[systemd-devel] Activate netdev only on demand (e.g. for wireguard connection)

[Mantas Mikulėnas]

On Thu, Mar 11, 2021 at 12:01 PM Reindl Harald <h.reindl at thelounge.net>
wrote:

>
>
> Am 11.03.21 um 06:36 schrieb Amish:
> > Hello
> >
> > So I have a wireguard setup which I use to connect to my server.
> >
> > But I do not connect to it daily, just once a in a while.
> >
> > I have setup wg0.netdev file and wg0.network file and all is working
> fine.
> >
> > But how do I set it up such that interface wg0 does not connect
> > automatically but comes up only when I run:
> >
> > #networkctl up wg0
> >
> > Effectively I want wireguard to connect/disconnect on demand
>
> given that wireguard runs directly in the kernel and has no single
> userland process what problem would you like to solve and why?
>

It might be the problem that I also have, which is that you don't always
want certain destinations to be *permanently* routed through the tunnel --
e.g. you might have a VPN for 0.0.0.0/0 ::/0 (the whole internet) but don't
actually want it to be active all the time, only when the need for it
occurs.

For example I have a tunnel through a USA server for websites that block
Europe -- it routes 0/0 because I don't know the "wanted" destinations in
advance, but at the same time I don't want the system to *default* to
sending all my traffic halfway around the world and back, so it has to be
"on demand".

People are in a hurry to suggest "openvpn is meh, use wg-quick" and then
the same people suggest "wg-quick is meh, use networkd" forgetting that A
and C don't necessarily intersect.

-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210311/965e79a1/attachment.htm>