Maybe using the ip command, e.g. ip link set dev wg0 up/down? Cheers, Domi
> 2020. aug. 30. dátummal, 11:56 időpontban Aaron Bolton <[email protected]> írta: > > What would be best way to bring up and down the wireguard interface without > using wg-quick > > -----Original Message----- > From: Eric Light <[email protected]> > Sent: 30 August 2020 10:01 > To: Aaron Bolton <[email protected]> > Cc: [email protected] > Subject: Re: AllowedIPs > > Ah yep, I haven't done that before, but Quagga has made many appearance on > this list... And you're right, that's pretty much the time when folks stop > working with wg-quick! :-D > > Good luck! > > E > > -------------------------------------------- > Q: Why is this email five sentences or less? > A: http://five.sentenc.es > >> On Sun, 30 Aug 2020, at 20:56, Aaron Bolton wrote: >> Yes, this does thanks >> >> I plan on using Quagga for BGP over WireGuard tunnels so I guess I >> need to avoid wg-quick if that makes changes to the routing table and >> firewall as I want to manage those my self >> >>>> On 30 Aug 2020, at 00:16, Eric Light <[email protected]> wrote: >>> >>> I believe it's both, in a way. >>> >>> As far as wg is concerned, the AllowedIPs is effectively an ACL. >>> Any traffic hitting your wireguard interface from an IP not within >>> the AllowedIPs will either be dropped on decryption, or won't even >>> be decrypted. (It's one of these, but I can't remember which) >>> >>> On top of that, wg-quick interprets the AllowedIPs string and does other >>> things, such as adding appropriate network routing (the second part of your >>> guess), as well as modifying any client firewall rules to permit the >>> traffic. >>> >>> Hope this helps :) >>> >>> E >>> >>> -------------------------------------------- >>> Q: Why is this email five sentences or less? >>> A: http://five.sentenc.es >>> >>>> On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote: >>>> I’m trying to understand AllowedIPs better is it effectively a ACL >>>> that day what is allowed down the tunnel or is it mechanism to >>>> configure what addresses get routed down the tunnel? >>>> >>>> Thanks in advance >>>> >> >
