Is there a way to add a WireGuard connection profile to connection.secondaries or ...?

[Andrei Borzenkov]

On 02.03.2024 22:20, Samuel Le Thiec wrote:
> Hello,
> 
> Sometime, my Wireguard connection is not working: there is no endpoint listed for the peer in 'sudo wg show',
> I supposed it's because the Wireguard was configured before the system has internet connectivity (and DNS
> resolution).
> 
> Is there a way to make sure a Wireguard connection is only started if there is connectivity?
> 
> On my setup, starting the wireguard profile after the device 'wlan0' is up would be sufficient :
> 
>> $ nmcli connection show
>> NAME                UUID                                  TYPE       DEVICE
>> FUNG-1395           447d6d94-75a7-4201-af17-77142956f6ef  wifi       wlan0
>> luc-Wireguard-VPN   e1c83fba-ee67-4587-bfcb-807755776e32  wireguard  sltuniv0
> 
> I've read that's what the 'connection.secondaries' setting is for, but:
> 
>> $ nmcli connection modify FUNG-1395 connection.secondaries e1c83fba-ee67-4587-bfcb-807755776e32
>> Error: failed to modify connection.secondaries: 'e1c83fba-ee67-4587-bfcb-807755776e32' is not a VPN connection profile.
> 
> Too bad 😅️

Given that wireguard *is* VPN, it most certainly should be supported here.

As a workaround you could add dispatcher script that starts wireguard 
connection after connectivity is established.

> 
> → Is there a reason why a wireguard profile cannot be add to connection.secondaries? Wireguard seems like a
> VPN to me.
> 
> → If you have any other idea to make sure the Wireguard profile starts after the system has internet
> connectivity, then please, let me know!
> 
> Thanks in advance,
> 
> Samuel
> 
>