Wireguard VPN 'extension'

As mentioned by ‘ilikelinux’ on another thread…

I am using the Proton VPN app because the built in Network Manager settings for Wireguard VPN connections is not good enough (can’t change connection without leaking real IP).

Can anyone advise on where/how to get this above mentioned app? (If it works better than Network Manager!)

thanks

1 Like

A wireguard connect will use your real IP to connect to the wireguard VPN.
Is that what you mean?

Once you have the VPN up and connect via it then a remote system will not see your real address, only the VPN address.

Thanks but no that’s not what I mean. I have complained about it before, including on Gnome forums but nobody seems to care (maybe even notice). Maybe most people just connect to ONE connection, if so they wouldn’t notice this. but I need to change to different locations several times each day, sometimes many times each day. I can’t do that (i.e. switch from say UK-London1 to US-NewYork1) without first turning off the VPN (leaking real IP to any open connections/sites), and then connecting. There is no way to ‘switch’, only to close one and open another. Very annoying (for me anyway).

This ‘extension’ was mentioned and I’d love to know how to find it to give it a try as it sounds like the solution to my year or frustration!

I think @ilikelinux comes online in a while, but is this suitable How to install Proton VPN on Fedora | Proton VPN ? It is a Gnome extension /program. And get the config files at How to download WireGuard configuration files | Proton VPN

What I would do is run Wireguard from the command line. Installation - WireGuard

EDIT: i have probably linked the app you don’t like ! :slight_smile: :frowning:

1 Like

If I understanding correctly @joeyjonnson mean “Kill Switch”. When switching form VPN1 to VPN2 all outbound connections must be blocked…

What is a VPN kill switch? A VPN kill switch is an advanced security feature designed to protect your digital data from accidental exposure. If your VPN connection drops, the VPN kill switch will block your internet access until the connection to the VPN server is restored.

Okay I see the problem. New connects are not using a VPN and that means the remote sees the “real” ip address.

Maybe a firewall rule to prevent all outbound tcp or udp except over wg0? Of course take care to allow wireguard out!

WireGuard-VPN-extension - GNOME Shell Extensions

Please do not use my alias in the title of an request. I changed it allready, just for a next time.

1 Like

Yep you did :slight_smile:
No worries thanks for trying!

1 Like

I suppose some may think I am referring to a kill switch, and perhaps I am, but not really in my view. All VPN apps have the ability to switch seamlessly from one connection to another without needing a kill switch in between. A kill switch GUARANTEES (ostensibly at least) that a ‘leak’ won’t take place, but it’s more a feature that ensures nobody accidentally connects to the web via their native IP address if, for example, the connection drops unexpectedly for any reason.

Fedora/Gnome’s network manager Wireguard system is the only VPN i have ever used (and used more than I can remember) that doesn’t have any way to even TRY to switch between. If I click a different connection from the one I am connected to, nothing happens. So you HAVE to disconnect one, then open up the list again and click another one. That’s kinda silly for anyone who uses a VPN to ‘hide’ their real IP, which I would suggest is the great majority of VPN users!!

Oh, sorry, didn’t see any harm in it but won’t do that again.
Thanks for the link :slight_smile:

Discourse is linking fast what you put in the title. So you just make me visible everywhere (more as needet) as you want to hide yourselves alias your ip … just thought it is a contradiction :slight_smile:

I’d need to understand what you’re talking about for it to be a contradiction! No idea what you mean, or what ‘Discourse’ is.
PS I am not ‘hiding’ from anyone by using a VPN, I am trying to appear to search engines to be in locations of my choosing for research purposes

These forums are run on software called ‘Discourse’. Search engines pick up the titles very quickly, so any name in a title will be very easily searchable.
This is humorous because of the obfuscating nature of VPNs.

Ok understood no problem.

Discourse is the Software on which we are talking on discussion.fedoraproject.org is a discourse instance. Everything you put in the topic appears in the URL. And this within 5 minutes or less you can be sure that it pops up in search engines.

p.s. the extension behaves the same way as you are describing. Disconnect first before connecting to the other.

If you want to avoid, buy a router which can be configured with vpn/wireguard. Then use this connection always as your default gateway. This way your IP is hidden by the VPN provider you use.
With gnome you make the connections you like and while disconnecting you fall back to the connection from your router alias vpn-provider right?

Now I get it. It’s all for the convenience of using multiple Wireguard tunnels :slight_smile:

1 Like

Thanks for clarifying :bluethumb:

Just an other point we also have is, the Code of Conduct which says:

  • Publishing someone else’s private information, such as a physical or electronic address, without explicit permission

Of course I do use an anonymized alias, however if someone uses a normal firs/last-name alias you will expose this user. If the own user does it, its their decision and responsibility.

Just to make it clear, every thing is fine and nothing happened @joeyjonnson :slight_smile:

1 Like

AAAH! Sorry!

Dammit! I may try it just in case Ii can find a way to make it better than Gnome NM.

No, I know of many ways to avoid it, it’s just a huge shame that by far the nicest way to use VPN is both to use Wireguard connections and also to use Fedora’s built in VPN handling, saves another 3rd party app, updates, trying to show it in toolbar area etc etc. Proton’s is particularly bad. Router is not an option, Will mess up family stuff to do that and I can’t afford to buy tech I don’t need. Worst case I can just the app or subscribe to another VPN with better app like Mullvad or Express etc. I just have 6 months left on my VPN sub so it’s a shame that’s all. Still blown away that not enough people have complained to Gnome for them to make such a tiny but vital change so VPN users don’t have to expose themselves (steady!) by switching connections. But as I already said, maybe most people don’t do the switching like I do.
Nevermind, I’ll check out the extension anyway, thanks for the help

Already tested this a few months ago and it worked:
Wireguard VPN via Network Manager - Kill Switch? - #20 by vgaetera

Tested again using Proton VPN with their free WireGuard configs.
It still works on Fedora 41 with NetworkManager:

# Action Result
1 Activate VPN1. All traffic is routed to VPN1.
2 Activate VPN2. Deadlock state, no traffic leaks.
3 Deactivate VPN1. All traffic is routed to VPN2.

Note that GNOME Quick Settings is prone to error in this use case.
To avoid problems, use GNOME Settings > Network > VPN or nmcli.

1 Like

Why is the behavior logic so different for the same things?

I also found connection.secondaries. It would be useful if not only VPN profiles were allowed :slight_smile:

Hi Vladislav, thanks for that.
So you basically activate a second connection first, then disconnect the old one leaving the second one running?

I just tried it and it failed, left me without any VPN and exposed. I clicked the battery area (‘quick settings’?). clicked to connect a second connection which appeared to work (switch stayed blue, leaving me two blue ‘on’ connections ). Then flicked the switch to disconnect the first connection. Lost both. No VPN connected.

Then I read that you said to use Network Settings as quick settings is buggy. Had high hopes, but no joy there either. i opened Settings/Network and see my list of available VPN connections (20 or so). I tried to connect a second one and it just fails and produces a system error:

“Activation of Network Connection Failed”

Not sure if I am doing something wrong but don’t think so