[systemd-devel] Activate netdev only on demand (e.g. for wireguard connection)
Amish
anon.amish at gmail.com
Fri Mar 12 01:59:37 UTC 2021
On 11/03/21 7:39 pm, Alvin Šipraga wrote:
> Hi,
>
> On 3/11/21 11:01 AM, Reindl Harald wrote:
>> Am 11.03.21 um 06:36 schrieb Amish:
>>> Hello
>>>
>>> So I have a wireguard setup which I use to connect to my server.
>>>
>>> But I do not connect to it daily, just once a in a while.
>>>
>>> I have setup wg0.netdev file and wg0.network file and all is working
>>> fine.
>>>
>>> But how do I set it up such that interface wg0 does not connect
>>> automatically but comes up only when I run:
>>>
>>> #networkctl up wg0
>>>
>>> Effectively I want wireguard to connect/disconnect on demand
>> given that wireguard runs directly in the kernel and has no single
>> userland process what problem would you like to solve and why?
> Amish, I think you described your problem perfectly fine. It sounds like
> you want to add:
>
> [Network]
> ActivationPolicy=manual
>
> to your wg0.network file.
>
> More info here:
> https://www.freedesktop.org/software/systemd/man/systemd.network.html#ActivationPolicy=
Thank you. I think this feature does not exist yet on current stable
release. (I use Arch Linux systemd version 247.3)
So as of now I can not try that setting. But just seeking a
clarification about it.
I think this feature will still bring up the interface wg0 via
wg0.netdev file. But it will not assign IP address till it is activated
manually.
So VPN connection will still occur behind the scenes just that IP
address and routes will not be setup.
What I want is that it should not initiate VPN connection itself. i.e.:
ActivationPolicy=manual for netdev file and not network file.
But let me wait till the feature lands in Arch Linux and then I will
test it.
> If you are only using the wireguard interface to connect to a specific
> IP or subnet (e.g. your server's), you can also fine-tune the routes in
> your .network file. That way you might be able to live with - and even
> prefer - the interface always being up.
Yes thats what I have done, but I would still prefer a way to activate
it on demand.
Thanks,
Amish
More information about the systemd-devel
mailing list