Wireguard: "Patching" AllowedIps and interface PostUp
-
Dear all,
I've just set up a wireguard VPN server on my Cloudron instance and love the simplicity and instant success! Great stuff!
However, I have one little question:
One of my VPN peers is a MikroTik LTE router with a private subnet
192.168.99.0/24behind it.
After the VPN app is started I currently run the following two commands in the app's web terminal to make the nodes in the subnet behind the router reachable to all VPN peers:wg set wg0 peer <key> allowed-ips 172.26.99.3/32,192.168.99.0/24 ip route add 192.168.99.0/24 via 172.26.99.3These two commands add the subnet
192.168.99.0/24to theAllowedIpsof the routers wireguard peer entry and add a respective route.
This works great and everything functions exactly as it should.However, these changes get lost when the VPN app is restarted.
In order to make them persist across app restarted I tried patching the/app/data/wg/wg0.conffile, but apparently this file gets regenerated on every app restart.Does anyone have an idea of how to best make these two tweaks permanent?
Cheers
Mathias -
Thank you, robi, I've seen
/app/code/start.shand it'd be a great place to put the needed changes, but this file is not in the/app/data/folder and -- as such -- isn't writeable.
It seems to me I have to somehow sneak something into/app/data/as that's the only place I have influence over.One thought: Could I simply patch
/app/data/wg/wg0.confandchmod -rit to prevent it being rewritten on app restart? -
Thank you, robi, I've seen
/app/code/start.shand it'd be a great place to put the needed changes, but this file is not in the/app/data/folder and -- as such -- isn't writeable.
It seems to me I have to somehow sneak something into/app/data/as that's the only place I have influence over.One thought: Could I simply patch
/app/data/wg/wg0.confandchmod -rit to prevent it being rewritten on app restart? -
Ah, of course I meant
-wto prevent the rewrite.I don't think there is a lot of TCL required.
One additional line instart.shwould suffice, which simply checks for the existence of a custom script like/app/data/poststart.shand calls it if it exists.
So, a hook for custom logic to run after the app has started and the tunnel is up.
Where can I best propose/submit this little feature request?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login