Using WireGuard in NetworkManager

What is WireGuard

WireGuard is a FOSS that implements encrypted VPN tunnels using UDP. It aims to be faster and lighter than IPsec and OpenVPN.

Why configure with NetworkManager?

• DNS and firewalld integration
• Simple profile management

Support

• NetworkManager >= 1.16 (native support)
• Linux > 5.6 (built-in module)

Importing a existing WireGuard profile

$ nmcli connection import type wireguard file "$CFG_FILE"

Create a new connection

nmcli connection add type wireguard con-name wg0 ifname wg0

Edit connection

nmcli connection modify wg0 wireguard.private-key <private_key>
nmcli connection modify wg0 wireguard.addresses <IP/CIDR>

Bring up the connection

nmcli connection up wg0

Removing interface

$ nmcli con del "$CON"

Resources

• https://blogs.gnome.org/thaller/2019/03/15/wireguard-in-networkmanager/

Related

• Comprehensive SSH Configuration: Complementary security solutions