[WireGuard] Comments on wgserver.service

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bruno Wolff III <bruno@wolff.to>
To: WireGuard@lists.zx2c4.com
Subject: [WireGuard] Comments on wgserver.service
Date: Wed, 6 Jul 2016 07:04:10 -0500	[thread overview]
Message-ID: <20160706120410.GA765@wolff.to> (raw)

While wgserver.service is going to need some customization for each 
instance, there are a couple of things you might want to change in the 
example.

If for whatever reason wgserver is left setup, starting and restarting 
the service will fail until the device is manually removed.
Adding the following as the first ExecStart will help:
ExecStart=-/bin/ip link del dev wgserver
That will attempt to clean up any left over device as part of the 
startup process. Which will keep:
ExecStartPre=/usr/sbin/ip link add dev wg0 type wireguard
from failing (exit status 2 if the device already exists) and aborting 
the service startup.

Also according to the systemd documentation, ExecStopPost commands are 
supposed to be run when starting fails. It doesn't seem to actually work 
this way on Fedora and I have filed a bug about it. But it may still 
be better to change:
ExecStop=/bin/ip link del dev wgserver
To:
ExecStopPost=/bin/ip link del dev wgserver

Another note, that I'm not sure there is a standard fix for, but might 
be worth throwing in something for, is that if your config has a host 
name in it, you need functioning DNS when the service starts. And hence 
one may want to add Requires= and After= for a DNS service in some cases.

The example was helpful to me in figuring out the service files I am 
actually using on my two endpoints.

next             reply	other threads:[~2016-07-06 12:04 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-06 12:04 Bruno Wolff III [this message]
2016-07-06 14:33 ` [WireGuard] Comments on wgserver.service Jason A. Donenfeld
2016-07-06 15:19   ` Bruno Wolff III
2016-07-06 15:22     ` Jason A. Donenfeld
2016-07-06 15:47       ` Bruno Wolff III
2016-07-06 15:58         ` Jason A. Donenfeld
2016-07-06 15:28   ` Daniel Kahn Gillmor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160706120410.GA765@wolff.to \
    --to=bruno@wolff.to \
    --cc=WireGuard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.