Probably worth having a poke around the source code for wg-quick; it's just bash, and it can really show you what's happening far better than I can! :)
If you have a look at the "up" and "down" commands in there, you should learn everything you need to know. E -------------------------------------------- Q: Why is this email five sentences or less? A: http://five.sentenc.es On Sun, 30 Aug 2020, at 21:55, Aaron Bolton wrote: > What would be best way to bring up and down the wireguard interface > without using wg-quick > > -----Original Message----- > From: Eric Light <[email protected]> > Sent: 30 August 2020 10:01 > To: Aaron Bolton <[email protected]> > Cc: [email protected] > Subject: Re: AllowedIPs > > Ah yep, I haven't done that before, but Quagga has made many appearance > on this list... And you're right, that's pretty much the time when > folks stop working with wg-quick! :-D > > Good luck! > > E > > -------------------------------------------- > Q: Why is this email five sentences or less? > A: http://five.sentenc.es > > On Sun, 30 Aug 2020, at 20:56, Aaron Bolton wrote: > > Yes, this does thanks > > > > I plan on using Quagga for BGP over WireGuard tunnels so I guess I > > need to avoid wg-quick if that makes changes to the routing table and > > firewall as I want to manage those my self > > > > > On 30 Aug 2020, at 00:16, Eric Light <[email protected]> wrote: > > > > > > I believe it's both, in a way. > > > > > > As far as wg is concerned, the AllowedIPs is effectively an ACL. > > > Any traffic hitting your wireguard interface from an IP not within > > > the AllowedIPs will either be dropped on decryption, or won't even > > > be decrypted. (It's one of these, but I can't remember which) > > > > > > On top of that, wg-quick interprets the AllowedIPs string and does other > > > things, such as adding appropriate network routing (the second part of > > > your guess), as well as modifying any client firewall rules to permit the > > > traffic. > > > > > > Hope this helps :) > > > > > > E > > > > > > -------------------------------------------- > > > Q: Why is this email five sentences or less? > > > A: http://five.sentenc.es > > > > > >> On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote: > > >> I’m trying to understand AllowedIPs better is it effectively a ACL > > >> that day what is allowed down the tunnel or is it mechanism to > > >> configure what addresses get routed down the tunnel? > > >> > > >> Thanks in advance > > >> > > > >
