Skip to content
This repository has been archived by the owner on May 4, 2020. It is now read-only.

Userpace tools #148

Open
samip5 opened this issue Apr 30, 2020 · 3 comments
Open

Userpace tools #148

samip5 opened this issue Apr 30, 2020 · 3 comments

Comments

@samip5
Copy link

samip5 commented Apr 30, 2020

To my understanding wg-quick is part of the userpace tools, right?
If so, they're not included in the package?
@ujhede
Copy link

ujhede commented May 2, 2020

wg-quick is not needed on the Edgerouter platform. The interface configuration that wg-quick does on linux is done by the Edgerouter configuration scripts included in the package.

@samip5
Copy link
Author

samip5 commented May 2, 2020
edited
Loading

wg-quick is not needed on the Edgerouter platform. The interface configuration that wg-quick does on linux is done by the Edgerouter configuration scripts included in the package.

Please enlighten me how to configure a WG interface so it can be used with Policy Based Routing as a default gateway?

P.S The AllowedIP's don't allow 0.0.0.0/0 as it conflicts with already existing route and I don't want my EdgeRouter's default route to be the WG interface.

@ujhede
Copy link

ujhede commented May 2, 2020
edited
Loading

Maybe a bit beyong the scope of this issues section and more for the Ubiquiti forums. The config is not really different form any other pbr config.

If the below explanation is not enought for you to get it workign then i suggest you post your config on the Ubiquiti Edgerouter forum.

You will need to leave routing up to the ER routing and keep route-allowed-ips to false.

Then create a new routing table that routes to the wg interface, somthing lige this:

    table 60 {
        description Wireguard
        interface-route 0.0.0.0/0 {
            next-hop-interface wg0 {
            }
        }
        route 0.0.0.0/0 {
            blackhole {
                distance 255
            }

Then you create a firewall modify rule to modify the routing table to your new wg table. Something like this:
Rule 1 is to avoid lan to lan traffic to be routed over the tunnel.

modify wg {
      rule 1 {
          action modify
          destination {
              group {
                  address-group LAN_NETS
              }
          }
          modify {
              table main
          }
      }
      rule 10 {
          action modify
          modify {
              table 60
          }
      }

Finally assign you modify rule to the in on you LAN interface and add whatever policy you want.

 vif 60 {
            address 192.168.60.1/24
            firewall {
                in {
                    modify wg
                }
            }
        }

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samip5 @ujhede