Re: Activate netdev only on demand (e.g. for wireguard connection)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 11/03/21 7:39 pm, Alvin Šipraga wrote:

Hi,

On 3/11/21 11:01 AM, Reindl Harald wrote:

Am 11.03.21 um 06:36 schrieb Amish:

Hello

So I have a wireguard setup which I use to connect to my server.

But I do not connect to it daily, just once a in a while.

I have setup wg0.netdev file and wg0.network file and all is working
fine.

But how do I set it up such that interface wg0 does not connect
automatically but comes up only when I run:

#networkctl up wg0

Effectively I want wireguard to connect/disconnect on demand

given that wireguard runs directly in the kernel and has no single
userland process what problem would you like to solve and why?

Amish, I think you described your problem perfectly fine. It sounds like
you want to add:

[Network]
ActivationPolicy=manual

to your wg0.network file.

More info here:
https://www.freedesktop.org/software/systemd/man/systemd.network.html#ActivationPolicy=
Thank you. I think this feature does not exist yet on current stable release. (I use Arch Linux systemd version 247.3)
So as of now I can not try that setting. But just seeking a clarification about it.
I think this feature will still bring up the interface wg0 via wg0.netdev file. But it will not assign IP address till it is activated manually.
So VPN connection will still occur behind the scenes just that IP address and routes will not be setup.
What I want is that it should not initiate VPN connection itself. i.e.: ActivationPolicy=manual for netdev file and not network file.
But let me wait till the feature lands in Arch Linux and then I will test it. 
If you are only using the wireguard interface to connect to a specific
IP or subnet (e.g. your server's), you can also fine-tune the routes in
your .network file. That way you might be able to live with - and even
prefer - the interface always being up.
Yes thats what I have done, but I would still prefer a way to activate it on demand. 

Thanks,

Amish

_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux