strong recomend using 0.0.0.0/1 128.0.0.0/1 instead of 0.0.0.0/0 in allowips

[youxiaojie]

after research, I recommend using 0.0.0.0/1 128.0.0.0/1 instead of 0.0.0.0/0 because 0.0.0.0/0 will replace the original default gateway, result in offline when turn wireguard off.

https://unix.stackexchange.com/questions/110716/how-to-understand-the-routing-table-on-an-openvpn-client

After reading [this](https://unix.stackexchange.com/questions/110716/understand-the-route-table), I found some more information. The below lines makes a lot of sense to me now:

0.0.0.0         10.8.0.5        128.0.0.0       UG    0      0        0 tun0
128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun0

So, the 1st line is defining 0.0.0.0/128.0.0.0 and second one is defining 128.0.0.0/128.0.0.0. Essentially:

0.0.0.0/128.0.0.0 = 0.0.0.0/1 = 0.0.0.0 TO 127.255.255.255
128.0.0.0/128.0.0.0 = 128.0.0.0/1 = 128.0.0.0 TO 255.255.255.255

So, above 2 routes are covering the entire IPv4 Address range [0.0.0.0 TO 255.255.255.255]. It is a clever way of OpenVPN to add a default route without replacing the original default route and this default route will be routed via tun0.

[burghardt]

Wireguard interfaces configured with wg-quick doesn't replace default gateway.

$ ip -4 route list default
default via 10.137.0.28 dev eth0

There is only a single default gateway set in the main routing table. So how does it work? It use separate routing table for wg0.

$ ip -4 route list default table all
default dev wg0 table 51820 scope link 
default via 10.137.0.28 dev eth0 

If you take closer look on wg-quick output you will notice table 51820, fwmark 51820 set on wg0 and a new ip rule being add.

[youxiaojie]

weired in openwrt, it replace default route.if I set 0.0.0.0/0 ::/0 and enable 'route to this ips options 'default gateway will replace someother apps which detect default gw will be fault.so I use 0.0.0.0/1 128.0.0.0/1 ::/1 8000::/1instead.I go back to openwrt to see if it is policy based routing:) thanks for your patience!!

[burghardt]

Are you using wg-quick on OpenWRT or native LUCI suppor?

[youxiaojie]

using luci, interface-->wg0-->peers-->Route Allowed IPs (Optional. Create routes for Allowed IPs for this peer.)
this will simple add 0.0.0.0/0 as default gw, the same as ::/0.

when it is uncheked:

root@OpenWrt:~# ip -6 route
default from 240e:82:901:9400::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
default from fdb7:fedc:3210::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
2001:470:4999::/64 dev wg0 proto kernel metric 256 pref medium
240e:82:901:9400:6953:3d:4c0e:f25e dev br-lan proto static metric 1024 pref medium
240e:82:901:9400::/64 dev eth0.2 proto static metric 256 pref medium
fd39:5335:1241:7412::/64 dev wg0 proto kernel metric 256 pref medium
fdb7:fedc:3210::1 dev eth0.2 proto static metric 1024 pref medium
fdb7:fedc:3210:0:a80d:9b39:797f:a095 dev br-lan proto static metric 1024 pref medium
fdb7:fedc:3210::/64 dev eth0.2 proto static metric 256 pref medium
fdbb:1fc4:1e19::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdbb:1fc4:1e19::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
root@OpenWrt:~# ip -4 route
default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.138 
10.10.191.0/24 dev wg0 proto kernel scope link src 10.10.191.10 
45.62.236.91 via 192.168.1.1 dev eth0.2 proto static 
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.138 
192.168.100.0/24 dev br-lan proto kernel scope link src 192.168.100.1 

when checked:

root@OpenWrt:~# ip -6 route
default from 240e:82:901:9400::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
default from fdb7:fedc:3210::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
2001:470:4999::/64 dev wg0 proto kernel metric 256 pref medium
240e:82:901:9400::/64 dev eth0.2 proto static metric 256 pref medium
fd39:5335:1241:7412::/64 dev wg0 proto kernel metric 256 pref medium
fdb7:fedc:3210::1 dev eth0.2 proto static metric 1024 pref medium
fdb7:fedc:3210:0:a80d:9b39:797f:a095 dev br-lan proto static metric 1024 pref medium
fdb7:fedc:3210::/64 dev eth0.2 proto static metric 256 pref medium
fdbb:1fc4:1e19::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdbb:1fc4:1e19::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
default dev wg0 proto static metric 1024 pref medium
root@OpenWrt:~# ip -4 route
default dev wg0 proto static scope link 
10.10.191.0/24 dev wg0 proto kernel scope link src 10.10.191.10 
45.62.236.91 via 192.168.1.1 dev eth0.2 proto static 
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.138 
192.168.100.0/24 dev br-lan proto kernel scope link src 192.168.100.1 
root@OpenWrt:~# 

the gateway has changed:
when using 0.0.0.0/1 128.0.0.0/1 ::/1 8000::/1

root@OpenWrt:~# ip -6 route
default from 240e:82:901:9400::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
default from fdb7:fedc:3210::/64 via fe80::c261:18ff:fefc:b89c dev eth0.2 proto static metric 512 pref medium
2001:470:4999::/64 dev wg0 proto kernel metric 256 pref medium
240e:82:901:9400:6953:3d:4c0e:f25e dev br-lan proto static metric 1024 pref medium
240e:82:901:9400::/64 dev eth0.2 proto static metric 256 pref medium
::/1 dev wg0 proto static metric 1024 pref medium
fd39:5335:1241:7412::/64 dev wg0 proto kernel metric 256 pref medium
fdb7:fedc:3210::1 dev eth0.2 proto static metric 1024 pref medium
fdb7:fedc:3210::/64 dev eth0.2 proto static metric 256 pref medium
fdbb:1fc4:1e19::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdbb:1fc4:1e19::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
8000::/1 dev wg0 proto static metric 1024 pref medium
root@OpenWrt:~# ip -4 route
0.0.0.0/1 dev wg0 proto static scope link 
default via 192.168.1.1 dev eth0.2 proto static src 192.168.1.138 
10.10.191.0/24 dev wg0 proto kernel scope link src 10.10.191.10 
45.62.236.91 via 192.168.1.1 dev eth0.2 proto static 
128.0.0.0/1 dev wg0 proto static scope link 
192.168.1.0/24 dev eth0.2 proto kernel scope link src 192.168.1.138 
192.168.100.0/24 dev br-lan proto kernel scope link src 192.168.100.1

[burghardt]

Script you are reporting bug for doesn't even generate UCI configuration. So why do you report bug here? Aside that, you show routing table with single default gateway for IPv4 and this route is not on Wireguard interface. For IPv6 you've two default source based routes via the same gateway on eth0.2. What is the problem than and how this is related to easy-wg-quick?

[youxiaojie]

maybe it is openwrt's fault. it is non of your script's business. I think your policy routing is more suitable.

[youxiaojie]

can wg-quick be used in openwrt directly?

[burghardt]

maybe it is openwrt's fault

Unlikely. Installed test openwrt instance. Connected to hub. Connected pc to it. I can turn wg0 up and down without loosing default gateway settings.

Wireguard interface wg0 up. Multiple default gateways in multiple tables.

root@wrtest:~# ip route show all table all | grep default
default via 1xx.1xx.2xx.1 dev eth1.2 table 201 
default via 10.xx.xx.7 dev wg0 table 202 
default dev wg0 proto static scope link 
default via 1xx.1xx.2xx.1 dev eth1.2 proto static src 1xx.1xx.1x.2xx metric 10 
default dev wg0 proto static metric 1024 pref medium

Wireguard interface wg0 down. Still one default gateway is there for each table.

root@wrtest:~# ip route show all table all | grep default
default via 1xx.1xx.2xx.1 dev eth1.2 table 201 
default via 1xx.1xx.2xx.1 dev eth1.2 proto static src 1xx.1xx.1x.2xx metric 10 

can wg-quick be used in openwrt directly?

Everything is possible, but OpenWRT developers seems to suggest that you should use UCI, as wq-quick is not available there.

root@wrtest:~# opkg files wireguard-tools
Package wireguard-tools (1.0.20191226-1) is installed on root and has the following files:
/usr/bin/wg
/lib/netifd/proto/wireguard.sh
/usr/bin/wireguard_watchdog

[youxiaojie]

dear friend, what is your linux destro? I am using ubuntu,
there is no policy based routing as this:

There is only a single default gateway set in the main routing table. So how does it work? It use separate routing table for wg0.

$ ip -4 route list default table all
default dev wg0 table 51820 scope link 
default via 10.137.0.28 dev eth0 

If you take closer look on wg-quick output you will notice table 51820, fwmark 51820 set on wg0 and a new ip rule being add.