def start_wireguard_connection( config: ConfigParser, *, secret_key: SecretKey, callback=None, ): client = get_client() _logger.info("writing wireguard configuration to Network Manager") ipv4s = [] ipv6s = [] for ip in config['Interface']['Address'].split(','): addr = ip_interface(ip.strip()) if addr.version == 4: ipv4s.append( NM.IPAddress(AF_INET, str(addr.ip), addr.network.prefixlen)) elif addr.version == 6: ipv6s.append( NM.IPAddress(AF_INET6, str(addr.ip), addr.network.prefixlen)) dns4 = [] dns6 = [] dns_hostnames = [] for dns_entry in config['Interface']['DNS'].split(','): stripped_entry = dns_entry.strip() try: address = ip_address(stripped_entry) # The entry is not an ip but a hostname # They need to be added to dns search domains except ValueError: dns_hostnames.append(stripped_entry) else: if address.version == 4: dns4.append(str(address)) elif address.version == 6: dns6.append(str(address)) profile = NM.SimpleConnection.new() s_con = NM.SettingConnection.new() s_con.set_property(NM.DEVICE_AUTOCONNECT, False) s_con.set_property(NM.SETTING_CONNECTION_ID, "eduvpn-wireguard") s_con.set_property(NM.SETTING_CONNECTION_TYPE, "wireguard") s_con.set_property(NM.SETTING_CONNECTION_UUID, str(uuid.uuid4())) s_con.set_property(NM.SETTING_CONNECTION_INTERFACE_NAME, "EduVPN-WG") # https://lazka.github.io/pgi-docs/NM-1.0/classes/WireGuardPeer.html#NM.WireGuardPeer peer = NM.WireGuardPeer.new() peer.set_endpoint(config['Peer']['Endpoint'], allow_invalid=False) peer.set_public_key(config['Peer']['PublicKey'], accept_invalid=False) for ip in config['Peer']['AllowedIPs'].split(','): peer.append_allowed_ip(ip.strip(), accept_invalid=False) s_ip4 = NM.SettingIP4Config.new() s_ip6 = NM.SettingIP6Config.new() for i in dns4: s_ip4.add_dns(i) for i in dns6: s_ip6.add_dns(i) for i in dns_hostnames: s_ip4.add_dns_search(i) s_ip6.add_dns_search(i) s_ip4.set_property(NM.SETTING_IP_CONFIG_METHOD, "manual") s_ip6.set_property(NM.SETTING_IP_CONFIG_METHOD, "manual") for i in ipv4s: s_ip4.add_address(i) for i in ipv6s: s_ip6.add_address(i) # https://lazka.github.io/pgi-docs/NM-1.0/classes/SettingWireGuard.html w_con = NM.SettingWireGuard.new() w_con.append_peer(peer) w_con.set_property(NM.SETTING_WIREGUARD_PRIVATE_KEY, secret_key) profile.add_setting(s_ip4) profile.add_setting(s_ip6) profile.add_setting(s_con) profile.add_setting(w_con) set_connection(client, profile, callback)