* PSA: systemd-networkd v250 adds routes from allowedips by default
@ 2022-01-04 15:58 Jason A. Donenfeld
0 siblings, 0 replies; only message in thread
From: Jason A. Donenfeld @ 2022-01-04 15:58 UTC (permalink / raw)
To: WireGuard mailing list
Hi everyone,
Hope you all had a nice new year's.
Version 250 of systemd-networkd added support for a `RouteTable`
option in the `[WireGuard]` section of a `.netdev` config file. By
default, it is "main". When this happens, the allowed IPs from
configured peers are added to the system's main routing table using
the metric specified by the also added `RouteMetric` option.
This is pretty similar to wg-quick(8)'s behavior with its `Table`
option in the `[Interface]` section, except that it doesn't do
anything fancy for default routes or for routes that overlap with
configured endpoints.
This means that if you're currently using systemd-networkd v250 with
0.0.0.0/0 or ::/0 or similar in your allowed IPs, those allowed IPs
will be automatically added to the main routing table, which might
prove problematic for folks who are already manually doing fancy
fwmark things with systemd-networkd. If this applies to you, you may
want to set `RouteTable=off` explicitly.
At the moment, I suspect this mostly affects Arch Linux users who
followed fwmark instructions on their wiki.
Regards,
Jason
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-04 15:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-04 15:58 PSA: systemd-networkd v250 adds routes from allowedips by default Jason A. Donenfeld
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).