OSPF wireguard fallback

chrono chrono at open-resource.org
Thu May 3 17:37:29 CEST 2018


>> $ wg-quick up wg0
>> [#] ip link add wg0 type wireguard
>> [#] wg setconf wg0 /dev/fd/63
>> [#] ip address add 172.23.3.2/29 dev wg0
>> [#] ip link set mtu 1420 dev wg0
>> [#] ip link set wg0 up
>> [#] wg set wg0 fwmark 51820
>> [#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
>> [#] ip -4 rule add not fwmark 51820 table 51820
>> [#] ip -4 rule add table main suppress_prefixlength 0
>> Error: argument "suppress_prefixlength" is wrong: Failed to parse rule
>> type
>> [#] ip -4 rule delete table 51820
>> [#] ip link delete dev wg0
>> 
>> wg0 simply not coming up
> 
> Ah, this is because wg-quick tries to also set a kernel route for
> 0.0.0.0/0 over the interface. That is not what you want here. I think
> you may have to stop using wg-quick for this setup, and set up the
> wireguard interface in a different way... You can remove the options
> that the normal wg binary doesn't understand from the config file (DNS
> and IP address configuration, mainly), and set it up with that, then
> configure the IP addresses manually (or with a script). Alternatively,
> you can use systemd to setup the whole thing...

Yeah, that was my presumption as well, that wireguard would mess with my
routes when AllowedIPs is anything else than 172.23.3.x, that's why I 
had
it restricted to it as a "fix". I didn't realize it wasn't wg as such,
but a consequence of wg-quick usage. I'll do my homework how to manually
setup the interfaces and test again to see if that does the trick.
Thanks guys, for all your help and inputs! <3


More information about the Bird-users mailing list