wg-quick (script snippets) for OpenWRT/LEDE

wg-quick (script snippets) for OpenWRT/LEDE

[vtol]

[-- Attachment #1: Type: text/html, Size: 1304 bytes --]

Aw: wg-quick (script snippets) for OpenWRT/LEDE

[vtol]

remailing in plain text 

Hi,

it appears that wg-quick is not provided for OpenWRT/LEDE.

The reason is not really clear to me. As far I understand wg-quick depends on BASH whilst the default shell in OpenWRT/LEDE is ASH.
This however can be easily remidied by installing the BASH package from the OpenWRT/LEDE repo.

OpenWRT/LEDE is utilising netifd for network configuration which is lacking th3 versatility of wg-quick with there script snippets

PRE_UP=( )
POST_UP=( )
PRE_DOWN=( )
POST_DOWN=( )

Is there a way to get those script snippets working in OpenWRT/LEDE as such is required in dynamic/split/kill-switch routing scenarios.

OpenVPN provides a similar script functionality which is however not stripped on the OpenWRT/LEDE repo, respectively it does not require an extra tool package. I find it rather curious that the aforementioned script snippets are not part of wg but rather implemented in wg-quick which then is absent from OpenWRT/LEDE.

Re: wg-quick (script snippets) for OpenWRT/LEDE

[Yousong Zhou]

On 3 April 2018 at 23:19,  <vtol@gmx.net> wrote:
> Hi,
>
> it appears that wg-quick is not provided for OpenWRT/LEDE.
>
> The reason is not really clear to me. As far I understand wg-quick depends
> on BASH whilst the default shell in OpenWRT/LEDE is ASH.
> This however can be easily remidied by installing the BASH package from the
> OpenWRT/LEDE repo.
>
> OpenWRT/LEDE is utilising netifd for network configuration which is lacking
> th3 versatility of wg-quick with there script snippets
>
> PRE_UP=( )
> POST_UP=( )
> PRE_DOWN=( )
> POST_DOWN=( )
>

POST_UP and POST_DOWN is possible with hotplug scripts in OpenWrt, but
the PRE_xx callback is currently not possible.  As a temporary
workaround, you can try patching locally /lib/netifd/proto/wg.sh to
achieve similar effects, or wrapping wg command with a script (hacky
wacky way)

> Is there a way to get those script snippets working in OpenWRT/LEDE as such
> is required in dynamic/split/kill-switch routing scenarios.
>

Just try installing all those dependencies wg-quick requires, though
after you know enough details about the wg-quick script, you may well
just write your own stripped down version for your own needs.

> OpenVPN provides a similar script functionality which is however not
> stripped on the OpenWRT/LEDE repo, respectively it does not require an extra
> tool package. I find it rather curious that the aforementioned script
> snippets are not part of wg but rather implemented in wg-quick which then is
> absent from OpenWRT/LEDE.
>

OpenVPN and WireGuard is different in this regard.  OpenVPN has a
daemon running while WireGuard depends on the network manager to do
the maintenance things.

                yousong

Re: wg-quick (script snippets) for OpenWRT/LEDE

[Jason A. Donenfeld]

Hello vtol,

OpenWRT has its own robust configuration system, which can do nice
things like avoid circular routing. For that reason, the set of tricks
that wg-quick uses are best avoided on those types of fully-managed
systems. That's why it's not included in the package. Perhaps it
should be, though, for people who would prefer to use quick ad-hoc
VPNs? Have you tried running it with any success?

As mentioned here, you may be able to replace some of the UP/DOWN
hooks with hotplug scripts, or possibly other hooks that are part of
the OpenWRT system. If nobody pipes up here, you might want to ask a
generic question on the OpenWRT list about generally how to execute
scripts on events in relation to network interfaces.

Jason

wg-quick (script snippets) for OpenWRT/LEDE

[ѽ҉ᶬḳ℠]

Since I was explicitly directed to this mailing list I has hoped for=20
some input from the developers or perhaps other users of WG. Thus I am=20
bit at a loss at the scarcity of a response.