Ignore empty wireguard endpoints
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
netplan.io (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
Creating a Wireguard tunnel using the GUI allows the user to omit the peer endpoint.
The configuration created by NetworkManager will still include the Endpoint= key with an empty string ("")
as its value. This configuration will then be imported into a Netplan state using libnetplan and the
resulting YAML file will include the empty string as the endpoint value. When libnetplan loads and parses
the resulting YAML, the validation process will not accept the empty string as the endpoint value and fail.
An endpoint that's an empty string should just be ignored.
[ Test Plan ]
How to reproduce the issues.
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type WireGuard
a) Set the interface name to wg0
b) Set the private key to 4GgaQCy68nzNsUE
c) In the "peers" section, click on Add
d) Set the "Public key" to M9nt4YujIOmNrRm
e) Leave the other settings empty and click on Apply then Save
4) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop NetworkManager[
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.
Testing the fixes
1) Add the PPA repository with the updated package and upgrade netplan
$ sudo add-apt-repository ppa:danilogondo
$ sudo apt update && sudo apt upgrade -y
3) Restart Network Manager
$ sudo systemctl restart NetworkManager
4) Run the test described above again and check they will not cause any crashes
[ Where problems could occur ]
As we are only relaxing the validation of Wireguard endpoints to ignore empty strings
we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.
All the autopkgtests from netplan.io and network-manager are still passing with these patches.
--- Original description ---
The Network Manager's GUI in gnome will emit a wireguard endpoint with an empty string ("") when it's omitted by the user. As Netplan is rejecting this configuration, NM will fail to create the connection.
This is addressed by this patch https:/
This problem is related to this LP bug https:/
Related branches
- Lukas Märdian: Approve
- Ubuntu Core Development Team: Pending requested
-
Diff: 544 lines (+506/-1)5 files modifieddebian/changelog (+14/-0)
debian/control (+2/-1)
debian/patches/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (+117/-0)
debian/patches/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch (+371/-0)
debian/patches/series (+2/-0)
description: | updated |
description: | updated |
tags: |
added: verification-done-mantic removed: verification-needed-mantic |
I staged the changes for Noble /git.launchpad. net/~ubuntu- core-dev/ netplan/ +git/ubuntu/ log/?h= ubuntu- noble
- https:/
And sponsored the SRU into Mantic: /launchpad. net/ubuntu/ mantic/ +queue? queue_state= 1&queue_ text=netplan /git.launchpad. net/~ubuntu- core-dev/ netplan/ +git/ubuntu/ log/?h= ubuntu- mantic
- https:/
- https:/