Closed emk2203 closed 1 year ago
mlvd uses wg-quick
to set up the tunnel. It writes /etc/wireguard/mlvd.conf
by filling out template.conf
and then runs wg-quick up mlvd
. So this is out of scope for the project.
What is this killswitch supposed to do? By default all internet traffic is routed through the vpn interface.
The kill switch is supposed to prevent outgoing, non-internal traffic in case the VPN connection breaks down for whatever reason.
And good to know the workings of mlvd
under the hood.
That's why your earlier shell script version had advantages. I can't look into the rust version, but it's easy to do so with the shell code.
With the way wg-quick does its routing, traffic won't escape the VPN even if the connection breaks down. At least I haven't experienced anything like that yet. The mechanism is described in their docs.
The shell script is probably easier to read for most people, but it gets ugly when it comes to error handling, etc. The rust code is not very complex either, I think you should for example be able to get the gist of how the tunnel is set up by looking at src/wireguard.rs without knowing the language.
When trying to use Mullvad's killswitch rules, a ssh connection to the computer is lost (gobbled up by the killswitch rules). In the status, the invocation of the preup is the last thing before the connection freezes.
The rules are
The
%i
variable gets successfully replaced mymlvd
, so this part works.