NM.SettingWireGuard¶
- Subclasses:
None
Methods¶
- Inherited:
- Structs:
class |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Virtual Methods¶
- Inherited:
Properties¶
- Inherited:
Name |
Type |
Flags |
Short Description |
|---|---|---|---|
r/w/en |
|||
r/w/en |
|||
r/w/en |
|||
r/w/en |
|||
r/w/en |
|||
r/w/en |
|||
r/w/en |
|||
r/w/en |
Signals¶
- Inherited:
Fields¶
- Inherited:
Class Details¶
- class NM.SettingWireGuard(**kwargs)¶
- Bases:
- Abstract:
No
- Structure:
WireGuard Settings
New in version 1.16.
- classmethod new()¶
- Returns:
the new empty
NM.SettingWireGuardobject- Return type:
Creates a new
NM.SettingWireGuardobject with default values.New in version 1.16.
- append_peer(peer)¶
- Parameters:
peer (
NM.WireGuardPeer) – theNM.WireGuardPeerinstance to append. This seals peer and keeps a reference on the instance.
If a peer with the same public-key already exists, that one is replaced by peer. The new peer is always appended (or moved to) the end, so in case a peer is replaced, the indexes are shifted and the number of peers stays unchanged.
New in version 1.16.
- get_ip4_auto_default_route()¶
- Returns:
the “ip4-auto-default-route” property of the setting.
- Return type:
New in version 1.20.
- get_ip6_auto_default_route()¶
- Returns:
the “ip6-auto-default-route” property of the setting.
- Return type:
New in version 1.20.
- get_peer(idx)¶
- Parameters:
idx (
int) – the index to lookup.- Returns:
the
NM.WireGuardPeerentry at index idx. If the index is out of range,Noneis returned.- Return type:
New in version 1.16.
- get_peer_by_public_key(public_key)¶
- Parameters:
public_key (
str) – the public key for looking up the peer.- Returns:
the
NM.WireGuardPeerinstance with a matching public key. If no such peer exists,Noneis returned.- out_idx:
optional output argument for the index of the found peer. If no index is found, this is set to the
NM.SettingWireGuard.get_peers_len().
- Return type:
(
NM.WireGuardPeerorNone, out_idx:int)
New in version 1.16.
- get_peer_routes()¶
- Returns:
whether automatically add peer routes.
- Return type:
New in version 1.16.
- get_private_key_flags()¶
- Returns:
the secret-flags for
NM.SettingWireGuard:private-key.- Return type:
New in version 1.16.
- remove_peer(idx)¶
- Parameters:
idx (
int) – the index to remove.- Returns:
Trueif idx was in range and a peer was removed. Otherwise, self is unchanged.- Return type:
New in version 1.16.
- set_peer(peer, idx)¶
- Parameters:
peer (
NM.WireGuardPeer) – theNM.WireGuardPeerinstance to set. This seals peer and keeps a reference on the instance.idx (
int) – the index, in the range of 0 to the number of peers (including). That means, if idx is one past the end of the number of peers, this is the same asNM.SettingWireGuard.append_peer(). Otherwise, the peer at this index is replaced.
If idx is one past the last peer, the behavior is the same as
NM.SettingWireGuard.append_peer(). Otherwise, the peer will be at idx and replace the peer instance at that index. Note that if a peer with the same public-key exists on another index, then that peer will also be replaced. In that case, the number of peers will shrink by one (because the one at idx got replace and then one with the same public-key got removed). This also means, that the resulting index afterwards may be one less than idx (if another peer with a lower index was dropped).New in version 1.16.
Property Details¶
- NM.SettingWireGuard.props.fwmark¶
- Name:
fwmark- Type:
- Default Value:
0- Flags:
The use of fwmark is optional and is by default off. Setting it to 0 disables it. Otherwise, it is a 32-bit fwmark for outgoing packets.
Note that “ip4-auto-default-route” or “ip6-auto-default-route” enabled, implies to automatically choose a fwmark.
New in version 1.16.
- NM.SettingWireGuard.props.ip4_auto_default_route¶
- Name:
ip4-auto-default-route- Type:
- Default Value:
- Flags:
Whether to enable special handling of the IPv4 default route. If enabled, the IPv4 default route from wireguard.peer-routes will be placed to a dedicated routing-table and two policy routing rules will be added. The fwmark number is also used as routing-table for the default-route, and if fwmark is zero, an unused fwmark/table is chosen automatically. This corresponds to what wg-quick does with Table=auto and what WireGuard calls “Improved Rule-based Routing”.
Note that for this automatism to work, you usually don’t want to set ipv4.gateway, because that will result in a conflicting default route.
Leaving this at the default will enable this option automatically if ipv4.never-default is not set and there are any peers that use a default-route as allowed-ips. Since this automatism only makes sense if you also have a peer with an /0 allowed-ips, it is usually not necessary to enable this explicitly. However, you can disable it if you want to configure your own routing and rules.
New in version 1.20.
- NM.SettingWireGuard.props.ip6_auto_default_route¶
- Name:
ip6-auto-default-route- Type:
- Default Value:
- Flags:
Like ip4-auto-default-route, but for the IPv6 default route.
New in version 1.20.
- NM.SettingWireGuard.props.listen_port¶
- Name:
listen-port- Type:
- Default Value:
0- Flags:
The listen-port. If listen-port is not specified, the port will be chosen randomly when the interface comes up.
New in version 1.16.
- NM.SettingWireGuard.props.mtu¶
- Name:
mtu- Type:
- Default Value:
0- Flags:
If non-zero, only transmit packets of the specified size or smaller, breaking larger packets up into multiple fragments.
If zero a default MTU is used. Note that contrary to wg-quick’s MTU setting, this does not take into account the current routes at the time of activation.
New in version 1.16.
- NM.SettingWireGuard.props.peer_routes¶
- Name:
peer-routes- Type:
- Default Value:
- Flags:
Whether to automatically add routes for the AllowedIPs ranges of the peers. If
True(the default), NetworkManager will automatically add routes in the routing tables according to ipv4.route-table and ipv6.route-table. Usually you want this automatism enabled. IfFalse, no such routes are added automatically. In this case, the user may want to configure static routes in ipv4.routes and ipv6.routes, respectively.Note that if the peer’s AllowedIPs is “0.0.0.0/0” or “::/0” and the profile’s ipv4.never-default or ipv6.never-default setting is enabled, the peer route for this peer won’t be added automatically.
New in version 1.16.
- NM.SettingWireGuard.props.private_key¶
- Name:
private-key- Type:
- Default Value:
- Flags:
The 256 bit private-key in base64 encoding.
New in version 1.16.
- NM.SettingWireGuard.props.private_key_flags¶
- Name:
private-key-flags- Type:
- Default Value:
- Flags:
Flags indicating how to handle the
NM.SettingWirelessSecurity:private-keyproperty.New in version 1.16.