Re: Debian-based configuration for wireguard

[Egbert Verhage <egbert@eggiecode.org>]

Hey dkg,
 

On Mon, 2017-07-10 at 17:20 -0400, Daniel Kahn Gillmor wrote:
> 
> thanks for these pointers, Egbert!
> 
> i have a few questions about the proposed modification for ifupdown:
> 
>  * do we really want this to be a new interface type instead of
>    extending the capabilities of some other configuration type?
Was easy for me to recognize the wireguard interface as a config type
in a network/interface config.
And wanted to learn how the package of ifupdown work.
> 
>  * if we can't just extend an existing type, wireguard seems more
>    analogous to the "tunnel" type than to the "static" type, which is
>    what this seems to have evolved from.
Indeed it is just a copy of the static type and I have not seen the
tunnel type.
> 
>  * it looks to me like configuring a wireguard link this way will
>    require an entry in /etc/network/interfaces (or interfaces.d)
> *and* a
>    config file in /etc/wireguard/*.conf.  It seems like it would be
>    cleaner to have all the configuration in one place, no?
Yes I would be cleaner, but the config of wg can change so I have keep
it separate.
> 
>  * would you consider submitting these changes to ifupdown in the
> debian
>    BTS?  Is there a reason that they should remain in your PPA?
Nop, just a proof of concept (My case used with ansible to rollout ~10
machines). 
> 
> fwiw, some of us do also run debian systems without ifupdown these
> days.
> I'm looking forward to systemd-networkd integration personally :)
Me to, I hope in the next ubuntu lts ifupdown has been replaced with
systemd-networkd. Then works _network-online.target_ proper in a
systemd service. (And ofc the wg is in the main stream kernel).

I made the update to ifupdown when wg-quick was not around.
Besides that, the only thing I don't like about wg-quick if you put
0.0.0.0 in the AllowedIPs it automaticly make a default route to the wg
endpoint.

Greetz,
Egbert