WireGuard for Sailfish (Settings UI)

Rating: 
4.833335
Your rating: None Average: 4.8 (6 votes)

This is a VPN plugin for Sailfish OS settings app. It allows configuring and using WireGuard using the userspace implementation (which will be installed as a dependency).

This is very basic at the moment but it supports the basic use case of connecting to a WireGuard VPN consisting of a single peer.

Source: https://github.com/javitonino/jolla-settings-networking-plugin-vpn-wireg...

Screenshots: 

Keywords:

Changelog: 

- Support preshared keys

Comments

Termitebug's picture

Works well with OPNSense. Thanks for the app.

popeel2's picture

This works on xperia 10 iii sailfishos 4.6.0.13, but there are many tricks needed to get this work. 
need to install:
connman-plugin-vpn-wireguard-0.5-1.aarch64.rpm
wireguard-go-0.0.20220316-1.aarch64.rpm
wireguard-tools-1.0.20210914-1.aarch64.rpm

after intalling them, i attempted to run wireguard via command line manually. weirdly, the wg cli tool does not accept "Address" in the config file but importing it via the gui does accept it Address in my config file? (Address = 10.5.0.2) example

also after installing this package, i had to restart my phone to see this in the menu. then after adding adding a wireguard profile, i needed to restart my phone to see it. my first attempt of adding a wireguard profile was throwing a error because it did not seem to store the contents of the config file. importing the config and adding primary and secondary dns 8.8.8.8 and 1.1.1.1 seemed to make the wireguard config remember its information. 

works good now, ipleaks and other websites showing the no ip is leaking (ipv6 is disabled). i'm using nordvpn's wireguard config.

hqqddy's picture

It can't remember entered vpn

bach's picture

Does the plugin respect MTU in the config file? I am able to connect fine to the server and send DNS requests. However, I am unable to open any webpage. On the computer I had to lower MTU to 1360, but the same configuration doesn't work on SFOS.

Brummkreisel's picture

@jojo Thanks for the hints!

jojo's picture

on an xperia 10 ii running 4.5 i had three issues:

  • once i imported the conf file it wouldn't be saved
  • if the imported config was saved it wouldnt connect to the server, with bellow the name the error "problem with connection/ inactive"
  • wouln't accept VPN names with a "_"

Solved all issues by

  1. once i imported the file, close the settings app and open it again, then the previous imports i made would show up
  2. remove the IPv6 redundancy (IPv6 address of the client, listening IPs)
  3. remove the secondary DNS
  4. do not include a "_" in my vpn saved name

Hope this can help others.

Reiner's picture

Thank you very much for fixing this so prompt. It works for me even without restarting anything

cy8aer's picture

Unfortunatelly something changed with the connman (connman v. 1.32) update or in the settings for vpns on SFOS 4.5.0.16: my settings which worked excellent before now creates chaos in the settings page: Flickering entries and you are not able to deselect the wireguard entry.

javitonino's picture

I just released version 0.5 of wireguard-sailfish-connman-plugin which should be compatible with SFOS 4.5. After updating, I recommend restarting the daemon (`systemctl restart connman-vpn`) for it to load the new plugin, or maybe even the phone (if it tried to connect many times, it may have exhausted the number of available network interfaces).

lon's picture

Same here, Xperia III with 4.5.0.16.

 

Feb 06 20:56:01 Xperia10III systemd[1]: Starting ConnMan VPN service...
Feb 06 20:56:01 Xperia10III dbus-daemon[1976]: [system] Successfully activated service 'net.connman.vpn'
Feb 06 20:56:01 Xperia10III dbus-daemon[1976]: dbus-daemon[1976]: [system] Successfully activated service 'net.connman.vpn'
Feb 06 20:56:01 Xperia10III systemd[1]: Started ConnMan VPN service.
Feb 06 20:56:01 Xperia10III connman-vpnd[25402]: Connection Manager VPN daemon version 1.32+git193
Feb 06 20:56:01 Xperia10III connman-vpnd[25402]: D-Bus peer name not established yet
Feb 06 20:56:01 Xperia10III lipstick[6354]: [D] unknown:0 - Adding connection: "/net/connman/vpn/connection/http___xxxxxxxxxxx_sailfishos_org"
Feb 06 20:56:01 Xperia10III estart[16363]: [D] unknown:0 - Adding connection: "/net/connman/vpn/connection/http___xxxxxxxxxxxxxx_sailfishos_org"
Feb 06 20:56:01 Xperia10III estart[16363]: [D] unknown:0 - Error : "/net/connman/vpn/connection/http___xxxxxxxxxxx_sailfishos_org" : "Method \"GetProperties\" with signature \"\" on interface \"net.connman.Service\" doesn't exist\n"
Feb 06 20:56:01 Xperia10III lipstick[6354]: [D] unknown:0 - Error : "/net/connman/vpn/connection/http___xxxxxxxxx_sailfishos_org" : "Method \"GetProperties\" with signature \"\" on interface \"net.connman.Service\" doesn't exist\n"
Feb 06 20:56:01 Xperia10III lipstick[6354]: [D] unknown:0 - VPN service property changed: "SplitRouting" QVariant(bool, false) "/net/connman/vpn/connection/http___xxxxxxxxxxxxxxxxxx_sailfishos_org" "xxxx"
Feb 06 20:56:01 Xperia10III estart[16363]: [D] unknown:0 - VPN service property changed: "SplitRouting" QVariant(bool, false) "/net/connman/vpn/connection/http___xxxxxxxxxx_sailfishos_org" "xxxx"
Feb 06 20:56:01 Xperia10III lipstick[6354]: [D] unknown:0 - VPN connection property changed: "SplitRouting" QVariant(bool, false) "/net/connman/vpn/connection/http___xxxxxxxxxx_sailfishos_org" "xxxx"
Feb 06 20:56:01 Xperia10III estart[16363]: [D] unknown:0 - VPN connection property changed: "SplitRouting" QVariant(bool, false) "/net/connman/vpn/connection/http___xxxxxxxxxxxxx_sailfishos_org" "ionos"
Feb 06 20:56:01 Xperia10III kernel: Core dump to |/bin/false disabled
Feb 06 20:56:01 Xperia10III lipstick[6354]: [D] unknown:0 - VPN connection property changed: "State" QVariant(QString, "association") "/net/connman/vpn/connection/http___xxxxxxxxxxxxxxx_sailfishos_org" "xxxxx"
Feb 06 20:56:01 Xperia10III estart[16363]: [D] unknown:0 - VPN connection property changed: "State" QVariant(QString, "association") "/net/connman/vpn/connection/http___xxxxxxxxxxxxxxx_sailfishos_org" "xxxx"
Feb 06 20:56:01 Xperia10III systemd[1]: connman-vpn.service: Main process exited, code=killed, status=4/ILL
Feb 06 20:56:01 Xperia10III systemd[1]: connman-vpn.service: Failed with result 'signal'.
Feb 06 20:56:01 Xperia10III dbus-daemon[1976]: [system] Activating via systemd: service name='net.connman.vpn' unit='connman-vpn.service' requested by ':1.21' (uid=0 pid=5933 comm="/usr/sbin/connmand -n -W nl80211 --nobacktrace --n" label="u:r:kernel:s0")
Feb 06 20:56:01 Xperia10III dbus-daemon[1976]: dbus-daemon[1976]: [system] Activating via systemd: service name='net.connman.vpn' unit='connman-vpn.service' requested by ':1.21' (uid=0 pid=5933 comm="/usr/sbin/connmand -n -W nl80211 --nobacktrace --n" label="u:r:kernel:s0")
Feb 06 20:56:01 Xperia10III connmand[5933]: ntp: adjust (slew): +0.003578 sec
Feb 06 20:56:03 Xperia10III systemd[1]: connman-vpn.service: Service hold-off time over, scheduling restart.
Feb 06 20:56:03 Xperia10III systemd[1]: connman-vpn.service: Scheduled restart job, restart counter is at 3

 

schmolle's picture

Thanks for your efforts around WireGuard on Sailfish! Works well with the FritzBox-VPN.
But I had to restart my device, before I could import any configuration. Maybe this was worth a note in the description.

Termitebug's picture

More wierdness. Last WG update broke Phone ofono so that callers can't hear each other. Uninstalled all WG packages and the problem got fixed. It might be a single issue.

javitonino's picture

That's super-weird. Latest update added support for preshared keys which is purely in the Wireguard side of things, it doesn't touch connman or sailfish code at all. I'm so confused by this :(

ade's picture

Unfortunately I am also experiencing stability issues on my XA2 since installing wireguard. Calls lack sound or get disconnected randomly. Since deinstalling the wireguard packages I have had no further issues. The only thing I can think of is that the connman-plugin triggers a bad behaviour in some situations.

pagis's picture

Well i realised that a config file with multiple allowed ip separated by comma space cannot be imported. I had to use a single ip address to import the config successfully, and then edit the configuration by adding a second allowed ip address.

javitonino's picture

Hi,

Happy to see it works for you even if with some workarounds.

My test files with multiple allowed IPs imports fine. I tried to replicate it and the best I could get is try to import after updating the package but before restarting the connman vpn daemon.

Anyway, if this is still happening for you and can replicate it, I'd appreciate a configuration file sample to try to fix it.

Thanks!

pagis's picture

Perfect! It works now ok, thank you so much!

pagis's picture

Thanks for porting wireguard. I noticed an issue importing a config file. If AllowedIP has multiple range of addresses separated by , and space it fails to connect, if there is no space it connects, but still i was not able to communicate properly although the vpn interface seems to be up.

javitonino's picture

Hi,

This plugin did not support multiple AllowedIPs. It worked (kind of) but did not set up routed for it. I just uploaded a new version that should do this automatically (like wg-quick does). After updating, you'll need to restart connman vpn ( `systemctl restart connman-vpn`) for the new version of the plugin to be loaded.

Let's see if this works :)

carve8885's picture

Hello javitonino, I am so grateful, that you engage yourself into developing wireguard configuration for SFOS! But let me please give a feedback as amullvad customer: I can import now a config file, but it is not possible to connect. If I delete manually the given ipv6 allowed server, a connection can be established, BUT it uses ipv6 of the actual ISP, not mullvads. And the test site <https://mullvad.net/de/check/> tells me, I am not secured by mullvad. This is different to the openvpn config. Are users here around who can give me advice? Thank you.

javitonino's picture

Hi and thanks for your kind words.

This addon is not yet tested with IPv6, and it's probably not compatible yet. You mentioned that you had to change some IPv6 addresses, so that's probably the problem.

Do you mind sharing your config file (blanking the keys), either here or on GitHub? It would be helpful to have a test case for this. Thanks!

dschwert's picture

Hi Javitonino,

what is the status regarding IPv6? Unfortunately my FritzBox does not have a public IPv4 address any more.
When I set up a Wireguard connection, then I get "Problem with connection". The actual connection to the FritzBox is made, though, as can be seen from "last connection" on the FritzBox admin page.
`ifconfig` does not list a VPN specific interface.
Is there a way to collect debug information?

See also the last posts from: https://forum.sailfishos.org/t/vpn-to-fritz-box/20254/13

Regards, Dietmar

eson's picture

Thanks! Great job!

Termitebug's picture

I encountered an install problem with XA2.

Error: Libc.so.6 dependency is missing.
Piece_Maker's picture

When I try to import a config the settings panel crashes out it seems - is there an easy way to import a .conf via CLI and have them show up in the settings panel?

javitonino's picture

I just released 0.2 which should be able to import more files than previously and when it cannot, report the error instead of crashing. Let me know if it doesn't work for you.

Piece_Maker's picture

Yep import works fine now after 0.2 update, thanks!

javitonino's picture

I don't think there is an easy way to import from the CLI. There could be a way using connmanctl, but we'd need the importer to be able to generate a proper connmanctl command anyway.

Right now, you can maybe skip the import and add the values manually (although it's pretty cumbersome). Meanwhile, I'm gathering reports of failed config imports here: https://github.com/javitonino/jolla-settings-networking-plugin-vpn-wireg... in order to fix the errors.

eson's picture

Yes, it happens to me to. Settings app crashes when I hit the accept button.