From 3bc11384b38879091df0671fa4231c31cca9c58d Mon Sep 17 00:00:00 2001
From: Subho <contact.subhoghosh@gmail.com>
Date: Mon, 26 Jun 2023 21:34:29 +0530
Subject: [PATCH] network: wireguard WIP

---
 pkg/networkmanager/dialogs-common.jsx      |  33 ++-
 pkg/networkmanager/interfaces.js           |  65 ++++-
 pkg/networkmanager/network-interface.jsx   |  16 +-
 pkg/networkmanager/network-main.jsx        |   1 +
 pkg/networkmanager/wireguard.jsx           | 262 +++++++++++++++++++++
 pkg/networkmanager/wireguard.scss          |  28 +++
 test/run                                   |   2 +-
 test/verify/check-networkmanager-wireguard |  58 +++++
 8 files changed, 447 insertions(+), 18 deletions(-)
 create mode 100644 pkg/networkmanager/wireguard.jsx
 create mode 100644 pkg/networkmanager/wireguard.scss
 create mode 100755 test/verify/check-networkmanager-wireguard

diff --git a/pkg/networkmanager/dialogs-common.jsx b/pkg/networkmanager/dialogs-common.jsx
index 8d403295cf3b..ad1c9feba397 100644
--- a/pkg/networkmanager/dialogs-common.jsx
+++ b/pkg/networkmanager/dialogs-common.jsx
@@ -35,11 +35,14 @@ import { IpSettingsDialog } from './ip-settings.jsx';
 import { TeamDialog, getGhostSettings as getTeamGhostSettings } from './team.jsx';
 import { TeamPortDialog } from './teamport.jsx';
 import { VlanDialog, getGhostSettings as getVlanGhostSettings } from './vlan.jsx';
+import { WireGuardDialog, getWireGuardGhostSettings } from './wireguard.jsx';
 import { MtuDialog } from './mtu.jsx';
 import { MacDialog } from './mac.jsx';
 import { ModalError } from 'cockpit-components-inline-notification.jsx';
 import { ModelContext } from './model-context.jsx';
 import { useDialogs } from "dialogs.jsx";
+import { install_dialog } from "cockpit-components-install-dialog.jsx";
+import { read_os_release } from "os-release.js";
 
 import {
     apply_group_member,
@@ -141,7 +144,7 @@ export const Name = ({ idPrefix, iface, setIface }) => {
     );
 };
 
-export const NetworkModal = ({ dialogError, help, idPrefix, title, onSubmit, children, isFormHorizontal }) => {
+export const NetworkModal = ({ dialogError, help, idPrefix, title, onSubmit, children, isFormHorizontal, submitDisabled = false }) => {
     const Dialogs = useDialogs();
 
     return (
@@ -152,7 +155,7 @@ export const NetworkModal = ({ dialogError, help, idPrefix, title, onSubmit, chi
             title={title}
             footer={
                 <>
-                    <Button variant='primary' id={idPrefix + "-save"} onClick={onSubmit}>
+                    <Button variant='primary' id={idPrefix + "-save"} onClick={onSubmit} isDisabled={submitDisabled}>
                         {_("Save")}
                     </Button>
                     <Button variant='link' id={idPrefix + "-cancel"} onClick={Dialogs.close}>
@@ -183,7 +186,7 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
         let name;
         // Find the first free interface name
         for (let i = 0; i < 100; i++) {
-            name = type + i;
+            name = (type == 'wireguard' ? 'wg' : type) + i;
             if (!model.find_interface(name))
                 break;
         }
@@ -198,10 +201,25 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
         if (type == 'vlan') settings = getVlanGhostSettings();
         if (type == 'team') settings = getTeamGhostSettings({ newIfaceName });
         if (type == 'bridge') settings = getBridgeGhostSettings({ newIfaceName });
+        if (type == 'wireguard') settings = getWireGuardGhostSettings({ newIfaceName });
     }
 
     const properties = { connection: con, dev, settings };
 
+    async function resolveDeps(type) {
+        if (type === 'wireguard') {
+            try {
+                await cockpit.script("command -v wg");
+            } catch {
+                const os_release = await read_os_release();
+
+                // RHEL/CentOS 8 does not have wireguard-tools
+                if (os_release.PLATFORM_ID !== "platform:el8")
+                    await install_dialog("wireguard-tools");
+            }
+        }
+    }
+
     function show() {
         let dlg = null;
         if (type == 'bond')
@@ -212,6 +230,8 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
             dlg = <TeamDialog {...properties} />;
         else if (type == 'bridge')
             dlg = <BridgeDialog {...properties} />;
+        else if (type == 'wireguard')
+            dlg = <WireGuardDialog {...properties} />;
         else if (type == 'mtu')
             dlg = <MtuDialog {...properties} />;
         else if (type == 'mac')
@@ -224,8 +244,13 @@ export const NetworkAction = ({ buttonText, iface, connectionSettings, type }) =
             dlg = <IpSettingsDialog topic="ipv4" {...properties} />;
         else if (type == 'ipv6')
             dlg = <IpSettingsDialog topic="ipv6" {...properties} />;
+
         if (dlg)
-            Dialogs.show(dlg);
+            resolveDeps(type).then(() => {
+                Dialogs.show(dlg);
+            }).catch((e) => {
+                console.error(e);
+            });
     }
 
     return (
diff --git a/pkg/networkmanager/interfaces.js b/pkg/networkmanager/interfaces.js
index c3db37d76742..cf460ea1b265 100644
--- a/pkg/networkmanager/interfaces.js
+++ b/pkg/networkmanager/interfaces.js
@@ -585,6 +585,18 @@ export function NetworkManagerModel() {
             };
         }
 
+        if (settings.wireguard) {
+            result.wireguard = {
+                listen_port: get("wireguard", "listen-port", ""),
+                peers: get("wireguard", "peers", []).map(peer => ({
+                    publicKey: peer['public-key'].v,
+                    endpoint: peer.endpoint?.v ?? "", // enpoint of a peer is optional
+                    allowedIps: peer['allowed-ips'].v
+                })),
+                private_key: get("wireguard", "private-key")
+            };
+        }
+
         return result;
     }
 
@@ -699,6 +711,33 @@ export function NetworkManagerModel() {
         } else
             delete result["802-3-ethernet"];
 
+        if (settings.wireguard) {
+            set("wireguard", "private-key", "s", settings.wireguard.private_key);
+            set("wireguard", "listen-port", "u", settings.wireguard.listen_port);
+            set("wireguard", "peers", "aa{sv}", settings.wireguard.peers.map(peer => {
+                return {
+                    "public-key": {
+                        t: "s",
+                        v: peer.publicKey
+                    },
+                    ...peer.endpoint
+                        ? {
+                            endpoint: {
+                                t: "s",
+                                v: peer.endpoint
+                            }
+                        }
+                        : {},
+                    "allowed-ips": {
+                        t: "as",
+                        v: peer.allowedIps
+                    }
+                };
+            }));
+        } else {
+            delete result.wireguard;
+        }
+
         return result;
     }
 
@@ -785,18 +824,20 @@ export function NetworkManagerModel() {
             connections_by_uuid[settings.connection.uuid] = obj;
     }
 
-    function refresh_settings(obj) {
+    async function refresh_settings(obj) {
         push_refresh();
-        client.call(objpath(obj), "org.freedesktop.NetworkManager.Settings.Connection", "GetSettings")
-                .then(function(reply) {
-                    const result = reply[0];
-                    if (result) {
-                        priv(obj).orig = result;
-                        set_settings(obj, settings_from_nm(result));
-                    }
-                })
-                .catch(complain)
-                .finally(pop_refresh);
+
+        try {
+            const [result] = await client.call(objpath(obj), "org.freedesktop.NetworkManager.Settings.Connection", "GetSettings");
+            if (result) {
+                priv(obj).orig = result;
+                set_settings(obj, settings_from_nm(result));
+            }
+        } catch (e) {
+            complain(e);
+        } finally {
+            pop_refresh();
+        }
     }
 
     function refresh_udev(obj) {
@@ -829,7 +870,7 @@ export function NetworkManagerModel() {
                 .finally(pop_refresh);
     }
 
-    function handle_updated(obj) {
+    function handle_updated(obj, things) {
         refresh_settings(obj);
     }
 
diff --git a/pkg/networkmanager/network-interface.jsx b/pkg/networkmanager/network-interface.jsx
index e36c4241d5e0..021607a0ff5b 100644
--- a/pkg/networkmanager/network-interface.jsx
+++ b/pkg/networkmanager/network-interface.jsx
@@ -562,6 +562,19 @@ export const NetworkInterfacePage = ({
             return renderSettingsRow(_("VLAN"), rows, configure);
         }
 
+        function renderWireGuardSettingsRow() {
+            const rows = [];
+            const options = settings.wireguard;
+
+            if (!options) {
+                return null;
+            }
+
+            const configure = <NetworkAction type="wireguard" iface={iface} connectionSettings={settings} />;
+
+            return renderSettingsRow(_("WireGuard"), rows, configure);
+        }
+
         return [
             render_group(),
             renderAutoconnectRow(),
@@ -573,7 +586,8 @@ export const NetworkInterfacePage = ({
             renderBridgePortSettingsRow(),
             renderBondSettingsRow(),
             renderTeamSettingsRow(),
-            renderTeamPortSettingsRow()
+            renderTeamPortSettingsRow(),
+            renderWireGuardSettingsRow(),
         ];
     }
 
diff --git a/pkg/networkmanager/network-main.jsx b/pkg/networkmanager/network-main.jsx
index 9efcf7cd54cd..cebe378e4807 100644
--- a/pkg/networkmanager/network-main.jsx
+++ b/pkg/networkmanager/network-main.jsx
@@ -138,6 +138,7 @@ export const NetworkPage = ({ privileged, operationInProgress, usage_monitor, pl
 
     const actions = privileged && (
         <>
+            <NetworkAction buttonText={_("Add WireGuard")} type='wireguard' />
             <NetworkAction buttonText={_("Add bond")} type='bond' />
             <NetworkAction buttonText={_("Add team")} type='team' />
             <NetworkAction buttonText={_("Add bridge")} type='bridge' />
diff --git a/pkg/networkmanager/wireguard.jsx b/pkg/networkmanager/wireguard.jsx
new file mode 100644
index 000000000000..59e906f44193
--- /dev/null
+++ b/pkg/networkmanager/wireguard.jsx
@@ -0,0 +1,262 @@
+/*
+ * This file is part of Cockpit.
+ *
+ * Copyright (C) 2023 Red Hat, Inc.
+ *
+ * Cockpit is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or
+ * (at your option) any later version.
+ *
+ * Cockpit is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import React, { useContext, useEffect, useState } from 'react';
+import cockpit from 'cockpit';
+import { Button } from '@patternfly/react-core/dist/esm/components/Button/index.js';
+import { ClipboardCopy } from '@patternfly/react-core/dist/esm/components/ClipboardCopy/index.js';
+import { EmptyState, EmptyStateBody } from '@patternfly/react-core/dist/esm/components/EmptyState/index.js';
+import { FormGroup, FormFieldGroup, FormFieldGroupHeader } from '@patternfly/react-core/dist/esm/components/Form/index.js';
+import { Grid } from '@patternfly/react-core/dist/esm/layouts/Grid/index.js';
+import { InputGroup } from '@patternfly/react-core/dist/esm/components/InputGroup/index.js';
+import { MinusIcon } from '@patternfly/react-icons';
+import { TextInput } from '@patternfly/react-core/dist/esm/components/TextInput/index.js';
+
+import { Name, NetworkModal, dialogSave } from "./dialogs-common";
+import { ModelContext } from './model-context';
+import { useDialogs } from 'dialogs.jsx';
+
+import './wireguard.scss';
+
+const _ = cockpit.gettext;
+
+function addressesToString(addresses) {
+    return addresses.map(address => address[0] + "/" + address[1]).join(",");
+}
+
+function stringToAddresses(str) {
+    return str.split(",").map(strAddress => {
+        const parts = strAddress.split("/");
+        if (parts.length > 2) {
+            throw new Error(_("Addresses is not formatted correctly"));
+        }
+        const [ip, prefix] = parts;
+        const defaultPrefix = "32";
+        // For WireGuard interfaces gateway should not be set
+        // The gateway may be left as 0 if no gateway exists
+        const gateway = "0.0.0.0";
+        return [ip, prefix ?? defaultPrefix, gateway];
+    });
+}
+
+export function WireGuardDialog({ settings, connection, dev }) {
+    const Dialogs = useDialogs();
+    const idPrefix = 'network-wireguard-settings';
+    const model = useContext(ModelContext);
+
+    const [iface, setIface] = useState(settings.connection.interface_name);
+    const [privateKey, setPrivateKey] = useState("");
+    const [publicKey, setPublicKey] = useState('');
+    const [listenPort, setListenPort] = useState(settings.wireguard.listen_port);
+    const [addresses, setAddresses] = useState(addressesToString(settings.ipv4.addresses));
+    const [dialogError, setDialogError] = useState('');
+    const [peers, setPeers] = useState(settings.wireguard.peers.map(peer => ({ ...peer, allowedIps: peer.allowedIps.join(',') })));
+    const [submitDisabled, setSubmitDisabled] = useState(true);
+
+    // Disabled Save button if the mandatory fields are empty
+    useEffect(() => {
+        if (iface && privateKey && addresses)
+            setSubmitDisabled(false);
+        else
+            setSubmitDisabled(true);
+    }, [iface, addresses, privateKey]);
+
+    // HACK - https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1336
+    useEffect(() => {
+        async function getPrivateKey() {
+            const objpath = connection[" priv"].path;
+            const [result] = await model.client.call(objpath, "org.freedesktop.NetworkManager.Settings.Connection", "GetSecrets", ["wireguard"]);
+            setPrivateKey(result.wireguard["private-key"].v);
+        }
+
+        if (connection && connection[" priv"].path) {
+            getPrivateKey();
+        }
+    }, [model, connection]);
+
+    useEffect(() => {
+        if (privateKey === "") {
+            setPublicKey("");
+            return;
+        }
+
+        async function getPublicKey() {
+            try {
+                const key = await cockpit.spawn(["wg", "pubkey"], { err: 'message' }).input(privateKey.trim());
+                setPublicKey(key.trim());
+            } catch (e) {
+                console.error(e.message);
+                setPublicKey('');
+            }
+        }
+
+        getPublicKey();
+    }, [privateKey]);
+
+    function onSubmit() {
+        // Validate Addresses before submit
+        let addr;
+        try {
+            addr = stringToAddresses(addresses);
+        } catch (e) {
+            setDialogError(e.message);
+            return;
+        }
+
+        function createSettingsObj() {
+            return {
+                ...settings,
+                connection: {
+                    ...settings.connection,
+                    id: `con-${iface}`,
+                    interface_name: iface,
+                    type: 'wireguard'
+                },
+                wireguard: {
+                    private_key: privateKey.trim(),
+                    listen_port: +listenPort,
+                    peers: peers.map(peer => ({ ...peer, allowedIps: [peer.allowedIps] })),
+                },
+                ipv4: {
+                    addresses: addr,
+                    method: 'manual',
+                    dns: [],
+                    dns_search: []
+                }
+            };
+        }
+
+        dialogSave({
+            connection,
+            dev,
+            model,
+            settings: createSettingsObj(),
+            onClose: Dialogs.close,
+            setDialogError
+        });
+    }
+
+    return (
+        <NetworkModal title={_("WireGuard settings")} onSubmit={onSubmit} dialogError={dialogError} idPrefix={idPrefix} submitDisabled={submitDisabled}>
+            <Name idPrefix={idPrefix} iface={iface} setIface={setIface} />
+            <FormGroup label={_("Private key")} fieldId={idPrefix + '-private-key-input'}>
+                <InputGroup>
+                    <TextInput id={idPrefix + '-private-key-input'} value={privateKey} onChange={(_, val) => setPrivateKey(val)} />
+                    <Button variant='secondary'
+                        onClick={async () => {
+                            const key = await cockpit.spawn(["wg", "genkey"]);
+                            setPrivateKey(key.trim());
+                        }}
+                    >
+                        {_("Generate private key")}
+                    </Button>
+                </InputGroup>
+            </FormGroup>
+            <FormGroup label={_("Public key")}>
+                <ClipboardCopy isReadOnly>{publicKey}</ClipboardCopy>
+            </FormGroup>
+            <FormGroup label={_("Listen port")} fieldId={idPrefix + '-listen-port-input'}>
+                <TextInput id={idPrefix + '-listen-port-input'} placeholder={_("Random port selected when unspecified")} type='number' value={listenPort} onChange={(_, val) => { setListenPort(val) }} />
+            </FormGroup>
+            <FormGroup label={_("Addresses")} fieldId={idPrefix + '-addresses-input'}>
+                <TextInput id={idPrefix + '-addresses-input'} value={addresses} onChange={(_, val) => { setAddresses(val) }} placeholder={_("E.g. 10.0.0.1/24")} />
+            </FormGroup>
+            <FormFieldGroup
+                header={
+                    <FormFieldGroupHeader
+                        titleText={{ text: _("Peers") }}
+                        actions={
+                            <Button
+                                variant='secondary'
+                                onClick={() => setPeers(peers => [...peers, { publicKey: '', endpoint: '', allowedIps: '' }])}
+                            >
+                                {_("Add peer")}
+                            </Button>
+                        }
+                    />
+                }
+                className='dynamic-form-group'
+            >
+                {(peers.length !== 0)
+                    ? peers.map((peer, i) => (
+                        <Grid key={i} hasGutter>
+                            <FormGroup className='pf-m-6-col-on-md' label={_("Public key")} fieldId={idPrefix + '-publickey-peer-' + i}>
+                                <TextInput
+                                    value={peer.publicKey}
+                                    onChange={(_, val) => {
+                                        setPeers(peers => peers.map((peer, index) => i === index ? { ...peer, publicKey: val } : peer));
+                                    }}
+                                    id={idPrefix + '-publickey-peer-' + i}
+                                />
+                            </FormGroup>
+                            <FormGroup className='pf-m-3-col-on-md' label={_("Endpoint")} fieldId={idPrefix + '-endpoint-peer-' + i}>
+                                <TextInput
+                                    value={peer.endpoint}
+                                    onChange={(_, val) => {
+                                        setPeers(peers => peers.map((peer, index) => i === index ? { ...peer, endpoint: val } : peer));
+                                    }}
+                                    id={idPrefix + '-endpoint-peer-' + i}
+                                />
+                            </FormGroup>
+                            <FormGroup className='pf-m-3-col-on-md' label={_("Allowed IPs")} fieldId={idPrefix + '-allowedips-peer-' + i}>
+                                <TextInput
+                                    value={peer.allowedIps}
+                                    onChange={(_, val) => {
+                                        setPeers(peers => peers.map((peer, index) => i === index ? { ...peer, allowedIps: val } : peer));
+                                    }}
+                                    id={idPrefix + '-allowedips-peer-' + i}
+                                />
+                            </FormGroup>
+                            <FormGroup className='pf-m-1-col-on-md remove-button-group'>
+                                <Button
+                                    variant='secondary'
+                                    onClick={() => {
+                                        setPeers(peers => peers.filter((_, index) => i !== index));
+                                    }}
+                                >
+                                    <MinusIcon />
+                                </Button>
+                            </FormGroup>
+                        </Grid>
+                    ))
+                    : <EmptyState>
+                        <EmptyStateBody>{_("No peers added.")}</EmptyStateBody>
+                    </EmptyState>
+                }
+            </FormFieldGroup>
+        </NetworkModal>
+    );
+}
+
+export function getWireGuardGhostSettings({ newIfaceName }) {
+    return {
+        connection: {
+            id: `con-${newIfaceName}`,
+            interface_name: newIfaceName
+        },
+        wireguard: {
+            listen_port: "",
+            private_key: "",
+            peers: []
+        },
+        ipv4: {
+            addresses: []
+        }
+    };
+}
diff --git a/pkg/networkmanager/wireguard.scss b/pkg/networkmanager/wireguard.scss
new file mode 100644
index 000000000000..06071ee48ff8
--- /dev/null
+++ b/pkg/networkmanager/wireguard.scss
@@ -0,0 +1,28 @@
+.dynamic-form-group {
+  .pf-v5-c-empty-state {
+    padding: 0;
+  }
+
+  .pf-v5-c-form__field-group-body {
+    .pf-v5-c-form__group {
+      display: block;
+    }
+
+    .remove-button-group {
+      // Move 'Remove' button the the end of the row
+      grid-column: -1;
+      // Move 'Remove' button to the bottom of the line so as to align with the other form fields
+      display: flex;
+      align-items: flex-end;
+    }
+  }
+
+  // We use FormFieldGroup PF component for the nested look and for ability to add buttons to the header
+  // However we want to save space and not add indent to the left so we need to override it
+  .pf-v5-c-form__field-group-body {
+    // Stretch content fully
+    --pf-v5-c-form__field-group-body--GridColumn: 1 / -1;
+    // Reduce padding at the top
+    --pf-v5-c-form__field-group-body--PaddingTop: var(--pf-v5-global--spacer--xs);
+  }
+}
diff --git a/test/run b/test/run
index f6871c919caf..94712145899d 100755
--- a/test/run
+++ b/test/run
@@ -12,7 +12,7 @@ PREPARE_OPTS=""
 RUN_OPTS=""
 ALL_TESTS="$(test/common/run-tests --test-dir test/verify -l)"
 
-RE_NETWORKING='Networking|Bonding|TestBridge|Firewall|Team|IPA|AD'
+RE_NETWORKING='Networking|Bonding|TestBridge|Firewall|Team|IPA|AD|WireGuard'
 RE_STORAGE='Storage'
 RE_EXPENSIVE='HostSwitching|MultiMachine|Updates|Superuser|Kdump|Pages'
 
diff --git a/test/verify/check-networkmanager-wireguard b/test/verify/check-networkmanager-wireguard
new file mode 100755
index 000000000000..a61f61867831
--- /dev/null
+++ b/test/verify/check-networkmanager-wireguard
@@ -0,0 +1,58 @@
+#!/usr/bin/python3 -cimport os, sys; os.execv(os.path.dirname(sys.argv[1]) + "/../common/pywrap", sys.argv)
+
+import testlib
+
+
+class TestWireGuard(testlib.MachineCase):
+    provision = {
+        "machine1": {"address": "192.168.100.11/24", "restrict": False},
+        "machine2": {"address": "192.168.100.12/24", "restrict": False},
+    }
+
+    def testVPN(self):
+        m1 = self.machines["machine1"]
+        m2 = self.machines["machine2"]
+        b = self.browser
+
+        self.login_and_go("/network")
+
+
+        # Peer 2 (server)
+        if not m2.ostree_image:
+            m2.execute("systemctl stop firewalld") # TODO: Fix it
+        m2.execute("wg genkey > private")
+        m2_port = 51820
+        m2_pubkey = m2.execute("wg pubkey < private").strip()
+
+        m2.execute("ip link add dev wg0 type wireguard")
+        m2.execute("ip addr add 10.0.0.2/24 dev wg0")
+        m2.execute("wg set wg0 private-key ./private")
+        m2.execute(f"wg set wg0 listen-port {m2_port}")
+        m2.execute("ip link set wg0 up")
+
+        # Peer 1 (client)
+        b.click("button:contains('Add WireGuard')")
+        b.wait_visible("#network-wireguard-settings-dialog")
+        b.click("button:contains('Generate private key')")
+        b.wait_not_val("#network-wireguard-settings-dialog .pf-v5-c-clipboard-copy input", "")
+        m1_pubkey = b.val("#network-wireguard-settings-dialog .pf-v5-c-clipboard-copy input")
+        b.set_input_text("#network-wireguard-settings-listen-port-input", "51820")
+        b.set_input_text("#network-wireguard-settings-addresses-input", "10.0.0.1/24")
+        b.click("button:contains('Add peer')")
+        b.set_input_text("#network-wireguard-settings-publickey-peer-0", m2_pubkey)
+        b.set_input_text("#network-wireguard-settings-endpoint-peer-0", f"192.168.100.12:{m2_port}")
+        b.set_input_text("#network-wireguard-settings-allowedips-peer-0", "10.0.0.2")
+        b.click("button:contains('Save')")
+
+        m2.execute(f"wg set wg0 peer {m1_pubkey} allowed-ips 10.0.0.1/32") # endpoint and port is not necessary for a peer if that peer estalishes the connectio first (i.e. the client)
+
+        try:
+            m1.execute("ping -c 5 10.0.0.2")
+        except:
+            m1.execute("ip a >&2; ip route >&2; nmcli c >&2; wg >&2")
+            m2.execute("ip a >&2; ip route >&2; nmcli c >&2; wg >&2")
+            raise
+
+
+if __name__ == "__main__":
+    testlib.test_main()