13

I'm having trouble adding a WireGuard VPN connection to the Network Manager on Ubuntu. I've followed several online tutorials and tried different methods, but nothing seems to work.

I've installed WireGuard using the sudo apt install wireguard command and created the configuration file /etc/wireguard/wg0.conf . The VPN connection works fine when I start it using the sudo wg-quick up wg0 command, but I can't seem to add it to the Network Manager.

When I go to "Add VPN Connection" in the Network Manager, I only see options for OpenVPN and PPTP. There's also an option to "Import from file", but when I select my wg0.conf file, it says that the file format is not supported.

I've tried restarting the Network Manager with sudo service network-manager restart , but that doesn't seem to help. I'm running Ubuntu 22.04.1 LTS.

Any help or suggestions would be greatly appreciated. Thanks in advance!

UbuntuAskz
  • 139
  • 1
  • 1
  • 3

2 Answers2

12

Modern Network Manager supports WireGuard by default, including one in Ubuntu 22.04 (maybe earlier). It's compiled-in, so wireguard package isn't needed. However, 22.04 Ubuntu network settings didn't support WG yet.

With that in mind, there are at least two ways to add connection:

  1. Open nm-connection-editor GUI, then use it to add WG connection.

  2. Alternatively: use nmcli. For example, if you were provided with WireGuard conf file by a system administrator, to add the connection just execute a

    nmcli connection import type wireguard file ./MyWG.conf

Ideally the connection ought to just appear in the network applet. But as mentioned, the 22.04 Gnome didn't know how to deal with WG yet; as a workaround you can start/stop the connection via terminal:

  • nmcli connection show
  • nmcli connection up MyWG
  • nmcli connection down MyWG

My colleague (Ubuntu 22.04) and me (Archlinux) are successfully using WG via NetworkManager, and we have no /etc/wireguard directory, nor wg command. So nothing mentioned in the other answer is necessary.

Hi-Angel
  • 4,915
  • NOTE: If you import your WireGuard configuration using the nmcli connection import [...] line above it will be set to auto reconnect whenever your network is started: e.g. if you import the Wireguard VPN but then disconnect from it, doing a laptop suspend/resume will cause it to automatically connect to the VPN again without an explicit user action. If you don't want this behaviour run, nmcli connection modify MyWG connection.autoconnect no after the import has been successful. – Anon Jun 01 '25 at 06:27
  • @Anon I think it might depend on something in the config. On my system I see connection.autoconnect = no, and I'm certain I didn't touch this option. UPD: or alternatively, perhaps the behavior might have changed in newer NetworkManager versions…? My current NM is 1.52.0, it was older when I imported the connection, I think that was 1.5-2 years ago. – Hi-Angel Jun 01 '25 at 06:45
  • I tried to re-check, but haven't found the original config. Tried exporting WG connection, but it didn't work, reported a bug. Took a look at the code, it seems in NM VPN connections should have connection.type = vpn, but WG connection is mistakenly marked wireguard. I'm not sure however that changing it to vpn wouldn't break something else, so at this point I stopped digging. I guess I'll re-check once export is fixed (or I get a new config). – Hi-Angel Jun 01 '25 at 09:20
  • I've just checked Ubuntu 22.04/24.04/25.04 and if you import via nmcli connection import [...] then connection.autoconnect is set to yes. On Ubuntu 24.04/25.04 when I imported the WireGuard config using the UI (via Settings | Network, VPN +, then choosing "Import from file...") then using nmcli connection show [...] showed that connection.autoconnect was set to no. – Anon Jun 01 '25 at 09:46
2

Install wireguard

$ sudo apt install wireguard

Create a Cryptographic Key Pair

$ sudo -i
# cd /etc/wireguard
# umask 077
# wg genkey | tee /etc/wireguard/privatekey | wg pubkey | tee /etc/wireguard/publickey

Add Client Public Key to WireGuard VPN Server

# wg set wg0 peer <client-public-key> allowed-ips <client-VPN-address>

Create a Network Connection with NetworkManager's Connection Editor GUI Heading

Using nm-connection-editor's GUI as described here.

FedKad
  • 13,900
jasmines
  • 11,331
  • Create a Network Connection with NetworkManager's Connection Editor GUI Heading

    Assume you are able to do that...

    Thats what I am trying to understand how to do. I can't find anywhere that I can add it to the VPN list.

     – UbuntuAskz Feb 28 '23 at 06:27
  • https://www.xmodulo.com/wireguard-vpn-network-manager-gui.html – jasmines Feb 28 '23 at 08:53
  • ... and support for GNOME Settings (Network Panel) is probably going to come in Ubuntu 23.04: https://9to5linux.com/gnome-44-beta-released-with-quick-settings-enhancements-wireguard-support – FedKad Feb 28 '23 at 10:25
  • 2
    You can clone and build network-manager-wireguard manually for 22.04: https://peerchemist.medium.com/how-to-setup-wireguard-vpn-on-ubuntu-server-22-04-c329434aed12 – bitinerant May 12 '23 at 22:05