Open hydrafi opened 2 years ago
emonindonesia
commented
2 years ago I second that to be actually set "allowed IP addresses". There is allowed_ip in the code, but I don't see a clean way to set that.
Wireguard configs usually have something like
AllowedIPs = 10.0.1.0/24
ciniml
commented
2 years ago According to the lwIP implementation, traffics are routed based on the interface netmask by default. So I think DNS traffics go through the underlying interface if the DNS server is at the same network of the underlying interface.
Forwarding via a gateway in the non-default interface is not supported by lwIP, since the lwIP does not have any routing table. The routing of the lwIP is done based on the netmask of the interfaces.
I think a "disconnection" could be implemented by restoring the default interface to the default one and shutdown the Wire Guard interface.
https://github.com/ciniml/WireGuard-ESP32-Arduino/blob/main/src/WireGuard.cpp#L100
To restore the default interface before Wire Guard connection, we must save the default interface before updating it by calling netif_set_default.
It seems to be done by just storing netif_default global variable which lwIP exposes, but I haven't tried it yet.
ciniml
commented
2 years ago I've implemented WireGuard::end() function to shutdown the WireGuard interface.
https://github.com/ciniml/WireGuard-ESP32-Arduino/blob/10-disconnect/src/WireGuard.cpp#L122
There is an example of the end() function.
ciniml
commented
2 years ago I've released WireGuard for ESP32 Arduino Library 0.1.5.
This version supports shutting down the WireGuard interface by calling end() function.
Hi, thanks for WireGuard Implementation on esp32. I am trying and it runs well. I noticed that all traffic goes through the VPN. It would be helpful if at least DNS requests used the local STA connection. Also a "disconnect" function would be useful. Thanks
MaxT