[WireGuard] Comments on wgserver.service

Bruno Wolff III bruno at wolff.to
Wed Jul 6 17:19:11 CEST 2016 

On Wed, Jul 06, 2016 at 16:33:02 +0200,
  "Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
>
>Thanks for your feedback on this. That's a good idea to call ip-link
>del first. I get that the - will make the error non-fatal, but will it
>also suppress writing the error message into journald?

I don't think so. I see 'Cannot find device "wg0"' that looks like it 
comes from that command. It doesn't show up in systemctl status output 
though.

>Please feel free to make wgserver.service into a more robust unit file
>and send patches (git-send-email), or make a few different unit files
>show casing different types of configurations. I'm not a huge systemd
>guy, so I just sort of threw that together haphazardly. It'd be nice
>also to see this integrated into systemd-networkd and the .network
>units. Are you involved with upstream at all? Interested in taking
>this integration work on?

After I hear back about the systemd bug, I'll submit a simple change 
for robustness.

Some of the other stuff seems situational and I'm not sure makes for 
great examples. If I figure out a standard way to make sure dns is 
available, I'll include something for that, since that would be 
reasonable to do by default. But that is beyond my current systemd 
knowledge.

I don't know systemd well at all. Based on your example and some reading, 
I know significantly more today than I did yesterday morning. I do some 
stuff for Fedora and once in a while I'll do a bisect to try to narrow 
down a problem I'm having with a kernel on my hardware. I'm not a kernel 
developer at all.

Wireguard caught my eye because of the timing. I was looking at trying to 
set up an ipsec tunnel in preperation for having my work desktop switching 
to a non-routable IP address. Working with wireguard looked easier than 
trying to figure out ipsec, even with having to build wireguard from source. 
Potentially I could get involved with packing wg on Fedora, but there isn't 
much point until the kernel part is upstream.

More information about the WireGuard mailing list