SEANK.H.LIAO

wireguard systemd

use systemd to manage wireguard

Goals

additional reading

How

Use the improved rule-based solution similar to wg-quick

40-wireguard.netdev

creating the network device

 1[NetDev]
 2Name = wg0
 3Kind = wireguard
 4
 5[WireGuard]
 6PrivateKey = CLIENT_PRIVATE_KEY
 7FirewallMark = 1234
 8
 9[WireGuardPeer]
10PublicKey = SERVER_PUBLIC_KEY
11AllowedIPs = 0.0.0.0/0
12Endpoint = SERVER_ENDPOINT:51820
40-wireguard.network

routing rules

results:

umarked packet: -> table 2468 -> wg0 -> marked -> table main

 1[Match]
 2Name = wg0
 3
 4[Network]
 5Address = CLIENT_IP_ADDRESS/SUBNET
 6
 7[Route]
 8Destination = 0.0.0.0/0
 9Table = 2468
10
11[RoutingPolicyRule]
12InvertRule = true
13FirewallMark = 1234
14Table = 2468
15
16[RoutingPolicyRule]
17Table = main
18SuppressPrefixLength = 0