path: root/src/tools/wg-quick/linux.bash (follow)
Commit message (Collapse)AuthorAgeFilesLines
* wg-quick: linux: use already configured addresses instead of in-memoryJason A. Donenfeld2019-12-171-6/+6
| | | | | | | | | | The ADDRESSES array might not have addresses added during PreUp. But moreover, nft(8) and iptables(8) don't like ip addresses in the form somev6prefix::someipv4suffix, such as fd00::, while ip(8) can handle it. So by adding these first and then asking for them back, we always get normalized addresses suitable for nft(8) and iptables(8). Reported-by: Silvan Nagl <mail@53c70r.de>
* wg-quick: linux: try both iptables(8) and nft(8) on teardownJason A. Donenfeld2019-12-121-1/+2
| | | | | | | Daniel argues that technically a package manager could install nft(8) after previously having started wg-quick(8) using iptables(8). Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* wg-quick: linux: support older nft(8)Jason A. Donenfeld2019-12-121-5/+5
| | | | | | Older nft(8), such as that on Ubuntu, does not accept the - parameter to the -f argument and doesn't accept symbolic priority names. So instead use the canonical numeric priority forms and use <(echo) instead of -.
* wg-quick: linux: add support for nft and prefer itJason A. Donenfeld2019-12-121-20/+39
| | | | | | If nft(8) is installed, use it. These rules should be identical to the iptables-restore(8) ones, with the advantage that cleanup is easy because we use custom table names.
* wg-quick: linux: ignore save warnings for iptables-nftJason A. Donenfeld2019-12-061-1/+1
* wg-quick: linux: suppress more warnings on weird kernelsJason A. Donenfeld2019-12-061-4/+4
* wg-quick: linux: some iptables don't like empty linesJason A. Donenfeld2019-12-051-6/+6
| | | | Reported-by: Kenneth R. Crudup <kenny@panix.com>
* wg-quick: linux: iptables-* -w is not widely supportedJason A. Donenfeld2019-12-051-2/+2
* wg-quick: linux: have remove_iptables return trueJason A. Donenfeld2019-12-051-1/+1
| | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
* wg-quick: linux: ensure postdown hooks executeJason A. Donenfeld2019-12-051-2/+2
| | | | Reported-by: Thomas Sattler <sattler@med.uni-frankfurt.de>
* wg-quick: linux: suppress error when finding unused tableJason A. Donenfeld2019-11-271-1/+1
* wg-quick: linux: filter bogus injected packets and don't disable rpfilterJason A. Donenfeld2019-11-271-8/+29
* wg-quick: linux: only touch net.ipv4 for v4Jason A. Donenfeld2019-11-261-3/+5
* wg-quick: linux: don't fail down when using systemd-resolvedRonan Pigott2019-08-271-1/+1
| | | | | | | | | | | | | | | | systemd-resolved has a compatibility interface for use with resolvconf scripts when resolvectl is called from a symlink from resolvconf. However, when tearing down the interface, cmd_down calls del_if and then unset_dns. In the case of systemd-resolved, deleting the interface also removes the systemd-resolved entry and causes resolvconf -d to fail when resolvconf really is a symlink to resolvectl. This causes `wg-quick down` and 'wg-quick@.service' to exit with failure. Instead we use the resolvconf '-f' flag to ignore non-existent interfaces, supported by both openresolv and sd-resolved resolvconf. Signed-off-by: Ronan Pigott <rpigott@berkeley.edu> [zx2c4: moved -f argument to end to remain compatible with Debian's resolvconf]
* wg-quick: specify protocol to ip(8), because of inconsistenciesJason A. Donenfeld2019-05-291-3/+7
* wg-quick: look up existing routes properlyJason A. Donenfeld2019-05-291-1/+1
| | | | | | This was never really correct, and then 5.1 broke it entirely. Reported-by: piraty1@inbox.ru
* wg-quick: add 'strip' subcommandLuis Ressel2019-03-231-1/+9
| | | | | | | | | `wg-quick strip` prints the config file to stdout after stripping it of all wg-quick-specific options. This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`. Signed-off-by: Luis Ressel <aranea@aixah.de>
* global: update copyrightJason A. Donenfeld2019-01-071-1/+1
* wg-quick: bring interface up while setting MTUAaron Jones2018-12-181-9/+4
| | | | | | | This avoids another ip(8) invocation for little benefit. Confirmed to work with iproute2 and busybox. Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
* wg-quick: check correct variable for route deduplicationJason A. Donenfeld2018-08-211-1/+1
| | | | Reported-by: John Sager <john@sager.me.uk>
* wg-quick: use invoking shell in auto rootingJason A. Donenfeld2018-05-161-1/+1
* wg-quick: add intentionally undocumented userspace implementation knobJason A. Donenfeld2018-05-161-2/+2
| | | | | | This knob might disappear at some point, and we don't want to encourage its use, so it's not being documented, but this should help with development of new implementations.
* wg-quick: darwin: use bash from environment and require bash 4+Jason A. Donenfeld2018-05-161-10/+10
| | | | | | For properly configured Homebrew installations /usr/local/bin should be before /bin, so this should still work. This allows the script to be used in more than one setting.
* tools: reorganize for multiplatform wg-quickJason A. Donenfeld2018-05-141-0/+334