[systemd-devel] Wireguard routes only after connect
Andrei Borzenkov
arvidjaar at gmail.com
Fri Feb 23 13:10:11 UTC 2024
On 14.02.2024 11:55, Julian Zielke wrote:
> Hi,
>
> is there a possibility to only add the routes from allowed-ips to the kernel routing table after the peer has connected?
This directly contradicts your next statement
> Because since the tunnel itself is stateless, there is no way for me to make use of OSPF to route packets to a selective server running a tunnel to the same endpoint (for loadbalancing and multi-wan reasons).
>
As you write yourself, WireGuard protocol is stateless, there is no
connection at all. The closest thing to the "connection" is successful
handshake which runs periodically. There does not appear to be any
notification when it happens, so at most one could poll wireguard
interface for the "last handshake time" and assume "connection loss" if
it has not been updated for long enough. I do not think anything like
this is currently implemented.
More information about the systemd-devel
mailing list