On 14.02.2024 11:55, Julian Zielke wrote:
Hi, is there a possibility to only add the routes from allowed-ips to the kernel routing table after the peer has connected?
This directly contradicts your next statement
Because since the tunnel itself is stateless, there is no way for me to make use of OSPF to route packets to a selective server running a tunnel to the same endpoint (for loadbalancing and multi-wan reasons).
As you write yourself, WireGuard protocol is stateless, there is no connection at all. The closest thing to the "connection" is successful handshake which runs periodically. There does not appear to be any notification when it happens, so at most one could poll wireguard interface for the "last handshake time" and assume "connection loss" if it has not been updated for long enough. I do not think anything like this is currently implemented.
