You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running wg-quick up <config> for configs containing the following keys causes errors:
DNS = …: the wg-quick script tries to call resolvconf, which is not available on the base system nor on Entware. The system’s DNS seems to be managed by systemd, so we would need to have resolvectl installed and symlink resolvconf to resolvectl for this to work.
AllowedIPs = …/0: using a wildcard in the AllowedIPs field causes the script to try using some tricks relying on policy-based routing to make all packets go through the WireGuard interface. I’m not sure why this is needed. In any case, the ip command bundled in BusyBox does not seem to be able to configure policy-based routing, which is what causes the error we’re seeing.
To fix these issues, we could:
Patch the wg-quick script to inform users that the said keys are not supported.
Patch the wg-quick to use a workaround for honoring those keys.
Provide the missing utilities in some Toltec package.
The text was updated successfully, but these errors were encountered:
The ip-full package from Entware provides a full-featured ip command supporting policy based routing. The following command, issued by wg-quick, fails, though (which suggests that the kernel does not support it).
[#] ip -4 rule add not fwmark 51820 table 51820
RTNETLINK answers: Operation not supported
Continuing the investigation around wildcards in the AllowedIPs field: before it was changed to rely on policy based routing, the script used to create two /1 routes and invoke an utility called tungate to enforce the routing of packets through these routes. Note that this is IPv4 only, but the comments say it should be easy to adapt to IPv6.
Running
wg-quick up <config>
for configs containing the following keys causes errors:DNS = …
: thewg-quick
script tries to callresolvconf
, which is not available on the base system nor on Entware. The system’s DNS seems to be managed by systemd, so we would need to have resolvectl installed and symlink resolvconf to resolvectl for this to work.AllowedIPs = …/0
: using a wildcard in the AllowedIPs field causes the script to try using some tricks relying on policy-based routing to make all packets go through the WireGuard interface. I’m not sure why this is needed. In any case, theip
command bundled in BusyBox does not seem to be able to configure policy-based routing, which is what causes the error we’re seeing.To fix these issues, we could:
wg-quick
script to inform users that the said keys are not supported.wg-quick
to use a workaround for honoring those keys.The text was updated successfully, but these errors were encountered: