Update routing table in more scenarios

WireGuard / wireguard-vyatta-ubnt

WireGuard for Ubiquiti Devices

https://www.wireguard.com/

GNU General Public License v3.0

1.46k stars 68 forks source link

Update routing table in more scenarios #73

Closed whiskerz007 closed 3 years ago

whiskerz007 commented 3 years ago

Nothing was happening when a peer was disabled. This PR will make sure the peer is removed from WireGuard and the routing table is updated when a peer is disabled.

whiskerz007 commented 3 years ago

@FossoresLP At this point, the routing table will match the state of the configuration. Currently, when the WireGuard interface is disabled, running wg show <interface> will still show the peers, still keep the running bandwidth usage, and keep track of the last handshake. Deleting the peers from the WireGuard interface would ensure wg show <interface> only shows the interface configuration and all peers will lose the running totals.

Should the peers be deleted from WireGuard when the interface is disabled in the configuration?

FossoresLP commented 3 years ago

I'm not quite sure what would be the better approach. I don't think freeing up the resources would make much of a difference unless you are running many WG interfaces in disabled state, which I would say is a little bit odd to do. What about the addresses - are they available for re-use when the interface is disabled?

whiskerz007 commented 3 years ago

With the changes in this PR, when the WireGuard interface is disabled, the routes are removed. The IP address that is assigned to the interface is still configured. The script that updates the routes checks the list of allowed-ips from the output of wg show <interface>.

With the template rewrite, I tried to keep the same logic the was created before. If we need to redefine the logic, we should probably workshop some workflows to ensure the logic makes sense and the code functions as desired.

FossoresLP commented 3 years ago

I asked just out of curiosity, since this was requested before.

This PR looks good the way it is for now.

I'll merge it before the next release, but I don't think it's necessary to release it standalone since this is not a serious bug.

whiskerz007 commented 3 years ago

With the current release, if you disable the WireGuard interface, the routes are removed (by the kernel). When you reenable the interface the routes will not update. I believe this is a bug that may not have been discovered.

FossoresLP commented 3 years ago

Ok, then I suppose a new release would be warranted. I'll get this PR merged and released in the next couple of days then.