Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Wireguard Interface Configuration
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
sparks
Guru
Guru


Joined: 05 Mar 2003
Posts: 329
Location: Nashville, TN

PostPosted: Mon Feb 04, 2019 3:52 am    Post subject: Wireguard Interface Configuration Reply with quote

Let me preface this by saying my current configuration is working but it feels like a work around. I'm looking for advice on wireguard interface configuration. My existing config consists of a net.wg0 symlink to net.lo added to the default run time and a null config_wg0 in conf.d/net followed by the majority of the configuration in preup/postup stanzas.

Is there a better way to do this?

Code:

$ ls -la /etc/init.d/net.*
lrwxrwxrwx 1 root root     6 Jan 25 15:22 /etc/init.d/net.eth0 -> net.lo
-rwxr-xr-x 1 root root 18514 Feb 22  2018 /etc/init.d/net.lo
lrwxrwxrwx 1 root root     6 Jan 29 15:05 /etc/init.d/net.wg0 -> net.lo


Code:
config_eth0="dhcp"
dns_servers="127.0.0.1"
dhcp="nodns"

config_wg0="null"

preup() {
    [ "${IFACE}" == "wg0" ] || return 0
    ewarn "Configuring ${IFACE}"
    ip link add dev wg0 type wireguard
    ip address add 10.254.254.1 peer 10.254.254.2 dev wg0
    wg setconf wg0 /etc/wireguard/wg0.conf
    return 0
}

postup() {
    [ "${IFACE}" == "wg0" ] || return 0
    echo 1 > /proc/sys/net/ipv4/conf/wg0/forwarding
    ip route add 10.11.12.0/24 via 10.254.254.2 dev wg0
    ip route add 172.16.17.0/24 via 10.254.254.2 dev wg0
    return 0
}

postdown() {
    [ "${IFACE}" == "wg0" ] || return 0
    ip link del dev wg0
    return 0
}

_________________
True trade is honest, but not merciful. Politics is dishonest, no matter how merciful... and war is neither honest nor merciful.... therefore, choose trade above politics, but politics above war.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5595

PostPosted: Mon Feb 04, 2019 6:55 am    Post subject: Reply with quote

My setup's a bit different (runit instead of openrc, wg0 and user in an isolated namespace) but the meat of it's very similar to what you have. I run setconf first and all the addr/route commands after bringing the interface up but I don't think the order of those matters too much.

You may want to do rc_need="net-online" in conf.d/net.wg0 to ensure the physical layer is up first. The order matters if you're going to use DNS names in wg0.conf, but it's still a good idea to prevent race conditions in any case.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum