And I’m back with yet another post on Wireguard. After Ubuntu 22.04 has left some mixed feelings when it came to Wireguard, I was positively surprised to see that Wireguard has been finally integrated into Ubuntu 24.04’s GUI. So let’s see if the shortcomings the command line tools have brought with them in previous Ubuntu versions have also been addressed.
All right, so here we go: A Wireguard profile config file that was generated by my Wireguard server can now be selected in Ubuntu 24.04 to crate a new VPN profile. In the ‘add VPN’ dialog, just select ‘import file‘ instead of ‘new Wireguard VPN ‘Wireguard‘. No username and password have to be given, everything is included in the configuration file. That’s even easier than importing an OpenVPN config file! The new VPN connection then gets an entry in the network section of the network settings, and clicking on it establishes the tunnel instantly, with a nice ‘VPN’ logo showing up in the status bar on the top of the desktop. This is as it should be, very nice!
One major issue with the command line tools up to this version of Ubuntu was that changing the Wi-Fi network or suspending / resuming the notebook left the Wirguard VPN tunnel in place, but DNS queries were suddenly done again over the physical underlying network interface. This was fixed in Ubuntu 24.04, no more DNS leakage. Great!!!
And then there’s the ‘IPv6 problem’. My Wirguard server only tunnels IPv4 packets and web servers reachable over IPv6 would be contacted outside of the tunnel if the underling physical network interface had IPv6 connectivity. Unfortunately, this has not been fixed in Ubuntu 24.04 and the only user friendly fix I have found so far is to disable ipv6 entirely during the boot process by adding
ipv6.disable=1 to the GRUB_CMDLINE_LINUX parameter in
/etc/default/grub and then running
sudo update grubUgly, but effective.
Summary
Apart from the IPv6 leakage, Wireguard is finally nicely integrated in Ubuntu, and it will replace my OpenVPN servers once all family members are ready to move to Ubuntu 24.04. And a final bonus: Wireguard with a pre-shared password can be quantum safe! But that’s a different story for another blog post.