SUMMARY If I either manually setup a wireguard connection using network manager (or import a file using sudo nmcli connection import type wireguard file /etc/wireguard/wg2.conf) when I connect to the wireguard VPN it wont pass any traffic unless firewall is disabled. I have extensively reviewed settings in firewall, forwarding etc and tried adding the parent interface and wg interface to trusted, public, etc. No change. If I use the wg-quick command (wg-quick up wg2) it connects and works normally even with firewall on STEPS TO REPRODUCE 1. Create a wireguard VPN in network manager or import one. I'm tunneling 0.0.0.0/0, ::/0 2. Connect to wireguard using network manager 3. You wont be able to pass any traffic unless you turn off firewall OBSERVED RESULT Wireguard initiated through network manager is non functional unless firewall is stopped EXPECTED RESULT Wireguard should work with or without firewall SOFTWARE/OS VERSIONS Operating System: openSUSE Tumbleweed 20250211 KDE Plasma Version: 6.3.0 KDE Frameworks Version: 6.10.0 Qt Version: 6.8.2 Kernel Version: 6.13.1-1-default (64-bit) Graphics Platform: Wayland Processors: 28 × Intel® Core™ i7-14700 Memory: 62.5 GiB of RAM Graphics Processor: Mesa Intel® Graphics ADDITIONAL INFORMATION NetworkManager does not properly apply routes or peer settings, even when wireguard.peer-routes is enabled. Running wg-quick up wg2 with the same config works perfectly. Network Manager Indicates that the connection is "activated" but routes do not work when firewall is enabled Workaround: wg-quick works without issues, confirming that the issue is isolated to NetworkManager’s handling of WireGuard.
Hi - if this is occurring when using NetworkManager from the command-line as well, as you mentioned there, then this would be an upstream issue in the NetworkManager project itself. There appears to be a relevant issue on that project's GitLab tracker that was opened, but not resolved: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/997 Hope that helps!