wg-quick add_route

wg-quick add_route

[Lucian Cristian]

Hi Jason,

I'm using wireguard in some mixed topology and until now I've had LEDE 
routers as clients but now I would like to add some CENTOS(and other 
distros) clients too.

On LEDE there is an option "Create routes for Allowed IPs for this peer" 
that is off by default, but in wg-quick this thing is not optional and 
the routes are created by default, so if I would like to allow 
10.0.0.0/8 it would create default route for all 10.0.0.0/8 to wg 
interface and I don't want that.

I would like to use dynamic routing (rip+eigrp) for routing, if you 
could add an entry to peers not to add default route to allowed ip would 
be great

until then I've disabled add_route rule in the script

Regards

Fwd: wg-quick add_route

[Lucian Cristian]

[-- Attachment #1: Type: text/plain, Size: 1146 bytes --]

coming back with this

is ok if I make a patch to add an option for this situation ?

keep the default as it is and if the let's say NOT_DEFAULT=true, to skip 
the add_route or something like this

Regards!
-------- Forwarded Message --------
Subject: 	wg-quick add_route
Date: 	Wed, 12 Jul 2017 20:53:01 +0300
From: 	Lucian Cristian <luci@createc.ro>
To: 	WireGuard mailing list <wireguard@lists.zx2c4.com>, jason A. 
Donenfeld <Jason@zx2c4.com>



Hi Jason,

I'm using wireguard in some mixed topology and until now I've had LEDE
routers as clients but now I would like to add some CENTOS(and other
distros) clients too.

On LEDE there is an option "Create routes for Allowed IPs for this peer"
that is off by default, but in wg-quick this thing is not optional and
the routes are created by default, so if I would like to allow
10.0.0.0/8 it would create default route for all 10.0.0.0/8 to wg
interface and I don't want that.

I would like to use dynamic routing (rip+eigrp) for routing, if you
could add an entry to peers not to add default route to allowed ip would
be great

until then I've disabled add_route rule in the script

Regards


[-- Attachment #2: Type: text/html, Size: 2376 bytes --]

Re: wg-quick add_route

[Jason A. Donenfeld]

Hey Lucian,

If you're using WireGuard for real purposes and not just for a quick
"turn it on turn it off" situation with a remote endpoint, then
wg-quick probably isn't the right tool for you. Instead, I think
you'll be better off just calling wg(8) and ip(8) normally.

The usage of WireGuard in general is supposed to be trivial enough
that you can script this without too much fuss. After all, wg-quick
itself is just a silly little bash script trivially wrapping some
common functionality.

I think if we go down the road of adding a nob for every possible
configuration, you'll wind up having to spend time learning about
which nobs map to which sequence of commands, which will be more
complex than just doing it yourself.

So, I think probably I wouldn't accept such a patch, and you'd be
better off just scripting 4 lines yourself:

ip link add wg0 type wireguard
wg setconf wg0 path/to/conf.conf
ip addr add 10.0.0.1/24 dev wg0
ip link set wg0 up

Especially if you're using rip+eigrp, you already know what you're
doing, and this shouldn't be too difficult for you.

I'm happy to bikeshed this if you'd like; other opinions are always
interesting. But my initial instinct is that needless complexity is
needless.

Jason

Re: wg-quick add_route

[Lucian Cristian]

On 27.10.2017 22:48, Jason A. Donenfeld wrote:
> Hey Lucian,
>
> If you're using WireGuard for real purposes and not just for a quick
> "turn it on turn it off" situation with a remote endpoint, then
> wg-quick probably isn't the right tool for you. Instead, I think
> you'll be better off just calling wg(8) and ip(8) normally.
>
> The usage of WireGuard in general is supposed to be trivial enough
> that you can script this without too much fuss. After all, wg-quick
> itself is just a silly little bash script trivially wrapping some
> common functionality.
>
> I think if we go down the road of adding a nob for every possible
> configuration, you'll wind up having to spend time learning about
> which nobs map to which sequence of commands, which will be more
> complex than just doing it yourself.
>
> So, I think probably I wouldn't accept such a patch, and you'd be
> better off just scripting 4 lines yourself:
>
> ip link add wg0 type wireguard
> wg setconf wg0 path/to/conf.conf
> ip addr add 10.0.0.1/24 dev wg0
> ip link set wg0 up
>
> Especially if you're using rip+eigrp, you already know what you're
> doing, and this shouldn't be too difficult for you.
>
> I'm happy to bikeshed this if you'd like; other opinions are always
> interesting. But my initial instinct is that needless complexity is
> needless.
>
> Jason

I Jason, I just liked how systemd integrated with wg-quick that's why I 
used it and if things are already this way in LEDE then why not have it 
in here too

if is not gonna happen is your call and I accept i but is just and if to 
the bash script, nothing in the core system

Regards