Wireguard in NetworkManager


“NetworkManager version 1.26.2 and higher, allows you to create a WireGuard-type connection. Thus go ahead and choose WireGuard as a connection type.”

I learned today that NetworkManager 1.26.2 supports Wireguard. I’m using the Fedora 34 templates (upgraded-in-place from 33), and they are up to date, but it is only 1.22.0
I’m quite excited about that development, but is there any chance of NetworkManager 1.26.2 being released in Qubes 4.0?

This is strange, Fedora 34 should have Network Manager 1.30: https://pkgs.org/download/NetworkManager(x86-64). Perhaps you can try to install it manually?

Upon closer inspection, I do have 1.30; it’s the network-manager-applet that’s 1.22.0. Perhaps the article’s author also meant network-manager-applet, but failed to specify correctly? What version of network-manager-applet do you have, and is there an option to configure a Wireguard connection?

I am using the KDE desktop manager so I don’t have network-manager-applet, but your question makes me wonder if that is somehow related to the well-known Network Manager applet display bug in KDE.

Have you tried installing the Wireguard app in your proxy VM? It’s pretty straightforward.

As of now, if you right-click networkmanager, edit connections, and hit the plus, you can manually create a wireguard profile as the link instructs. However, you cannot import a wireguard profile via the gui yet.
If you use nmcli it will work. See the link, then scroll down to the first comment, by Eugene, and you can import the wireguard profile. Be warned, however, that even if you import with nmcli, features such as the killswitch are not yet respected by networkmanager If the VPN fails, data WILL be passed in clear.

Hopefully in the future, the networkmanager team will have a rock-solid feature where wireguard profiles can be imported via the gui and perform as expected, killswitches, multihop, and all. Maybe even they can add a feature where a random profile is selected on startup, given that wireguard has no remote-random feature like openvpn.