At a high level: when running an event, we might want to not use the uplink directly, but rather use the uplink to establish a WireGuard tunnel and then route all outgoing traffic through the WireGuard tunnel instead. Semantically, this means uplink0 should be a WireGuard tunnel, and the network interface that’s currently uplink0 should be transit0 and only allow WireGuard traffic.
Side note: this would also be beneficial for https://gokrazy.org/ when using unencrypted WiFi networks. Depending on how the implementation goes, we should probably file a separate issue over there to make the result work on gokrazy, too, not just router7.
Raw WireGuard support was added in https://github.com/rtr7/router7/issues/14, this issue covers a specific use-case.
At a high level: when running an event, we might want to not use the uplink directly, but rather use the uplink to establish a WireGuard tunnel and then route all outgoing traffic through the WireGuard tunnel instead. Semantically, this means
uplink0should be a WireGuard tunnel, and the network interface that’s currentlyuplink0should betransit0and only allow WireGuard traffic.Side note: this would also be beneficial for https://gokrazy.org/ when using unencrypted WiFi networks. Depending on how the implementation goes, we should probably file a separate issue over there to make the result work on gokrazy, too, not just router7.