
          passthrough:
            connection.type: "wireguard"
            connection.autoconnect: "false"
            connection.permissions: ""
            connection.timestamp: "1647848473"
            wireguard.listen-port: "59015"
            wireguard-peer.<peer-id>.endpoint: ""
            ipv4.dns-priority: "100"
            ipv4.dns-search: ""
            ipv6.dns-priority: "100"
            ipv6.dns-search: ""
            ipv6.method: "ignore"
            proxy._: ""

- Reboot the system:

- Upon reboot you will observe that the wifi is down:
    nmcli d
    nmcli c

- To recover remove the files related to wireguard at : /etc/netplan
    sudo wg-quick down <conf file name>

- reload Nm connections:
    sudo nmcli c reload

See original description
Rahul (ttank)
description: updated
Revision history for this message
Lukas Märdian (slyon) wrote :

Some additional discussion at https://forum.snapcraft.io/t/creating-wireguard-connection-on-network-manager-snap/29182/

I cannot understand how it would still create a "tunnels:" stanza on the latest version of netplan.

But I think I found an explanation now:
The NM snap is not actually using the netplan version installed on your Focal Server system, but rather the netplan version in the “core20” base snap (which lacks behind focal-updates a bit). netplan v0.103-0ubuntu5~20.04.6 already landed in focal-updates, but not yet in core20’s latest/stable channel.

Could you please try to refresh your “core20” base snap to version “20220318” that is currently in the “latest/candidate” channel and try to reproduce again? This should fix the issue IMO!

If that fixes the problem, this would actually be a duplicate of LP: #1962297

Revision history for this message
Lukas Märdian (slyon) wrote :

Citing Rahul from the snapcraft forum:
> I moved core20 to candidate channel and now it creates the right netplan with nm-devices.
> Thanks for the help. Do you know hen this would be pushed into stable?

I'm therefore marking this bug as a duplicate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.