Support Mullvad auto-generated configurations

[eecharlie]

Hi,

Mullvad is one of a few commercial VPN providers that supports WireGuard.

They have a configuration setup script that dumps a bunch of named configuration files in /etc/wireguard/, of the form "mullvad-.conf". If these could be auto-detected and populated into the AppIcon dropdown menu, that would be awesome.

I did a quick and dirty test by moving the files from /etc/wireguard/ to /usr/local/etc/wireguard/ where your program looks, and found that the program hangs on startup (icon never appears, but Helper is left running in the background)

Further, if this were implemented I imagine Mullvad would consider using your tool as a recommended process for using WireGuard to connect to their service on MacOS.

[aequitas]

Hi, thanks for bringing this up.

I tested this just now by copying one of my existing configs to /etc/wireguard/mullvad-test.conf and technically it does work. Only problem I encountered is that the config file (and directory) must have read permissions for the user running the menubar application. Otherwise it crashes, which is something that I will put on my list to fix.

If you (temporary) change the config file permissions to something more permissive (chmod g+r /etc/wireguard/*, chown :staff /etc/wireguard/*, assuming your user has administrator privileges) I think it should work.

If not could you maybe provide debug logs by using the Console app in /Applications/Utilities/, in it search for wireguard and then run the application so it generates logging.

Edit: I plan on moving the config file reading to the Helper so there are no permissions issues. But I can't promise yet when that can be released.

[aequitas]

I created a release which should not crash, in the list it will omit the details normally found in the configuration file (allowedips, peer address) if it cannot read the file. But enabled/disabling the tunnel should work normally: https://github.com/aequitas/macos-menubar-wireguard/releases/tag/1.7

[eecharlie]

Thanks so much!

(Edited:)

-A few problems and confusion were created either by a zombie wireguard configuration (process killed; utun1 still exists) caused by a bad .plist file I wrote, and/or by duplicates of all the config file in /etc/wireguard

-The app now does not crash if /usr/local/etc/wireguard/* is not group readable, just shows only the config filename in the menu, as you described (I actually prefer this - I have too many configs!)

-Icon coloring correctly reflects connectivity status, and selecting a config already checked correctly causes disconnect.

Can you point to a quick ref on building Swift applications? I just installed Xcode..

Remaining asks:
-The sort order of configurations in the menu is a total mystery, and alphabetical by configuration file name would be really helpful.
-Checking /etc/wireguard in addition to /usr/local/etc/wireguard would be helpful to smoothly use with Mullvad

[aequitas]

/etc/wiregaurd should be checked as well (https://github.com/aequitas/macos-menubar-wireguard/blob/master/Wireguard%20Statusbar/AppDelegate.swift#L37) so I'm curious why this doesn't work in your case, is the directory itself readable? (ls -la /etc/wireguard/).

I tried to implement sorting a while back (https://github.com/aequitas/macos-menubar-wireguard/blob/master/Wireguard%20Statusbar/AppDelegate.swift#L167) but I think Swift does not keep dict entries sorted, so I think thats why it doesn't work. I will move this logic somewhere else. I just hit this myself recently when I added more configs.

Building your own binary should be easy. Just run make in the project directory. You might need to update certificates/team id in the project settings to your own, as the app needs to be signed to be allowed to install the Helper. I think Xcode warns about this if you try to build it. But I'm not yet that familiar with that part myself.

Other features I have planned for the short term are

• Option-click the icon so it only shows the details that way (like the WiFi icon does) and the menu when clicked normally is more terse (like it is now for the config files that cannot be read).
• Adding a icon state which indicates the different between tunnels being enabled and tunnels that are actually running/connected.

If you have any further feedback let me know, feel free to open Github issues for separate problems.

[eecharlie]

You are right, I posted the last comment without going back and checking whether /etc/wireguard was checked.

I got Xcode working with a configured dev account. Having issues with Makefile and with running app via Xcode that I'll open another issue on.

I will close this issue as you have resolved it. I may open another regarding menu sorting :)