Using MozillaVPN without the GUI (part 2)
This tutorial demonstrates how to configure MozillaVPN with WireGuard using NetworkManager on Linux systems—no official GUI required.
If you haven’t read Part 1 of this series yet, consider starting there for foundational steps on setting up MozillaVPN without the GUI.
This is the second article of a two-parts series that explains how to use MozillaVPN, a virtual private network (VPN), without the official GUI but using NetworkManager as management user interface instead. This second article will dive deeper into the hows and whys of using MozillaVPN with NetworkManager, providing a more detailed explanation of how it works under the hood.
In this article, you will learn how to:
- Import your MozillaVPN WireGuard configurations into NetworkManager.
- Connect and disconnect from your VPN using nmcli.
- Tweak autoconnect and rename VPN connections.
This article targets intermediate to advanced Linux users who are comfortable with command-line tools and want to manage MozillaVPN via NetworkManager instead of relying on the standard GUI.
If you’re looking for a more unified way to manage all your network interfaces—including VPNs—under one tool, or if you run a desktop environment where the default MozillaVPN GUI is unavailable or undesirable, this tutorial will show you how to integrate MozillaVPN connections into NetworkManager.
Many users find that juggling multiple network management tools can be cumbersome, especially on Linux distributions with varied desktop environments. By leveraging NetworkManager, you can manage your WireGuard-based MozillaVPN alongside other connections in one place—saving time and reducing potential conflicts.
Before proceeding, you should have a basic understanding of WireGuard, nmcli commands, and standard Linux networking concepts. If you are new to these, see our references at the end or consult your distribution’s documentation.
I use MozillaVPN daily in my work environment — managing connections entirely through NetworkManager and its command-line tools (nmcli) or via the Plasma NetworkManager applet.
Each year, I regenerate and re-import my WireGuard configurations into NetworkManager, and I’ve encountered various quirks along the way. This article captures the key lessons I’ve learned so others can avoid the same pitfalls. By relying on NetworkManager, I avoid having to install or maintain a dedicated MozillaVPN GUI, and I appreciate the flexibility and consistency it offers across different desktop environments.
Early on, when I was experimenting with this setup, I ended up repeatedly importing the same WireGuard configurations—sometimes only slightly modified. After a few cycles of trial and error, I had amassed dozens of nearly identical VPN entries in NetworkManager. Worse still, many of them were set to autoconnect, which meant they would all vie for an active connection each time I booted my system. I had to remove them one by one, and it quickly turned into a tedious cleanup project! That frustrating experience is exactly why I now emphasize turning off autoconnect and carefully managing imported files from the start.
Using NetworkManager commands to import config
Imagine we want to import the /etc/wireguard/jp-osa-wg-001.conf a configuration file.
The first step would be to import the configuration file into NetworkManager, which can be done with the following command:
$ nmcli connection import type wireguard file /etc/wireguard/jp-osa-wg-001.conf
Connection 'jp-osa-wg-001' (a1fce7d4-2e38-416d-bac1-6a517e25eaa6) successfully added.
Note: by default, the connection is started as soon as the file is loaded.
Once you have imported the MozillaVPN configurations into NetworkManager, you can easily manage your VPN connections through your favorite NetworkManager interface (in KDE/Plasma, Gnome, XFCE, etc.):
- You can connect to a VPN by selecting it from the list of available connections and clicking the “Connect” button.
- To disconnect from a VPN, simply select the connection and click the “Disconnect” button.
Alternatively, you can use the NetworkManager CLI to list active connections:
$ nmcli connection show
$ # or to limit to active connections:
$ nmcli connection show --active
You can start your VPN connection by typing:
$ nmcli connection up jp-osa-wg-001
$ # or
$ nmcli connection up uuid a1fce7d4-2e38-416d-bac1-6a517e25eaa6
You can stop the connection with one of the following commands:
$ nmcli connection down jp-osa-wg-001
Connection 'jp-osa-wg-001' successfully deactivated (D-Bus active path: ...)
$ # or
$ nmcli connection down uuid a1fce7d4-2e38-416d-bac1-6a517e25eaa6
Connection 'jp-osa-wg-001' successfully deactivated (D-Bus active path: ...)
You may also want to disable the autoconnect feature for these connections, as it can be inconvenient to have your imported VPN automatically connecting whenever you start your computer.
To do this, you can run either of the following commands:
$ nmcli connection modify jp-osa-wg-001 autoconnect no
$ # or
$ nmcli connection modify uuid a1fce7d4-2e38-416d-bac1-6a517e25eaa6 autoconnect no
You may also want to rename yout VPN connections, which is feasible with the next command:
$ nmcli connection modify jp-osa-wg-001 connection.id "MozillaVPN (jp-osa-wg-001)"
$ # or
$ nmcli connection modify uuid a1fce7d4-2e38-416d-bac1-6a517e25eaa6
connection.id "MozillaVPN (jp-osa-wg-001)"
As usual, use the ping, ip and wg commands to test your connections, view IP routing and other information:
$ ping -c3 linuxfr.org
PING linuxfr.org (213.36.253.176) 56(84) bytes of data.
64 bytes from prod.linuxfr.org (213.36.253.176): icmp_seq=1 ttl=59 time=37.8 ms
64 bytes from prod.linuxfr.org (213.36.253.176): icmp_seq=2 ttl=59 time=39.1 ms
...
$ sudo wg
$ sudo ip -c route list table all
Note: Listing all tables is needed since the VPN rules are assigned to a specific routing table when using Wireguard.
Conclusion
“Feel free to tweak the configurations with custom DNS settings or post-up scripts. This level of manual control is one of the key perks of using NetworkManager with WireGuard directly.”
References
- MozWire - An unofficial configuration manager giving Linux, macOS users (among others), access to MozillaVPN.
- MozillaVPN - A Virtual Private Network from the makers of Firefox.
- nmcli - A command-line tool for controlling NetworkManager.