diff options
author | Florian Klink <flokli@flokli.de> | 2020-12-20 18:24:05 +0100 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2020-12-21 15:47:00 +0900 |
commit | c6b90e5c5e54e98b6aed38677f77d8491f2e49c8 (patch) | |
tree | c6251300ff5b1a6cf136639ad49b12d1e1f213a1 /man/localtime.xml | |
parent | 94d982bb6a1330bfc551cb48a75fe9fed5929661 (diff) | |
download | systemd-c6b90e5c5e54e98b6aed38677f77d8491f2e49c8.tar.gz |
man/systemd.netdev: clarify the wireguard AllowedIPs= setting
`AllowedIPs=` only affects "routing inside the network interface
itself", as in, which wireguard peer packets with a specific destination
address are sent to, and what source addresses are accepted from which
peer.
To cause packets to be sent via wireguard in first place, a route via
that interface needs to be added - either in the `[Routes]` section on
the `.network` matching the wireguard interface, or outside of networkd.
This is a common cause of misunderstanding, because tools like wg-quick
also add routes to the interface. However, those tools are meant as a
"extremely simple script for easily bringing up a WireGuard interface,
suitable for a few common use cases (from their manpage).
Networkd also should support other usecases - like setting AllowedIPs to
0.0.0.0/0 and ::/0 and having a dynamic routing protocol setting more
specific routes (or the user manually setting them).
Reported-In: https://github.com/systemd/systemd/issues/14176
Diffstat (limited to 'man/localtime.xml')
0 files changed, 0 insertions, 0 deletions