WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Chris <wireguard@spam-free.eu>
Cc: wireguard@lists.zx2c4.com
Subject: Re: wg-quick up (on linux) fails in case of several default routes
Date: Tue, 6 Oct 2020 15:47:52 +0200
Message-ID: <CAHmME9pYFjNC+g85BNaaYUsVp9h5mxrGtGZwvZ-WRrSxXEHNgA@mail.gmail.com> (raw)
In-Reply-To: <79a4e995-763c-9724-02b7-81da87c0f88a@spam-free.eu>

On 10/6/20, Chris <wireguard@spam-free.eu> wrote:
> Hello Jason,
>
> setup is
> two default routes with diffenrent metrics (the second being the failover in
>
> case the lower metric connection goes down).
> For good reasons wg-quick will setup an individual route to the wg server
> (for
> the possibility of changing th default route afterwards).
> However wg-quick fails:
>
> ******log follows***********
> wg-quick up wg_client
> [#] ip link add wg_client type wireguard
> [#] wg setconf wg_client /dev/fd/63
> [#] ip -4 address add 10.0.129.200/24 dev wg_client
> [#] ip link set mtu 1420 up dev wg_client
> [#] GATEW=$(ip route list 0.0.0.0/0|sed -n 's/.* via \(.*\)
> dev.*/\1/p');route
> add s1.spam-free.eu gw $GATEW
> SIOCADDRT: No such device

Where did you get your wg-quick? I would never name a variable 'GATEW'
or print out an expression like that to the console. IOW, I don't
recognize what's happening here because this doesn't seem to be code
I've shipped.


> [#] ip link delete dev wg_client
> ******log  end  ***********
>
> The point is, that GATEW is NOT a single address but rather a list of ip
> addresses and the command setting the route fails.
>
> Instead one should always run through ALL default gateways and set
> individual
> routes to the server through ALL the default gateways with the same metric
> as
> the respective default route.
> This will then also work in case the failover route is in operation.
>
> Of course, tearing down the client should delete ALL individual routes to
> the
> server.
> Hope this clarifies is a bit.
>
> Cheers,
> Chris
>
> On 06/10/2020 14:20, Jason A. Donenfeld wrote:
>> On Mon, Oct 5, 2020 at 3:51 PM Chris <wireguard@spam-free.eu> wrote:
>>> wg-quick tries to set the route to the wg server through the default
>>> gateway.
>> On Linux? It shouldn't be iterating default gateways at all, but
>> rather using suppress_prefix. Can you provide more technical
>> information about what you're seeing and maybe a patch to fix the
>> issue?
>>
>> Jason
>

  reply index

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <mailman.0.1601114111.20018.wireguard@lists.zx2c4.com>
2020-09-26 10:40 ` lineageos 17.1after autostart on boot tunnel not functioning Chris
2020-10-01 14:42   ` Chris
2020-10-01 15:24 ` lineageos 17.1 no incoming Chris
2020-10-05 13:51 ` wg-quick up (on linux) fails in case of several default routes Chris
2020-10-06 12:20   ` Jason A. Donenfeld
2020-10-06 13:33     ` Chris
2020-10-06 13:47       ` Jason A. Donenfeld [this message]
2020-10-06 13:54         ` Chris
2020-10-06 13:58           ` Jason A. Donenfeld
2020-10-06 17:51             ` Chris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHmME9pYFjNC+g85BNaaYUsVp9h5mxrGtGZwvZ-WRrSxXEHNgA@mail.gmail.com \
    --to=jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    --cc=wireguard@spam-free.eu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git