Wireguard: "Patching" AllowedIps and interface PostUp
-
Dear all,
I've just set up a wireguard VPN server on my Cloudron instance and love the simplicity and instant success! Great stuff!
However, I have one little question:
One of my VPN peers is a MikroTik LTE router with a private subnet
192.168.99.0/24behind it.
After the VPN app is started I currently run the following two commands in the app's web terminal to make the nodes in the subnet behind the router reachable to all VPN peers:wg set wg0 peer <key> allowed-ips 172.26.99.3/32,192.168.99.0/24 ip route add 192.168.99.0/24 via 172.26.99.3These two commands add the subnet
192.168.99.0/24to theAllowedIpsof the routers wireguard peer entry and add a respective route.
This works great and everything functions exactly as it should.However, these changes get lost when the VPN app is restarted.
In order to make them persist across app restarted I tried patching the/app/data/wg/wg0.conffile, but apparently this file gets regenerated on every app restart.Does anyone have an idea of how to best make these two tweaks permanent?
Cheers
Mathias -
Thank you, robi, I've seen
/app/code/start.shand it'd be a great place to put the needed changes, but this file is not in the/app/data/folder and -- as such -- isn't writeable.
It seems to me I have to somehow sneak something into/app/data/as that's the only place I have influence over.One thought: Could I simply patch
/app/data/wg/wg0.confandchmod -rit to prevent it being rewritten on app restart?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login