Fixing wg-quick's DNS= directive with a hatchet
Kalin KOZHUHAROV
me.kalin at gmail.com
Thu Oct 26 01:37:53 CEST 2017
On Thu, Oct 26, 2017 at 12:43 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> The hatchet works as follows. On interface addition:
>
> # echo nameserver 1.2.3.4 > /etc/resolv.conf.wg-quick.wg0
> # [ -f /etc/resolv.conf ] || touch /etc/resolv.conf
> # mount -o ro --bind /etc/resolv.conf.wg-quick.wg0 /etc/resolv.conf
> # unlink /etc/resolv.conf.wg-quick.wg0
>
> On interface removal:
>
> # umount /etc/resolv.conf
>
O, I love it! (didn't know you can --bind mount to a file, BTW)
I am sure someone will scream along the way, so jut document it and
put a short notice in a comment inside /etc/resolv.conf as to what is
going on.
And make it optional for people who (pretend to) have control over
their systems.
And can you briefly remind me why do you need to bother with the
resolv settings?
May be this is only valid for "use-only-VPN", e.g. laptop in China?
> Can anybody think of any potential issues with this?
>
* See if there is another mount, before doing it, i.e. check for the
hatchet before using it?
* Not sure anyone will hit the corner case of needing to umount /etc
while wireguard is running, but who knows.
Cheers,
Kalin.
More information about the WireGuard
mailing list