On 14.02.2024 11:55, Julian Zielke wrote:
Hi,
is there a possibility to only add the routes from allowed-ips to the kernel
routing table after the peer has connected?
This directly contradicts your next statement
Because since the tunnel itself is stateless, there is no way for me to make
use of OSPF to route packets to a selective server running a tunnel to the same
endpoint (for loadbalancing and multi-wan reasons).
As you write yourself, WireGuard protocol is stateless, there is no
connection at all. The closest thing to the "connection" is successful
handshake which runs periodically. There does not appear to be any
notification when it happens, so at most one could poll wireguard
interface for the "last handshake time" and assume "connection loss" if
it has not been updated for long enough. I do not think anything like
this is currently implemented.
