AllowedIPs

[Aaron Bolton]

Perfect :) thanks I didn't realise it was just a bash file 

-----Original Message-----
From: Eric Light <eric at ericlight.com> 
Sent: 30 August 2020 11:04
To: Aaron Bolton <aaron at bukn.net>
Cc: wireguard at lists.zx2c4.com
Subject: Re: AllowedIPs

Probably worth having a poke around the source code for wg-quick; it's just bash, and it can really show you what's happening far better than I can! :) 

If you have a look at the "up" and "down" commands in there, you should learn everything you need to know. 

E

--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es

On Sun, 30 Aug 2020, at 21:55, Aaron Bolton wrote:
> What would be best way to bring up and down the wireguard interface 
> without using wg-quick
> 
> -----Original Message-----
> From: Eric Light <eric at ericlight.com>
> Sent: 30 August 2020 10:01
> To: Aaron Bolton <aaron at bukn.net>
> Cc: wireguard at lists.zx2c4.com
> Subject: Re: AllowedIPs
> 
> Ah yep, I haven't done that before, but Quagga has made many 
> appearance on this list... And you're right, that's pretty much the 
> time when folks stop working with wg-quick!  :-D
> 
> Good luck!
> 
> E
> 
> --------------------------------------------
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> 
> On Sun, 30 Aug 2020, at 20:56, Aaron Bolton wrote:
> > Yes, this does thanks
> > 
> > I plan on using Quagga for BGP over WireGuard tunnels so I guess I 
> > need to avoid wg-quick if that makes changes to the routing table 
> > and firewall as I want to manage those my self
> > 
> > > On 30 Aug 2020, at 00:16, Eric Light <eric at ericlight.com> wrote:
> > >
> > > I believe it's both, in a way.
> > >
> > > As far as wg is concerned, the AllowedIPs is effectively an ACL.  
> > > Any traffic hitting your wireguard interface from an IP not within 
> > > the AllowedIPs will either be dropped on decryption, or won't even 
> > > be decrypted.  (It's one of these, but I can't remember which)
> > >
> > > On top of that, wg-quick interprets the AllowedIPs string and does other things, such as adding appropriate network routing (the second part of your guess), as well as modifying any client firewall rules to permit the traffic.
> > >
> > > Hope this helps  :)
> > >
> > > E
> > >
> > > --------------------------------------------
> > > Q: Why is this email five sentences or less?
> > > A: http://five.sentenc.es
> > >
> > >> On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote:
> > >> I’m trying to understand AllowedIPs better is it effectively a 
> > >> ACL that day what is allowed down the tunnel or is it mechanism 
> > >> to configure what addresses get routed down the tunnel?
> > >>
> > >> Thanks in advance
> > >>
> >
> 
>