* wg-quick add_route
@ 2017-07-12 17:53 Lucian Cristian
2017-10-27 17:23 ` Fwd: " Lucian Cristian
0 siblings, 1 reply; 4+ messages in thread
From: Lucian Cristian @ 2017-07-12 17:53 UTC (permalink / raw)
To: WireGuard mailing list, jason A. Donenfeld
Hi Jason,
I'm using wireguard in some mixed topology and until now I've had LEDE
routers as clients but now I would like to add some CENTOS(and other
distros) clients too.
On LEDE there is an option "Create routes for Allowed IPs for this peer"
that is off by default, but in wg-quick this thing is not optional and
the routes are created by default, so if I would like to allow
10.0.0.0/8 it would create default route for all 10.0.0.0/8 to wg
interface and I don't want that.
I would like to use dynamic routing (rip+eigrp) for routing, if you
could add an entry to peers not to add default route to allowed ip would
be great
until then I've disabled add_route rule in the script
Regards
^ permalink raw reply [flat|nested] 4+ messages in thread
* Fwd: wg-quick add_route
2017-07-12 17:53 wg-quick add_route Lucian Cristian
@ 2017-10-27 17:23 ` Lucian Cristian
2017-10-27 19:48 ` Jason A. Donenfeld
0 siblings, 1 reply; 4+ messages in thread
From: Lucian Cristian @ 2017-10-27 17:23 UTC (permalink / raw)
To: WireGuard mailing list
[-- Attachment #1: Type: text/plain, Size: 1146 bytes --]
coming back with this
is ok if I make a patch to add an option for this situation ?
keep the default as it is and if the let's say NOT_DEFAULT=true, to skip
the add_route or something like this
Regards!
-------- Forwarded Message --------
Subject: wg-quick add_route
Date: Wed, 12 Jul 2017 20:53:01 +0300
From: Lucian Cristian <luci@createc.ro>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>, jason A.
Donenfeld <Jason@zx2c4.com>
Hi Jason,
I'm using wireguard in some mixed topology and until now I've had LEDE
routers as clients but now I would like to add some CENTOS(and other
distros) clients too.
On LEDE there is an option "Create routes for Allowed IPs for this peer"
that is off by default, but in wg-quick this thing is not optional and
the routes are created by default, so if I would like to allow
10.0.0.0/8 it would create default route for all 10.0.0.0/8 to wg
interface and I don't want that.
I would like to use dynamic routing (rip+eigrp) for routing, if you
could add an entry to peers not to add default route to allowed ip would
be great
until then I've disabled add_route rule in the script
Regards
[-- Attachment #2: Type: text/html, Size: 2376 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: wg-quick add_route
2017-10-27 17:23 ` Fwd: " Lucian Cristian
@ 2017-10-27 19:48 ` Jason A. Donenfeld
2017-10-27 20:59 ` Lucian Cristian
0 siblings, 1 reply; 4+ messages in thread
From: Jason A. Donenfeld @ 2017-10-27 19:48 UTC (permalink / raw)
To: Lucian Cristian; +Cc: WireGuard mailing list
Hey Lucian,
If you're using WireGuard for real purposes and not just for a quick
"turn it on turn it off" situation with a remote endpoint, then
wg-quick probably isn't the right tool for you. Instead, I think
you'll be better off just calling wg(8) and ip(8) normally.
The usage of WireGuard in general is supposed to be trivial enough
that you can script this without too much fuss. After all, wg-quick
itself is just a silly little bash script trivially wrapping some
common functionality.
I think if we go down the road of adding a nob for every possible
configuration, you'll wind up having to spend time learning about
which nobs map to which sequence of commands, which will be more
complex than just doing it yourself.
So, I think probably I wouldn't accept such a patch, and you'd be
better off just scripting 4 lines yourself:
ip link add wg0 type wireguard
wg setconf wg0 path/to/conf.conf
ip addr add 10.0.0.1/24 dev wg0
ip link set wg0 up
Especially if you're using rip+eigrp, you already know what you're
doing, and this shouldn't be too difficult for you.
I'm happy to bikeshed this if you'd like; other opinions are always
interesting. But my initial instinct is that needless complexity is
needless.
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: wg-quick add_route
2017-10-27 19:48 ` Jason A. Donenfeld
@ 2017-10-27 20:59 ` Lucian Cristian
0 siblings, 0 replies; 4+ messages in thread
From: Lucian Cristian @ 2017-10-27 20:59 UTC (permalink / raw)
To: Jason A. Donenfeld; +Cc: WireGuard mailing list
On 27.10.2017 22:48, Jason A. Donenfeld wrote:
> Hey Lucian,
>
> If you're using WireGuard for real purposes and not just for a quick
> "turn it on turn it off" situation with a remote endpoint, then
> wg-quick probably isn't the right tool for you. Instead, I think
> you'll be better off just calling wg(8) and ip(8) normally.
>
> The usage of WireGuard in general is supposed to be trivial enough
> that you can script this without too much fuss. After all, wg-quick
> itself is just a silly little bash script trivially wrapping some
> common functionality.
>
> I think if we go down the road of adding a nob for every possible
> configuration, you'll wind up having to spend time learning about
> which nobs map to which sequence of commands, which will be more
> complex than just doing it yourself.
>
> So, I think probably I wouldn't accept such a patch, and you'd be
> better off just scripting 4 lines yourself:
>
> ip link add wg0 type wireguard
> wg setconf wg0 path/to/conf.conf
> ip addr add 10.0.0.1/24 dev wg0
> ip link set wg0 up
>
> Especially if you're using rip+eigrp, you already know what you're
> doing, and this shouldn't be too difficult for you.
>
> I'm happy to bikeshed this if you'd like; other opinions are always
> interesting. But my initial instinct is that needless complexity is
> needless.
>
> Jason
I Jason, I just liked how systemd integrated with wg-quick that's why I
used it and if things are already this way in LEDE then why not have it
in here too
if is not gonna happen is your call and I accept i but is just and if to
the bash script, nothing in the core system
Regards
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-27 20:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-12 17:53 wg-quick add_route Lucian Cristian
2017-10-27 17:23 ` Fwd: " Lucian Cristian
2017-10-27 19:48 ` Jason A. Donenfeld
2017-10-27 20:59 ` Lucian Cristian
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).