From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Chris <wireguard@spam-free.eu>
Cc: wireguard@lists.zx2c4.com
Subject: Re: wg-quick up (on linux) fails in case of several default routes
Date: Tue, 6 Oct 2020 15:47:52 +0200 [thread overview]
Message-ID: <CAHmME9pYFjNC+g85BNaaYUsVp9h5mxrGtGZwvZ-WRrSxXEHNgA@mail.gmail.com> (raw)
In-Reply-To: <79a4e995-763c-9724-02b7-81da87c0f88a@spam-free.eu>
On 10/6/20, Chris <wireguard@spam-free.eu> wrote:
> Hello Jason,
>
> setup is
> two default routes with diffenrent metrics (the second being the failover in
>
> case the lower metric connection goes down).
> For good reasons wg-quick will setup an individual route to the wg server
> (for
> the possibility of changing th default route afterwards).
> However wg-quick fails:
>
> ******log follows***********
> wg-quick up wg_client
> [#] ip link add wg_client type wireguard
> [#] wg setconf wg_client /dev/fd/63
> [#] ip -4 address add 10.0.129.200/24 dev wg_client
> [#] ip link set mtu 1420 up dev wg_client
> [#] GATEW=$(ip route list 0.0.0.0/0|sed -n 's/.* via \(.*\)
> dev.*/\1/p');route
> add s1.spam-free.eu gw $GATEW
> SIOCADDRT: No such device
Where did you get your wg-quick? I would never name a variable 'GATEW'
or print out an expression like that to the console. IOW, I don't
recognize what's happening here because this doesn't seem to be code
I've shipped.
> [#] ip link delete dev wg_client
> ******log end ***********
>
> The point is, that GATEW is NOT a single address but rather a list of ip
> addresses and the command setting the route fails.
>
> Instead one should always run through ALL default gateways and set
> individual
> routes to the server through ALL the default gateways with the same metric
> as
> the respective default route.
> This will then also work in case the failover route is in operation.
>
> Of course, tearing down the client should delete ALL individual routes to
> the
> server.
> Hope this clarifies is a bit.
>
> Cheers,
> Chris
>
> On 06/10/2020 14:20, Jason A. Donenfeld wrote:
>> On Mon, Oct 5, 2020 at 3:51 PM Chris <wireguard@spam-free.eu> wrote:
>>> wg-quick tries to set the route to the wg server through the default
>>> gateway.
>> On Linux? It shouldn't be iterating default gateways at all, but
>> rather using suppress_prefix. Can you provide more technical
>> information about what you're seeing and maybe a patch to fix the
>> issue?
>>
>> Jason
>
next prev parent reply other threads:[~2020-10-06 13:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <mailman.0.1601114111.20018.wireguard@lists.zx2c4.com>
2020-09-26 10:40 ` lineageos 17.1after autostart on boot tunnel not functioning Chris
2020-10-01 14:42 ` Chris
2021-07-14 5:49 ` Android: more than one tunnel Chris
2021-07-14 9:06 ` Simon McNair
2021-07-14 22:09 ` Eric Light
2021-07-14 23:55 ` iiiiiiiiiiii
2021-07-15 6:25 ` Chris
2020-10-01 15:24 ` lineageos 17.1 no incoming Chris
2020-10-05 13:51 ` wg-quick up (on linux) fails in case of several default routes Chris
2020-10-06 12:20 ` Jason A. Donenfeld
2020-10-06 13:33 ` Chris
2020-10-06 13:47 ` Jason A. Donenfeld [this message]
2020-10-06 13:54 ` Chris
2020-10-06 13:58 ` Jason A. Donenfeld
2020-10-06 17:51 ` Chris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9pYFjNC+g85BNaaYUsVp9h5mxrGtGZwvZ-WRrSxXEHNgA@mail.gmail.com \
--to=jason@zx2c4.com \
--cc=wireguard@lists.zx2c4.com \
--cc=wireguard@spam-free.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).