[RFE] add support for nmcli for configuring WireGuard peers
NetworkManager has native support for WireGuard (). But still, nmcli does not support configuring WireGuard peers of a connection profile.
The workarounds are:
edit the keyfile under
/etc/NetworkManager/system-connectionsand reload the profile with
nmcli connection reloador
nmcli connection load $FILENAME.
re-import a new profile from a wg-quick configuration file with
nmcli connection import type wireguard file $FILENAME. The downside of this is that it always creates a new profile.
use the example script or the D-Bus API directly in any way you see fit.
use recent plasma-nm or nm-connection-editor which supports peers. nm-applet support is still missing (https://gitlab.gnome.org/GNOME/network-manager-applet/issues/77) and gnome-control-center/gnome-shell (both don't support WireGuard at the moment).
The difficulty is that currently nmcli has a static list of properties that it supports. But for peers, the properties should be multilayered and dynamic. E.g.
nmcli connection modify "$PROFILE" 'wireguard.v6+0YmFFqm/ZNlzxBp05qAOIhD+E1tw29eFqAq8yFi0=.endpoint' 'my.host.tld:8000'
should work as you'd expect. Likewise,
nmcli connection show "$PROFILE" should list:
wireguard.private-key-flags: 0 (none) wireguard.listen-port: 8001 wireguard.v6+0YmFFqm/ZNlzxBp05qAOIhD+E1tw29eFqAq8yFi0=.endpoint my.host.tld:8000 wireguard.v6+0YmFFqm/ZNlzxBp05qAOIhD+E1tw29eFqAq8yFi0=.allowed-ips 192.168.75.3/32 ...
It should not treat WireGuard peers like ipv4.addresses, vpn.data or bond.options. Instead, those properties should unfold in nmcli.
This is currently not how nmcli works, so it's a larger effort...