Bug 500162

SUMMARY
If I either manually setup a wireguard connection using network manager (or import a file using sudo nmcli connection import type wireguard file /etc/wireguard/wg2.conf) when I connect to the wireguard VPN it wont pass any traffic unless firewall is disabled. I have extensively reviewed settings in firewall, forwarding etc and tried adding the parent interface and wg interface to trusted, public, etc. No change. If I use the wg-quick command (wg-quick up wg2) it connects and works normally even with firewall on

STEPS TO REPRODUCE
1. Create a wireguard VPN in network manager or import one. I'm tunneling 0.0.0.0/0, ::/0
2. Connect to wireguard using network manager
3. You wont be able to pass any traffic unless you turn off firewall

OBSERVED RESULT
Wireguard initiated through network manager is non functional unless firewall is stopped

EXPECTED RESULT
Wireguard should work with or without firewall

SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20250211
KDE Plasma Version: 6.3.0
KDE Frameworks Version: 6.10.0
Qt Version: 6.8.2
Kernel Version: 6.13.1-1-default (64-bit)
Graphics Platform: Wayland
Processors: 28 × Intel® Core™ i7-14700
Memory: 62.5 GiB of RAM
Graphics Processor: Mesa Intel® Graphics


ADDITIONAL INFORMATION
NetworkManager does not properly apply routes or peer settings, even when wireguard.peer-routes is enabled.
Running wg-quick up wg2 with the same config works perfectly.
Network Manager Indicates that the connection is "activated" but routes do not work when firewall is enabled
Workaround:

wg-quick works without issues, confirming that the issue is isolated to NetworkManager’s handling of WireGuard.