What would be best way to bring up and down the wireguard interface without using wg-quick
-----Original Message----- From: Eric Light <[email protected]> Sent: 30 August 2020 10:01 To: Aaron Bolton <[email protected]> Cc: [email protected] Subject: Re: AllowedIPs Ah yep, I haven't done that before, but Quagga has made many appearance on this list... And you're right, that's pretty much the time when folks stop working with wg-quick! :-D Good luck! E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Sun, 30 Aug 2020, at 20:56, Aaron Bolton wrote: > Yes, this does thanks > > I plan on using Quagga for BGP over WireGuard tunnels so I guess I > need to avoid wg-quick if that makes changes to the routing table and > firewall as I want to manage those my self > > > On 30 Aug 2020, at 00:16, Eric Light <[email protected]> wrote: > > > > I believe it's both, in a way. > > > > As far as wg is concerned, the AllowedIPs is effectively an ACL. > > Any traffic hitting your wireguard interface from an IP not within > > the AllowedIPs will either be dropped on decryption, or won't even > > be decrypted. (It's one of these, but I can't remember which) > > > > On top of that, wg-quick interprets the AllowedIPs string and does other > > things, such as adding appropriate network routing (the second part of your > > guess), as well as modifying any client firewall rules to permit the > > traffic. > > > > Hope this helps :) > > > > E > > > > -------------------------------------------- > > Q: Why is this email five sentences or less? > > A: http://five.sentenc.es > > > >> On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote: > >> I’m trying to understand AllowedIPs better is it effectively a ACL > >> that day what is allowed down the tunnel or is it mechanism to > >> configure what addresses get routed down the tunnel? > >> > >> Thanks in advance > >> >
