From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: Jason@zx2c4.com
Received: from krantz.zx2c4.com (localhost [127.0.0.1])
 by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id c0084226
 for <wireguard@lists.zx2c4.com>;
 Thu, 26 Oct 2017 03:19:59 +0000 (UTC)
Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64])
 by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 49fad773
 for <wireguard@lists.zx2c4.com>;
 Thu, 26 Oct 2017 03:19:59 +0000 (UTC)
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 336c791a
 for <wireguard@lists.zx2c4.com>;
 Thu, 26 Oct 2017 03:19:59 +0000 (UTC)
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b287b495
 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO)
 for <wireguard@lists.zx2c4.com>;
 Thu, 26 Oct 2017 03:19:59 +0000 (UTC)
Received: by mail-oi0-f45.google.com with SMTP id h200so3444394oib.4
 for <wireguard@lists.zx2c4.com>; Wed, 25 Oct 2017 20:21:40 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1508986442.581908.1151315616.1C72E382@webmail.messagingengine.com>
References: <CAHmME9q0m1rEfc_CFsb3qv6oQ97QOjtPDxe6yY+D+0aAApE9Yg@mail.gmail.com>
 <1508986442.581908.1151315616.1C72E382@webmail.messagingengine.com>
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 26 Oct 2017 05:21:38 +0200
Message-ID: <CAHmME9p2GRzrT9-XZgVD921Ojxt88xKZOmg=rFh+ECJZ9gPYmA@mail.gmail.com>
Subject: Re: Fixing wg-quick's DNS= directive with a hatchet
To: Eric Light <eric@ericlight.com>
Content-Type: text/plain; charset="UTF-8"
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
List-Id: Development discussion of WireGuard <wireguard.lists.zx2c4.com>
List-Unsubscribe: <https://lists.zx2c4.com/mailman/options/wireguard>,
 <mailto:wireguard-request@lists.zx2c4.com?subject=unsubscribe>
List-Archive: <http://lists.zx2c4.com/pipermail/wireguard/>
List-Post: <mailto:wireguard@lists.zx2c4.com>
List-Help: <mailto:wireguard-request@lists.zx2c4.com?subject=help>
List-Subscribe: <https://lists.zx2c4.com/mailman/listinfo/wireguard>,
 <mailto:wireguard-request@lists.zx2c4.com?subject=subscribe>

On Thu, Oct 26, 2017 at 4:54 AM, Eric Light <eric@ericlight.com> wrote:
> It looks ... really elegant to me.  That said, it could end up being
> super confusing.  I definitely second Kalin's comments about adding a
> comment header to /etc/resolv.conf.wg-quick.wg0

I thought it was a good suggestion too, so I implemented it. Here's
what it looks like:

zx2c4@thinkpad ~ $ wg-quick up martino
[#] ip link add martino type wireguard
[#] wg setconf martino /dev/fd/63
[#] ip address add 10.10.11.100/32 dev martino
[#] ip link set mtu 1420 dev martino
[#] ip link set martino up
[#] mount -Br /etc/resolv.conf.wg-quick.martino /etc/resolv.conf
[#] wg set martino fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev martino table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0

zx2c4@thinkpad ~ $ cat /etc/resolv.conf
# This file was generated by wg-quick(8) for use with
# the WireGuard interface martino. It cannot be
# removed or altered directly. You may remove this file
# by running `wg-quick down martino`, or if that
# poses problems, run `umount /etc/resolv.conf`.
nameserver 10.10.11.1

zx2c4@thinkpad ~ $ wg-quick down martino
[#] ip -4 rule delete table 51820
[#] ip -4 rule delete table main suppress_prefixlength 0
[#] ip link delete dev martino
[#] umount /etc/resolv.conf

> All that's left is for me to hat-tip your Paulsen reference.  I still
> have that book at home, probably been 20 years since I've read it.
> Linux certainly has an abundance of porcupines buried in the terrain.

:) Must have read it at least ten times as a kid...