wireguard: automatically add routes to AllowedIPs=

[perara]

systemd version the issue has been seen with

243.162-2

Used distribution

Arch Linux

Expected behaviour you didn't see

Routes defined in AllowedIPs added and persisting

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.168.1   0.0.0.0         UG    303    0        0 wlp4s0
10.0.10.0       0.0.0.0         255.255.255.0   U     0      0        0 wg0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
192.168.168.0   0.0.0.0         255.255.255.0   U     303    0        0 wlp4s0
192.168.168.1   0.0.0.0         255.255.255.255 UH    100    0        0 wlp4s0

Specifically: 10.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0

Unexpected behaviour you saw

Incorrect routing. Use wireless route instead of wireguard

Steps to reproduce the problem
The following configuration was used for Wireguard, the same configuration works for wg-quick (routes gets added normally)
Netdev

[NetDev]
Name = wg0
Kind = wireguard
Description = Wireguard

[WireGuard]
PrivateKey = <Snip>

[WireGuardPeer]
PublicKey = <Snip>
AllowedIPs=0.0.0.0/0
AllowedIPs=::/0
Endpoint = ABC.ABC.ABC.ABC:5555
PersistentKeepalive = 25

Network

[Match]
Name = wg0

[Network]
Address = 10.0.10.20/32

[Route]
Gateway = 10.0.10.1
Destination = 10.0.10.0/24
GatewayOnLink=true

[yuwata]

Missing [Match] section in .network file?

[perara]

Hi,
No, I must have missed that line, sorry.
Updated

[yuwata]

Please enable debug logging for networkd and provide the log. The debugging log can be generated by using the following drop-in config:

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

[perara]

Hi Again,
Below is the log from another host. There is a warning about the [Service] section which i accedentally added to the wireguard.network file. This got, however, ignored.
I am not seeing any indication that the AllowedIPs are added to the routes.
Note: This is another client with the same configuration (Arch). Having the same issue.

Legend:
10.0.0.138 - Default Gateway
10.0.10.5 - Static ip address for this WG client
AllowedIPs = 10.0.10.0/24, 10.0.1.0/24, 128.xx.xx.0/20, 158.xx.xx.0/24

Nov 29 07:41:15 desktop-pc systemd[1]: Stopped Network Service.
Nov 29 07:41:15 desktop-pc systemd[1]: Starting Network Service...
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Bus bus-api-network: changing state UNSET → OPENING
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Bus bus-api-network: changing state OPENING → AUTHENTICATING
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: timestamp of '/etc/systemd/network' changed
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: loaded wireguard
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Creating
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: No virtualization found in DMI
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: No virtualization found in CPUID
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Virtualization XEN not found, /proc/xen does not exist
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: This platform does not support /proc/device-tree
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: UML virtualization not found in /proc/cpuinfo.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: This platform does not support /proc/sysinfo
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Found VM virtualization none
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: /usr/lib/systemd/network/80-container-host0.network: Conditions in the file do not match the system environment, skipping.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: /etc/systemd/network/99-wg.network:1: Unknown section 'Service'. Ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: Flags change: +MULTICAST +BROADCAST
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: Link 7 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: Saved original MTU: 1500
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: New device has no master, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Flags change: +UP +MULTICAST +BROADCAST
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Link 6 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Saved original MTU: 1500
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: New device has no master, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Flags change: +UP +MULTICAST +BROADCAST
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Link 5 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Saved original MTU: 1500
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: New device has no master, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: MAC address not found for new device, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Flags change: +UP +LOWER_UP +RUNNING +POINTOPOINT +NOARP
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Link 4 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: netdev has index 4
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: netdev ready
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Saved original MTU: 1420
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: New device has no master, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Link 3 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Saved original MTU: 1500
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: New device has no master, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Link 2 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Saved original MTU: 1500
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: New device has no master, continuing without
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Flags change: +LOOPBACK +UP +LOWER_UP +RUNNING
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Link 1 added
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: udev initialized link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: State changed: pending -> initialized
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Saved original MTU: 65536
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering foreign address: fe80::2efd:a1ff:fe73:9926/64 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Gained IPv6LL
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering foreign address: fe80::2e0:4cff:fe68:a5f2/64 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Gained IPv6LL
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering foreign address: ::1/128 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Remembering foreign address: 10.0.100.1/24 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Remembering foreign address: 172.17.0.1/16 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Remembering foreign address: 10.0.10.5/32 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering foreign address: 10.0.0.102/24 (valid for 23h 57min 11s)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering foreign address: 10.0.0.109/24 (valid for 23h 57min 11s)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering foreign address: 127.0.0.1/8 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: ff00::/8, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: boot, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: ff00::/8, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: boot, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Remembering route: dst: ff00::/8, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: boot, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: fe80::2efd:a1ff:fe73:9926/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: fe80::2e0:4cff:fe68:a5f2/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering route: dst: ::1/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: fe80::/64, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: fe80::/64, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering route: dst: ::1/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Remembering route: dst: 172.17.255.255/32, src: n/a, gw: n/a, prefsrc: 172.17.0.1, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Remembering route: dst: 172.17.0.1/32, src: n/a, gw: n/a, prefsrc: 172.17.0.1, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Remembering route: dst: 172.17.0.0/32, src: n/a, gw: n/a, prefsrc: 172.17.0.1, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering route: dst: 127.255.255.255/32, src: n/a, gw: n/a, prefsrc: 127.0.0.1, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering route: dst: 127.0.0.1/32, src: n/a, gw: n/a, prefsrc: 127.0.0.1, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering route: dst: 127.0.0.0/8, src: n/a, gw: n/a, prefsrc: 127.0.0.1, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Remembering route: dst: 127.0.0.0/32, src: n/a, gw: n/a, prefsrc: 127.0.0.1, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Remembering route: dst: 10.0.100.255/32, src: n/a, gw: n/a, prefsrc: 10.0.100.1, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Remembering route: dst: 10.0.100.1/32, src: n/a, gw: n/a, prefsrc: 10.0.100.1, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Remembering route: dst: 10.0.100.0/32, src: n/a, gw: n/a, prefsrc: 10.0.100.1, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Remembering route: dst: 10.0.10.5/32, src: n/a, gw: n/a, prefsrc: 10.0.10.5, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.255/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.255/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.109/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.102/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.0/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.0/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Remembering route: dst: 172.17.0.0/16, src: n/a, gw: n/a, prefsrc: 172.17.0.1, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Remembering route: dst: 10.0.100.0/24, src: n/a, gw: n/a, prefsrc: 10.0.100.1, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Remembering route: dst: 10.0.10.0/24, src: n/a, gw: 10.0.10.1, prefsrc: n/a, scope: global, table: main, proto: static, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.0/24, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.0/24, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.109, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.102, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received rule message with invalid family 129, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received rule message with invalid family 128, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Enumeration completed
Nov 29 07:41:15 desktop-pc systemd[1]: Started Network Service.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Bus bus-api-network: changing state AUTHENTICATING → HELLO
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello cookie=1 reply_c>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=RequestName cookie=2 r>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=AddMatch cookie=3 repl>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_37 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_36 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_36 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_35 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_35 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_34 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_34 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_31 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_31 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_36 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_35 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_34 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1 interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=24 r>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: netdev exists, using existing without changing its parameters
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Created
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0-nic: State changed: initialized -> unmanaged
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_37 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.263 path=n/a interface=n/a member=n/a cookie=1 reply_cookie=1 signature=s error-name=n/>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Bus bus-api-network: changing state HELLO → RUNNING
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: virbr0: State changed: initialized -> unmanaged
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_36 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Got message type=signal sender=org.freedesktop.DBus.Local destination=n/a path=/org/freedesktop/DBus/Local interface=org.freedesktop.DBus.Local member=Connected >
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Got message type=signal sender=org.freedesktop.DBus destination=:1.263 path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=2 rep>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Got message type=signal sender=org.freedesktop.DBus destination=:1.263 path=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=3 rep>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.263 path=n/a interface=n/a member=n/a cookie=4 reply_cookie=2 signature=u error-name=n/>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Successfully acquired requested service name.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.263 path=n/a interface=n/a member=n/a cookie=5 reply_cookie=3 signature=n/a error-name=>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Match type='signal',sender='org.freedesktop.login1',path='/org/freedesktop/login1',interface='org.freedesktop.login1.Manager',member='PrepareForSleep' successful>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: docker0: State changed: initialized -> unmanaged
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_35 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: found matching network '/etc/systemd/network/99-wg.network'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/wg0/proxy_ndp' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/wg0/use_tempaddr' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/wg0/accept_ra' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Setting address genmode for link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: State changed: initialized -> configuring
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_34 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Setting addresses
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: found matching network '/etc/systemd/network/20-wired.network'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Removing address 10.0.0.102
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Removing route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Removing route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.102, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth1/disable_ipv6' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: IPv6 successfully enabled
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth1/proxy_ndp' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth1/use_tempaddr' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth1/accept_ra' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: LLDP: Started LLDP client
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Started LLDP.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Setting address genmode for link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Acquiring DHCPv4 lease
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): STARTED on ifindex 3
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Discovering IPv6 routers
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: NDISC: Started IPv6 Router Solicitation client
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: State changed: initialized -> configuring
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): DISCOVER
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: found matching network '/etc/systemd/network/20-wired.network'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Removing address 10.0.0.109
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Removing route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Removing route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.109, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth0/disable_ipv6' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: IPv6 successfully enabled
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth0/proxy_ndp' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth0/use_tempaddr' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Setting '/proc/sys/net/ipv6/conf/eth0/accept_ra' to '0'
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: LLDP: Started LLDP client
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Started LLDP.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Setting address genmode for link
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Acquiring DHCPv4 lease
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): STARTED on ifindex 2
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Discovering IPv6 routers
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: NDISC: Started IPv6 Router Solicitation client
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: State changed: initialized -> configuring
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): DISCOVER
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: Link state is up-to-date
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: lo: State changed: initialized -> unmanaged
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_31 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Remembering updated address: 10.0.10.5/32 (valid forever)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Addresses set
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Configuring route: dst: 10.0.10.0/24, src: n/a, gw: 10.0.10.1, prefsrc: n/a, scope: global, table: main, proto: static, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Setting routes
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Forgetting address: 10.0.0.102/24 (valid for 23h 57min 11s)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Forgetting route: dst: 10.0.0.0/24, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Forgetting route: dst: 10.0.0.255/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Forgetting route: dst: 10.0.0.0/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth1: Forgetting route: dst: 10.0.0.102/32, src: n/a, gw: n/a, prefsrc: 10.0.0.102, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Forgetting address: 10.0.0.109/24 (valid for 23h 57min 11s)
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Forgetting route: dst: 10.0.0.0/24, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Forgetting route: dst: 10.0.0.255/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Forgetting route: dst: 10.0.0.0/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: eth0: Forgetting route: dst: 10.0.0.109/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: Routes set
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: wg0: State changed: configuring -> configured
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_34 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): OFFER
Nov 29 07:41:15 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): REQUEST (requesting)
Nov 29 07:41:16 desktop-pc systemd-networkd[3206]: NDISC: Sent Router Solicitation, next solicitation in 3s
Nov 29 07:41:16 desktop-pc systemd-networkd[3206]: NDISC: Sent Router Solicitation, next solicitation in 3s
Nov 29 07:41:16 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): REQUEST (requesting)
Nov 29 07:41:17 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): DISCOVER
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): OFFER
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): REQUEST (requesting)
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): ACK
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): lease expires in 23h 59min 56s
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): T2 expires in 20h 59min 57s
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf3a1c934): T1 expires in 11h 59min 58s
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: DHCPv4 address 10.0.0.109/24 via 10.0.0.138
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Remembering updated address: 10.0.0.109/24 (valid for 1d)
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.109/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.255/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.0/24, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Remembering route: dst: 10.0.0.0/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: DHCP: No routes received from DHCP server: No data available
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Configuring route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Configuring route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.109, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Updating remembered route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.109, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: eth1: Updating remembered route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.109, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:18 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): received message was not an ACK, ignoring
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): ACK
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): lease expires in 23h 59min 57s
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): T2 expires in 20h 59min 56s
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: DHCP CLIENT (0xf42f1791): T1 expires in 11h 59min 57s
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: DHCPv4 address 10.0.0.134/24 via 10.0.0.138
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Remembering updated address: 10.0.0.134/24 (valid for 1d)
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.134/32, src: n/a, gw: n/a, prefsrc: 10.0.0.134, scope: host, table: local, proto: kernel, type: local
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.255/32, src: n/a, gw: n/a, prefsrc: 10.0.0.134, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.0/24, src: n/a, gw: n/a, prefsrc: 10.0.0.134, scope: link, table: main, proto: kernel, type: unicast
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Remembering route: dst: 10.0.0.0/32, src: n/a, gw: n/a, prefsrc: 10.0.0.134, scope: link, table: local, proto: kernel, type: broadcast
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: DHCP: No routes received from DHCP server: No data available
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Configuring route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.134, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Configuring route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.134, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Updating remembered route: dst: 10.0.0.138/32, src: n/a, gw: n/a, prefsrc: 10.0.0.134, scope: link, table: main, proto: dhcp, type: unicast
Nov 29 07:41:19 desktop-pc systemd-networkd[3206]: eth0: Updating remembered route: dst: n/a, src: n/a, gw: 10.0.0.138, prefsrc: 10.0.0.134, scope: global, table: main, proto: dhcp, type: unicast
Nov 29 07:41:20 desktop-pc systemd-networkd[3206]: NDISC: Sent Router Solicitation, next solicitation in 6s
Nov 29 07:41:20 desktop-pc systemd-networkd[3206]: NDISC: Sent Router Solicitation, next solicitation in 7s
Nov 29 07:41:20 desktop-pc systemd-networkd[3206]: rtnl: received non-static neighbor, ignoring.
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: NDISC: Sent Router Solicitation, next solicitation in 14s
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: NDISC: No RA received before link confirmation timeout
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: NDISC: Invoking callback for 'timeout' event.
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: eth1: State changed: configuring -> configured
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_33 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: NDISC: No RA received before link confirmation timeout
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: NDISC: Invoking callback for 'timeout' event.
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: eth0: State changed: configuring -> configured
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: Sent message type=signal sender=n/a destination=n/a path=/org/freedesktop/network1/link/_32 interface=org.freedesktop.DBus.Properties member=PropertiesChanged co>
Nov 29 07:41:27 desktop-pc systemd-networkd[3206]: NDISC: Sent Router Solicitation, next solicitation in 14s

[yuwata]

Incorrect routing. Use wireless route instead of wireguard

Please also show the result of ip route.

[perara]

Hi,

Sorry!

[root@desktop-pc network]# ip route
default via 10.0.0.138 dev eth0 proto dhcp src 10.0.0.134 metric 1024 
default via 10.0.0.138 dev eth1 proto dhcp src 10.0.0.109 metric 1024 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.134 
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.109 
10.0.0.138 dev eth0 proto dhcp scope link src 10.0.0.134 metric 1024 
10.0.0.138 dev eth1 proto dhcp scope link src 10.0.0.109 metric 1024 
10.0.10.0/24 via 10.0.10.1 dev wg0 proto static onlink 
10.0.100.0/24 dev virbr0 proto kernel scope link src 10.0.100.1 linkdown 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 

Alternatively:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.138      0.0.0.0         UG    1024   0        0 eth0
0.0.0.0         10.0.0.138      0.0.0.0         UG    1024   0        0 eth1
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.138      0.0.0.0         255.255.255.255 UH    1024   0        0 eth0
10.0.0.138      0.0.0.0         255.255.255.255 UH    1024   0        0 eth1
10.0.10.0       10.0.10.1       255.255.255.0   UG    0      0        0 wg0
10.0.100.0      0.0.0.0         255.255.255.0   U     0      0        0 virbr0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

Note that I've changed AllowedIPs and are now expecting
AllowedIPs = 10.0.10.0/24, 10.0.1.0/24, 128.xx.xx.0/20, 158.xx.xx.0/24
to be set as routes.

[perara]

eth0 and eth1 are connected to the same endpoint, hence they are equal, this is, however expected. This is not causing the bug, however.

[perara]

Tested in 244 Problem still persists.
I were able to workaround this by adding

[Route]
Destination = 10.0.1.0/24
Scope=link

[Route]
Destination = 128.xx.xx.0/20
Scope=link

[Route]
Destination = 158.xx.xx.0/24
Scope=link

Manually

I do, however find it wierd that this can be intended behaviour for wireguard in systemd.

[yuwata]

Hmm? I am confused. So, do you want to say that networkd should automatically add routes to the address listed in AllowedIPs=?

[perara]

This is the behaviour of running wireguard through wg-quick.

I would expect this to be the case for wireguard through networkd as well. Im at my way to a location still running wg-quick, ill output you the routes and corresponding config

[perara]

From the wg-quick manpages:

It infers all routes from the list of peers' allowed IPs, and automatically adds them to the system routing table. If one of those routes is the default route (0.0.0.0/0 or ::/0), then it uses ip-rule(8) to handle overriding of the default gateway.
The configuration file will be passed directly to wg(8)'s `setconf' sub-command, with the exception of the following additions to the Interface section, which are handled by this tool:

However, I could not see the records in the routing table (ip route / routes -n)
Edit: There was no records in the case of AllowedIPs=0.0.0.0/0 but for the same case as in my original comment:

[per@per-work ~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.168.1   0.0.0.0         UG    100    0        0 eno1
0.0.0.0         192.168.168.1   0.0.0.0         UG    1024   0        0 eno1
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
10.0.10.0       0.0.0.0         255.255.255.0   U     0      0        0 wg0
128.xx.xx.0     0.0.0.0         255.255.255.0   U     0      0        0 wg0
158.xx.xx.0    0.0.0.0         255.255.255.0   U     0      0        0 wg0
192.168.168.0   0.0.0.0         255.255.255.0   U     0      0        0 eno1
192.168.168.0   0.0.0.0         255.255.255.0   U     100    0        0 eno1
192.168.168.0   0.0.0.0         255.255.255.0   U     100    0        0 eno1
192.168.168.1   0.0.0.0         255.255.255.255 UH    1024   0        0 eno1

The configuration is identical to the configuration above (No excplicit handling of routes)

[Interface]
Address = 10.0.10.15/32
PrivateKey = <snip>
DNS=10.0.10.1

[Peer]
PublicKey = <snip>
AllowedIPs = 10.0.10.0/24, 10.0.1.0/24, 128.xx.xx.0/24, 158.xx.xx.0/24
Endpoint = xx.xx.xx.xx:5555

So to your question @yuwata . Yes I think the AllowedIPs records should be added to the route table via networkd

Thoughts?

[flokli]

I think adding routes for AllowedIPs in wg-quick is fine for the scope of this tool, adding this to networkd isn't.

networkd has the distinction between .network and .netdev, and we shouldn't start introducing .network stuff into .netdev files. Doing this might prevent or make harder some more advanced usecases.

People might want to set AllowedIPs=0.0.0.0/0, but set more specific routes in networkd, add routes into another routing table etc. etc.

I'd be inclined to say routing should be configured in .network files like it's already possible. We could add a line to the AllowedIPs description though, to make this more clear.

[perara]

Hi,
I'm not 100% sure I'm understanding what you are saying due to my limited networkd knowledge.
Do I understand correctly that you would be able to add the AllowedIPs option in .network or perhaps give a better description of HOW this should be done in networkd?

Edit: I tried setting some custom routes

[Route]
Destination=10.0.1.0/24

And while It worked for reaching these networks, it also messed up routing to external network

[flokli]

I suggest to leave networkd as it is now.

AllowedIPs should be configured in your wireguards .netdev file, as it is now (because it's a wireguard-specific filter setting)

Routes should be configured in .network. You might need a Scope=link:

wg0.netdev:

[NetDev]
Name = wg0
Kind = wireguard
Description = Wireguard

[WireGuard]
PrivateKey = <Snip>

[WireGuardPeer]
PublicKey = <Snip>
AllowedIPs=0.0.0.0/0,::/0
Endpoint = ABC.ABC.ABC.ABC:5555
PersistentKeepalive = 25

wg0.network:

[Match]
Name = wg0

[Network]
Address = 10.0.10.20/32

[Route]
Destination = 10.0.10.0/24
Scope=link

[perara]

Hi,
I've tested such configuration now for a while, and while it is likely that its configuration errors I've made, I'll address them here as its really not any documented way of doing this (yet). Surely enough the setup you sketch work for most cases. I've had an issue with two cases

Consider you are located on the network of 128.50.0.0/16
And add the route

[Route]
Destination = 128.0.0.0/8
Scope=link

Somehow, this route disrupts the network connectivity (routing) for that particular network.

Another case is if you wish to route all traffic through the wg interface, which is usually done by 0.0.0.0/0. Creating a route such as:

[Route]
Destination = 0.0.0.0/0
Scope=link

Would disrupt routing where the expected behaviour would be that everything goes fine but through the VPN.

[flokli]

Your configuration example shows 128.0.0.0/8, while the description says 128.50.0.0/16.
Please make sure you're being consistent there, and no stray routes are left in your routing tables.
That [Route] section will effectively configure your system to send all packets matching that netmask into the wireguard interface itself - so the other side needs to take care of forwarding (and masquerading) too.

Regarding routing all traffic via wireguard:
I'm not sure if there's any documentation on road-warrior setups for wireguard with networkd yet. Using another default route, while not breaking traffic to the vpn endpoint itself requires some network namespaces, VRFs or setting of Fwmark, which is a bit cumbersome to set up via networkd for the time being.

If you mostly care about road-warrior setups, going with wg-quick might be simpler.

[DemiMarie]

@flokli Another option is to add an explicit /32 or /128 to the VPN endpoint itself. That can be firewalled so that it can only be used by the superuser. That said, I strongly recommend using wg-quick unless you know what you are doing, as it also sets up firewall rules that are critical for security.

[igo95862]

You need a [RoutingPolicyRule] to make your system use the wireguard connection

Netdev can stay the same

Network

[Match]
Name = wg0

[Network]
Address = 10.0.10.20/32

[RoutingPolicyRule]
From=10.0.10.20
Table=1000
Priority=5

[Route]
Gateway=10.0.10.1
Destination=10.0.10.0/24
GatewayOnLink=true
Table=1000

This will make response over wireguard if the system was contacted on 10.0.10.20 address.

If you want all traffic to go over wireguard connection use this routing rule:

[RoutingPolicyRule]
FirewallMark=0x8888
InvertRule=true
Table=1000
Priority=10

Add to netdev file under [WireGuard] this FirewallMark=0x8888

This will make all packets that are not wireguard packets to go over wireguard interface. (since wireguard packets need to go over real network)

I think making all trafic go over wireguard by default is too much but there might be room of adding source based route by default. Otherwise your system will respond in the asymmetrical fashion by default i.e. if someone tries to open a tcp connection over wireguard (SYN) you will send a SYN-ACK over other interface from different IP address which most likely won't work.

[ghost]

You need a [RoutingPolicyRule] to make your system use the wireguard connection

Netdev can stay the same

Network

[Match]
Name = wg0

[Network]
Address = 10.0.10.20/32

[RoutingPolicyRule]
From=10.0.10.20
Table=1000
Priority=5

[Route]
Gateway=10.0.10.1
Destination=10.0.10.0/24
GatewayOnLink=true
Table=1000

This will make response over wireguard if the system was contacted on 10.0.10.20 address.

If you want all traffic to go over wireguard connection use this routing rule:

[RoutingPolicyRule]
FirewallMark=0x8888
InvertRule=true
Table=1000
Priority=10

Add to netdev file under [WireGuard] this FirewallMark=0x8888

This will make all packets that are not wireguard packets to go over wireguard interface. (since wireguard packets need to go over real network)

I think making all trafic go over wireguard by default is too much but there might be room of adding source based route by default. Otherwise your system will respond in the asymmetrical fashion by default i.e. if someone tries to open a tcp connection over wireguard (SYN) you will send a SYN-ACK over other interface from different IP address which most likely won't work.

This works perfectly, thank you for posting it. Do you happen to know how to allow traffic to the client LAN?

These are my configs now:

[NetDev]
Name=wg0
Kind=wireguard
Description=WireGuard VPN

[WireGuard]
FirewallMark=0x8888
ListenPort=51820
PrivateKey=XXX

[WireGuardPeer]
PublicKey=XXX
AllowedIPs=0.0.0.0/0
Endpoint=193.XX.XX.XX:51820

[Match]
Name=wg0

[Network]
Address=10.64.40.25/32

[RoutingPolicyRule]
FirewallMark=0x8888
InvertRule=true
Table=1000
Priority=10

[Route]
Gateway=10.64.40.1
GatewayOnLink=true
Table=1000

Routes are created fine and all the traffic goes through the VPN but I cannot get access to the LAN in any way. I've tried excluding private IPs in the AllowedIPs (grabbed them from the Android App) or creating an additional route but with no lock.

Any help would be really appreciated! Thank you :)

[igo95862]

You just need a route rule that has higher priority for your LAN.

[RoutingPolicyRule]
# Put your network prefix
To=10.0.0.0/8
# I wanted to use "main" as table but systemd-networkd does not accept that despite documentation
# might be systemd-networkd bug
Table=5000
# Priority should be lower than wireguard
Priority=3

[Route]
Destination=10.0.0.0/8
Source=10.0.0.0/8
Table=5000

Since your VPN prefix is 10.0.0.0 as well you might have some problems if your LAN is 10.0.0.0 as well. It might be mitigated with smarter routing rules but I have not investigated that.

I tested it on my end with a signgle 10.0.0.0/8 on LAN and it seems to work.

[ghost]

Thank you for this but still no luck :( sorry for my noob-ness in all of this, my LAN range is 192.168.88.0/24 so I added this to my network config:

[NetDev]
Name=wg0
Kind=wireguard
Description=WireGuard VPN

[WireGuard]
FirewallMark=0x8888
ListenPort=51820
PrivateKey=XXX

[WireGuardPeer]
PublicKey=XXX
AllowedIPs=0.0.0.0/0
Endpoint=193.XX.XX.XX:51820

[Match]
Name=wg0

[Network]
Address=10.64.40.25/32

[RoutingPolicyRule]
To=192.168.88.0/24
Table=5000
Priority=3

[RoutingPolicyRule]
FirewallMark=0x8888
InvertRule=true
Table=1000
Priority=10

[Route]
Gateway=10.64.40.1
GatewayOnLink=true
Table=1000

[Route]
Destination=192.168.88.0/24
Source=192.168.88.0/24
Table=5000 

[igo95862]

I forgot to tell that the new rule and route should be added to another .network file to the wireguard one.

lan.network

[Match]
MACAddress=de:ad:be:ef:de:ad

[Network]
DHCP=ipv4

[DHCPv4]
UseDNS=false

[RoutingPolicyRule]
To=192.168.88.0/24
Table=5000
Priority=3

[Route]
Destination=192.168.88.0/24
Source=192.168.88.0/24
Table=5000 

[igo95862]

If it does not work can you see where packets are going with wireshark. Also check if systemd-networkd successfully restarted and added rule and route. (ip rule and ip route show table 5000)

[ghost]

So now I have this config wise:

# 88-lan.network
[Match]
MACAddress=d4:3b:04:7b:XX:XX <- this is my wlan0 mac address

[Network]
DHCP=ipv4

[DHCPv4]
UseDNS=false

[RoutingPolicyRule]
To=192.168.88.0/24
Table=5000
Priority=3

[Route]
Destination=192.168.88.0/24
Source=192.168.88.0/24
Table=5000

# 99-wireguard.netdev
[NetDev]
Name=wg0
Kind=wireguard
Description=WireGuard VPN

[WireGuard]
FirewallMark=0x8888
ListenPort=51820
PrivateKey=XXX

[WireGuardPeer]
PublicKey=XXX
AllowedIPs=0.0.0.0/0
Endpoint=193.XX.XX.XX:51820

# 99-wireguard.network
[Match]
Name=wg0

[Network]
Address=10.64.40.25/32

[RoutingPolicyRule]
FirewallMark=0x8888
InvertRule=true
Table=1000
Priority=10

[Route]
Gateway=10.64.40.1
GatewayOnLink=true
Table=1000

When delete the wg0 iface via networkctl and then restart systemd-networkd I VPN comes back up, I get this error which I assume it's fairly safe:

Failed to parse RPDB rule family, ignoring: AF_INETpriority=10fwmark=34952/0

ip rule shows this:

0:	from all lookup local
0:	not from all lookup 1000
0:	from all fwmark 0x8888 lookup main
0:	from all fwmark 0x8888 lookup 1000
10:	not from all fwmark 0x8888 lookup 1000
10:	not from all lookup 1000
32766:	from all lookup main
32767:	from all lookup default

ip route show table 5000 comes back empty so I didn't get to the wireshark step as the table doesn't get created.

[igo95862]

Try rebooting. You have a lot of garbage rules. Systemd-networkd is not very good at cleaning up.

[curiousercreative]

Apologies if this is wholly unhelpful to the conversation, but I've arrived here from a netplan configuration actually. On one machine, my netplan configuration adds the routes automatically. When I copy and modify that configuration to a second machine and the routes don't get added automatically, it turns out the difference is in underlying backend. The first that adds routes automatically is NetworkManager whereas the second is networkd.

[torvic9]

Is there any update on this?

Setting up a wireguard interface with systemd-networkd is really cumbersome for people who don't have good networking knowledge.
Yes, luckily we have wg-quick or even NetworkManager as easy-to-use alternatives, but it would be nice to have an optional, similar "auto" feature in systemd-networkd as well.

[Diaoul]

I think it would be great to have a way to instruct .network to perform the routing for AllowedIPs in .netdev. I am unclear about what other features are needed to implement this.
Until this is implemented, I am playing with various options to route all traffic to wireguard, trying to understand along the way.

To route all traffic isn't it enough to specify the gateway like this?

[Route]
Gateway=10.0.11.1
GatewayOnLink=true

It seem to work for me as the route is created with metric 0:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.11.1       0.0.0.0         UG    0      0        0 wg0
0.0.0.0         192.168.0.1     0.0.0.0         UG    1024   0        0 bond0

Is there any downside of doing that instead of the higher priority table? What would be the recommended way to do the routing?

[yuwata]

Hi all! I've created PR #21553. If possible, could you test the PR? Any comments and suggestions are welcome. Thank you.

[igo95862]

To route all traffic isn't it enough to specify the gateway like this?

No. You also need a rule to prioritize Wireguard connection over non-wireguard. And that rule must exclude the Wireguard traffic it self.

[flokli]

No. You also need a rule to prioritize Wireguard connection over non-wireguard. And that rule must exclude the Wireguard traffic it self.

Only in cases where you /want/ to override the default route. There's valid reasons to just configure an AllowedIPs to a single IP (/128 or /32), or a more specific prefix than a /0. I'm still convinced things like wg-quick are more suitable for "road-warrior setups" - at least until networkd gains support for network namespaces. The rule stuff is a big hack.

[DemiMarie]

I'm still convinced things like wg-quick are more suitable for "road-warrior setups" - at least until networkd gains support for network namespaces. The rule stuff is a big hack.

ip rule is what wg-quick uses under the hood 🙂.

[flokli]

Yes, but wg-quick is also an ad-hoc-y bash script, whereas networkd aims to be a declarative way to describe your network config ;-)

I think something like this PR and #14915 would be one way to tunnel traffic via wireguard in such road-warrior setups, no?

[igo95862]

I think something like this PR and #14915 would be one way to tunnel traffic via wireguard in such road-warrior setups, no?

I believe that you will need a veth device. veth and vxcan are the only devices that can cross network namespaces because of their peer property. Simply putting wireguard in to a namespace will not work as there would be no way to route to global internet.

[igo95862]

If you want to route all traffic over Wireguard you will need a rule anyway because you need to exclude Wireguard traffic itself. (since it goes over normal network) Both wg-quick and NetworkManager do that, they just automate the process. OpenVPN needs exclusion rule too.

[flokli]

I believe that you will need a veth device. veth and vxcan are the only devices that can cross network namespaces because of their peer property. Simply putting wireguard in to a namespace will not work as there would be no way to route to global internet.
If you want to route all traffic over Wireguard you will need a rule anyway because you need to exclude Wireguard traffic itself. (since it goes over normal network) Both wg-quick and NetworkManager do that, they just automate the process. OpenVPN needs exclusion rule too.

That's not true - see https://www.wireguard.com/netns/#the-new-namespace-solution, which explains exactly that scenario.

[igo95862]

I believe that you will need a veth device. veth and vxcan are the only devices that can cross network namespaces because of their peer property. Simply putting wireguard in to a namespace will not work as there would be no way to route to global internet.
If you want to route all traffic over Wireguard you will need a rule anyway because you need to exclude Wireguard traffic itself. (since it goes over normal network) Both wg-quick and NetworkManager do that, they just automate the process. OpenVPN needs exclusion rule too.

That's not true - see https://www.wireguard.com/netns/#the-new-namespace-solution, which explains exactly that scenario.

It relies on UDP sockets being created in one namespace and then the Wireguard device being moved to another one.

There are several issues with that and simply adding Namespace= option probably will cause issues:

1. Is there any synchronization when Wireguard UDP sockets are opened and when a namespace is assigned?
2. If Namespace is assigned before UDP sockets are opened the Wireguard device will be isolated and won't be able to route anything.
3. If Namespace is assigned after UDP sockets are created when how do you create an isolated Wireguard device?
4. What if UDP socket needs to be recreated? It requires the device be moved back and forth.

[DasSkelett]

Why has this "feature" been added even though most people here were against it?

[igo95862]

Why has this "feature" been added even though most people here were against it?

Probably because some people wanted it. I don't have anything against RouteTable and RouteMetric sugar but breaking existing configurations is a bit unplesant.

Here is a thread with the issue: #21964

[mvduin]

There are several issues with that and simply adding Namespace= option probably will cause issues:

1. Is there any synchronization when Wireguard UDP sockets are opened and when a namespace is assigned?
2. If Namespace is assigned before UDP sockets are opened the Wireguard device will be isolated and won't be able to route anything.
3. If Namespace is assigned after UDP sockets are created when how do you create an isolated Wireguard device?
4. What if UDP socket needs to be recreated? It requires the device be moved back and forth.

No, that's not how any of this works. Wireguard explicitly keeps track of the namespace it was originally created in and creates its udp sockets directly in that specific namespace, not in the namespace in which the interface resides at that moment. This means that there are no race conditions.