* bypass wireguard VPN (wgphys sample script help needed)
@ 2017-05-22 4:37 Helle Vaanzinn
2017-05-22 10:53 ` Jason A. Donenfeld
0 siblings, 1 reply; 2+ messages in thread
From: Helle Vaanzinn @ 2017-05-22 4:37 UTC (permalink / raw)
To: wglist
Hi, I've been testing wireguard as a replacement for openvpn for a while now
and it's doing very well indeed. In no way a skilled networking/routing person,
as a 'regular' user I was looking for a simple scripted way to start/stop a VPN
tunnel and occasionally bypassing that when needed. Wireguard's
`wg-quick` very much does its magic for people like me. I use it in a
basic setup in which all traffic gets routed via the wireguard
interface. Works great. The only piece missing in this simple puzzle is
a way to selectively bypass the tunnel.
While digesting https://www.wireguard.io/netns/ I came across the `wgphys`
sample script and realized that was exactly what I'm looking for. So I pasted the wgphys code into a bash script and exchanged eth0/wlan0 with enp4s0/wlp2s0
(which are used on my Arch Linux box). All set or so I thought :) Running it via
sudo the `wgphys`script complains about unrecognized config settings. Address, PostUp, PostDown, SaveConfig lines from /etc/wirgeuard/wgvpn0.conf spit out config parser errors. I can comment those out but it still doesn't work as expected.
Alas, my current skill-set is way too limited to solve this reliably on my own.
I do realize wireguard is still in full development and the `wgphys`
code probably got outdated along the way. So here's my question: how
would a 'bypass wireguard vpn script for dummies' look like when using
the latest wg-quick from snapshot 0.0.20170517?
Regards, Helle
= = =
server box:
- - - - - - - - - - -
$ sudo cat /etc/wireguard/wg0-server.conf
[Interface]
Address = 10.192.122.1/24
ListenPort = 51820
PrivateKey = <redacted>
SaveConfig = true
[Peer]
AllowedIPs = 10.192.122.2/32
Endpoint = <redacted>
PresharedKey = <redacted>
PublicKey = <redacted>
client box:
- - - - - - - - - - -
$ sudo cat /etc/wireguard/wgvpn0.conf
[Interface]
Address = 10.192.122.2/32
ListenPort = 21841
PrivateKey = <redacted>
SaveConfig = false
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = <redacted>
PersistentKeepalive = 25
PresharedKey = <redacted>
PublicKey = <redacted>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: bypass wireguard VPN (wgphys sample script help needed)
2017-05-22 4:37 bypass wireguard VPN (wgphys sample script help needed) Helle Vaanzinn
@ 2017-05-22 10:53 ` Jason A. Donenfeld
0 siblings, 0 replies; 2+ messages in thread
From: Jason A. Donenfeld @ 2017-05-22 10:53 UTC (permalink / raw)
To: Helle Vaanzinn; +Cc: wglist
Hi Helle,
There is no trivial "copy&paste" solution for wgphys that works on all
systems everywhere. If you don't possess the knowledge to understand
what every line is supposed to do and tweak it for your particular
system configuration, the wgphys solution isn't for you. If I can ever
think of a 100% portable way of implementing this, though, I'd
certainly release that. For now, it requires actually understanding
which daemons your network uses and shutting them down and starting
them back up as required.
However, if you'd like to keep using wg-quick, and add an "override"
switch for it, I'm sure you could fashion something decent out of
clever usage of fwmark, ip rule, and iptables.
Regards,
Jason
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-05-22 10:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-22 4:37 bypass wireguard VPN (wgphys sample script help needed) Helle Vaanzinn
2017-05-22 10:53 ` Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).