bypass wireguard VPN (wgphys sample script help needed)
Helle Vaanzinn
glitsj16 at riseup.net
Mon May 22 06:37:47 CEST 2017
Hi, I've been testing wireguard as a replacement for openvpn for a while now
and it's doing very well indeed. In no way a skilled networking/routing person,
as a 'regular' user I was looking for a simple scripted way to start/stop a VPN
tunnel and occasionally bypassing that when needed. Wireguard's
`wg-quick` very much does its magic for people like me. I use it in a
basic setup in which all traffic gets routed via the wireguard
interface. Works great. The only piece missing in this simple puzzle is
a way to selectively bypass the tunnel.
While digesting https://www.wireguard.io/netns/ I came across the `wgphys`
sample script and realized that was exactly what I'm looking for. So I pasted the wgphys code into a bash script and exchanged eth0/wlan0 with enp4s0/wlp2s0
(which are used on my Arch Linux box). All set or so I thought :) Running it via
sudo the `wgphys`script complains about unrecognized config settings. Address, PostUp, PostDown, SaveConfig lines from /etc/wirgeuard/wgvpn0.conf spit out config parser errors. I can comment those out but it still doesn't work as expected.
Alas, my current skill-set is way too limited to solve this reliably on my own.
I do realize wireguard is still in full development and the `wgphys`
code probably got outdated along the way. So here's my question: how
would a 'bypass wireguard vpn script for dummies' look like when using
the latest wg-quick from snapshot 0.0.20170517?
Regards, Helle
= = =
server box:
- - - - - - - - - - -
$ sudo cat /etc/wireguard/wg0-server.conf
[Interface]
Address = 10.192.122.1/24
ListenPort = 51820
PrivateKey = <redacted>
SaveConfig = true
[Peer]
AllowedIPs = 10.192.122.2/32
Endpoint = <redacted>
PresharedKey = <redacted>
PublicKey = <redacted>
client box:
- - - - - - - - - - -
$ sudo cat /etc/wireguard/wgvpn0.conf
[Interface]
Address = 10.192.122.2/32
ListenPort = 21841
PrivateKey = <redacted>
SaveConfig = false
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = <redacted>
PersistentKeepalive = 25
PresharedKey = <redacted>
PublicKey = <redacted>
More information about the WireGuard
mailing list