4

I'm running the latest Catalina beta (19A578c), and the latest Wireguard client from https://www.wireguard.com.

After a Catalina beta update this morning, all my configured VPNs disappeared. I can still see the keys associated with each of them in my login keychain, but do not see a way to restore or import the VPNs back into Wireguard. I have full time machine backups, but can not find any record of these configuration files anywhere in my system/user libraries or other filesystem locations.

Does anyone know what file(s) I need to restore to get these configured VPNs back?

Aubrey Falconer
  • 143
  • 1
  • 3
  • Shouldn't your Time Machine backups contain the configuration files? You certainly should not get rid of those keys as they will be required even if you manually restore the VPN the configurations. – Ramhound Oct 02 '19 at 17:41
  • Yes - I expect that the time machine backups do contain the config files I need to restore. My issue is that the Wireguard site and other docs don't describe where these config files can be found. A system-level finder search turned up nothing, and I can't find any relevant system/user level Library folders or plist files. Note that I installed Wireguard via the App Store - perhaps sandboxed apps are managed differently on macOS? (longtime linux user here who recently switched over to a MBP). – Aubrey Falconer Oct 02 '19 at 19:53
  • MacOS also seems to store all Wireguard-configured VPNs inside the system-level networking settings. Here's a screenshot of a test VPN I created earlier in a vain attempt to locate its configuration on my filesystem: https://cl.ly/8a9aa7fdc398 – Aubrey Falconer Oct 02 '19 at 19:59
  • I saw this same problem after yesterday's Mojave patch release - 10.14.6. Restoring my keychain from backup and then copy-pasting the wireguard configs worked fine – gnmerritt Feb 06 '20 at 16:41

1 Answers1

2

Workaround for the loss of configuration until Apple fixes it:

The wireguard configuration is not stored in config files but in the MacOS keychain. Search for "WireGuard Tunnel" in the login keychain. If you cannot find it after a Wireguard update or a Catalina update, restore your login keychain from a TimeMachine backup. The restored keychain should contain all WireGuard Tunnel configurations. The tunnel config can then be found in the "Password" field. Note that there are multiple lines; you see only [Interface] initially. Just Copy all content (CMD+A CMD+C) and then paste it into a new WireGuard tunnel config (CMD+V).

There seems to be a bug in Catalina causing the issue. The wg developers are now aware of it.

Roland
  • 54
  • 3
  • Thanks Roland! This worked for me. All of the tunnel config entries had also disappeared from my login keychain, but I was able to copy-paste-restore each of them after retrieving an older keychaindb via Time Machine. – Aubrey Falconer Oct 15 '19 at 19:27
  • Much appreciated! This solved my exact problem. – CGuess Sep 08 '21 at 16:30