1 minute read

Wireguard is a layer-3 secure network tunnel for ipv4 and ipv6. It has managed to remove the complexity that other solutions/VPN protocols like OpenVPN or IPSec brought, and also providing better performance.

Almost a year after being incorporated as a module in the linux kernel, this vpn solution continues growing and is becoming more and more popular.

So far it’s all praise. The only thing that I am still not used to is the stateless connections that Wireguard has by design. It means that we won’t have logging, peer connection status, etc.

I was also missing some sort of integration with NetworkManager. That’s why I ended up installing a plugin for NetworkManager in GNOME. I can now connect/disconnect the VPN, as I do with OpenVPN.

Thanks to the network-manager-wireguard repository it’s pretty easy to achieve. This is basically how I did it on Debian Buster:

$ sudo apt install build-essential libgtk-3-dev libnma-dev libsecret-1-dev

$ git clone https://github.com/max-moser/network-manager-wireguard
$ cd network-manager-wireguard

$ ./autogen.sh --without-libnm-glib

Build configuration: 

$ ./configure --prefix=/usr \
              --without-libnm-glib \
              --sysconfdir=/etc \
              --libdir=/usr/lib/x86_64-linux-gnu \
              --libexecdir=/usr/lib/NetworkManager \

$ make   
$ sudo make install

Once installed, we can create a wireguard type connection:

Wireguard Connection

The configuration itself is very simple, and not all fields are required. The only thing I haven’t been able to do is add more than one DNS server, it doesn’t seem to like the comma as separator.

Wireguard Config