openwrt route_allowed_ips is inprecise

Dan Lüdtke mail at
Tue Dec 20 09:52:04 CET 2016

Regarding the initial preciseness issue, have you tested that on LEDE? I can't manage to get duplicate routes. However, outdated testing environment. Will rebuild and test again. I can't quite understand what the initial issue was. Wouldn't you get a "rtnetlink: file exists" when you try to add an route that already exists?

This also can only occur if someone uses static routes AND decides to use route_allowed_ips, right?

>> This is pretty straightforward with netlink
> No, it's much less straight-forward with raw netlink. Raw netlink
> involves hundreds of lines of code to do anything at all. A real mess.
> Fortunately there are wrapper libraries you can use from various
> languages to make it easier.

True. I was referring to the auto-route option I read on LKML a while ago. Of course, when done from userspace, netlink is not the ideal way. 

>> Regarding LEDE, netifd should track the routes being added and the extra routes do not really do harm.
> Alright then...
> Speaking of netifd, did you ever fix that netifd issue with the IP dependency?

I am on it. First version did add dependency for both protocols if the endpoint name had A and AAAA records. However, I find it cleaner to check which endpoint wg chose to use and only add that IP address as an depedency. Patch/PR comes when I am satisfied with stability.

More information about the WireGuard mailing list