WireGuard in systemd-networkd

Jason A. Donenfeld Jason at zx2c4.com
Tue Jan 9 18:38:59 CET 2018

Hey Dan,

On Tue, Jan 9, 2018 at 4:20 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> very cool!  systemd-networkd end up invoking wg(8)?  or does it interact
> with the kernel directly?

We taught systemd to talk the generic netlink protocol --useful for
all sorts of new things cropping up in the kernel -- and then after
that we taught it to talk wireguard, which builds on top of generic
netlink. And, it doesn't introduce any build-time dependencies into
systemd-networkd. So it's there for people who want it and not there
for those who don't. I think this is the right approach for
Linux-centric approaches like systemd.

> if doesn't need wg(8), then once the new release of systemd is made, we
> may want to change the dependency recommendations for the wireguard
> kernel module packages.

Maybe? I'm not quite sure what the Debian semantics for
recommendations are. If additional recommendations crowd out existing
recommendations, or introduce some kind of automatic selection logic
where only one has to be satisfied in an install-recommendations mode,
then I'd be hesitant. The reason is that wg(8) allows users to see
what's going on with the wireguard interface, whereas networkd only
enables setting up the interface but after doesn't give much
visibility into what's going on. So all users who run wireguard
probably want wg(8), and only some users who run wireguard
additionally will want systemd-networkd. But as I said, I don't know
what the Debian recommendations are supposed to be precisely, so you
can decide this better than me.

>> Next up - anybody interested in providing support for NetworkManager?
> iirc, NetworkManager imports a big chunk of systemd in each release
> (yuck embedded code copies).  maybe it'll import the relevant wireguard
> bits as well?  that would probably make the NM work an easier lift.

Oh, cool, I didn't realize that. Thanks for the pointer. I'll poke
around to see what they import.


More information about the WireGuard mailing list