[Bug 2039821] Re: Ignore empty wireguard endpoints

Launchpad Bug Tracker 2039821 at bugs.launchpad.net
Tue Oct 31 06:10:05 UTC 2023 

This bug was fixed in the package netplan.io - 0.107-5ubuntu1

---------------
netplan.io (0.107-5ubuntu1) noble; urgency=medium

  * d/p/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (LP: #2039821)
    Network Manager GUIs might emit a Wireguard endpoint as an empty string
    when it's omitted. Netplan is rejecting the generated YAML. With this
    patch Netplan will just ignore empty endpoints.
  * d/p/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch
    Netplan's keyfile parser will generate incorrect configuration when
    unsupported EAP method are used. It ends up generating invalid Network
    Manager configuration. This patch implements support for LEAP and PWD
    methods. (LP: #2039825)

 -- Danilo Egea Gondolfo <danilo.egea.gondolfo at canonical.com>  Thu, 26
Oct 2023 11:21:56 +0100

** Changed in: netplan.io (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2039821

Title:
  Ignore empty wireguard endpoints

Status in netplan.io package in Ubuntu:
  Fix Released
Status in netplan.io source package in Mantic:
  In Progress

Bug description:
  [ Impact ]

  Creating a Wireguard tunnel using the GUI allows the user to omit the peer endpoint.
  The configuration created by NetworkManager will still include the Endpoint= key with an empty string ("")
  as its value. This configuration will then be imported into a Netplan state using libnetplan and the
  resulting YAML file will include the empty string as the endpoint value. When libnetplan loads and parses
  the resulting YAML, the validation process will not accept the empty string as the endpoint value and fail.

  An endpoint that's an empty string should just be ignored.

  [ Test Plan ]

  How to reproduce the issues.

  1) Launch a Mantic desktop instance on LXD (or any Mantic desktop
  installation)

  $ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c
  limits.memory=2GiB --console=vga

  2) Open the "Advanced Network Configuration" application

  3) Add a new connection of type WireGuard
    a) Set the interface name to wg0
    b) Set the private key to 4GgaQCy68nzNsUE5aJ9fuLzHhB65tAlwbmA72MWnOm8=
    c) In the "peers" section, click on Add
    d) Set the "Public key" to M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=
    e) Leave the other settings empty and click on Apply then Save

  4) You will get an error message and will find the errors below in the
  Network Manager's journal:

  Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: /etc/netplan/90-NM-47e8e1b7-61c7-4568-8418-14b134382fcd.yaml:11:19: Error in network definition: invalid endpoint address or hostname ''
  Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: - endpoint: ""
  Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: ^
  Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: <error> [1697796067.1011] BUG: the profile cannot be stored in keyfile format without becoming unusable: cannot access file: No such file or directory
  Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: **
  Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
  Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
  Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
  Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.

  Testing the fixes

  1) Add the PPA repository with the updated package and upgrade netplan

  $ sudo add-apt-repository ppa:danilogondolfo/netplan-sru
  $ sudo apt update && sudo apt upgrade -y

  3) Restart Network Manager

  $ sudo systemctl restart NetworkManager

  4) Run the test described above again and check they will not cause
  any crashes

  [ Where problems could occur ]

  As we are only relaxing the validation of Wireguard endpoints to ignore empty strings
  we are not expecting any regressions caused
  by these changes. There are no intended changes in behavior introduced by these changes.

  All the autopkgtests from netplan.io and network-manager are still
  passing with these patches.


  --- Original description ---

  The Network Manager's GUI in gnome will emit a wireguard endpoint with
  an empty string ("") when it's omitted by the user. As Netplan is
  rejecting this configuration, NM will fail to create the connection.

  This is addressed by this patch
  https://github.com/canonical/netplan/pull/414. Netplan will ignore
  endpoints that are empty strings.

  This problem is related to this LP bug
  https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2039821/+subscriptions

More information about the foundations-bugs mailing list