Conversation
Wireguard and TINC Interfaces was defunct
|
The OpenVPN hook is just a leftover from the legacy system, which we rather don't extend unless there's a generic change which functions for all same type interfaces. Do you experience issues when you add a gateway manually? As far as I understood so far, you should be able to add manual gateways for these types. |
|
With the commit 93bbe1e The dynamic wireguard and tinc Gateways are broken. |
|
I understand that both commits lead to the same result, but I'm not convinced that we need to re-add something similar now (there might be side affects). What does your setup look like? Is the gateway address unknown? |
|
I don't have find a model for the Gateways to add a setting to Override the defunct check |
|
there isn't. Maybe if we go one step back, we could determine what's needed here. Hence the question about your setup. |
|
Yes, tinc and WG are dynamic Interfaces without a Gateway ip |
|
In most situations you know one end of the tunnel, which is likely what most people use. In some cases the address to use is collected dynamically. Sending traffic to an interface without a destination usually isn't needed. You could always ask @mimugmail what he configures for Wireguard. |
|
I don't mind if we do need to reevaluate the choice only support valid addresses in gateways, but I really need more context about when and why we would like to allow this. An extra checkbox might also be an option in this case, or should we do so for all tunnel types. |
I will check it out and test it. Then we need this only for TINC. Yes, we have 4 WG VPNs and 1 TINC . |
…npoint it on specific drivers. for #3983 Some tunnel interface types, such as Wireguard and Tinc do support sending traffic to the interface without an intermediate host. Since we don't want to add different static checks (and would like to get rid of the ones there for legacy reasons), it's probably better to add an option here.
|
@QDaniel @mimugmail maybe we better add an option on the interface, like dba70c0, so we can support routes without intermediate gateways, but don't try to hardcode every tunnel type in the world. |
| if(!self::IsVPNInterface($gw_arr)){ | ||
| $gw_arr['disabled'] = true; | ||
| $gw_arr['defunct'] = true; | ||
| unset($gw_arr['gateway']); | ||
| } |
There was a problem hiding this comment.
In some use cases you may want a VPN interface to be your default gateway, so the IsVPNInterface() check here should probably be removed to maintain functional consistency.
There was a problem hiding this comment.
@drivera73 this PR won't be included, we're currently opting for this dba70c0
|
This is good! |
…npoint it on specific drivers. for #3983 Some tunnel interface types, such as Wireguard and Tinc do support sending traffic to the interface without an intermediate host. Since we don't want to add different static checks (and would like to get rid of the ones there for legacy reasons), it's probably better to add an option here. (cherry picked from commit dba70c0)
4 participants
Wireguard and TINC Interfaces was defunct