This causes wg-quick up to wait for the monitor to exit before it exits,
so that launchd can correctly wait on it.
Reported-by: Cameron Palmer <cameron@promon.no>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
`wg-quick strip` prints the config file to stdout after stripping it of
all wg-quick-specific options.
This enables tricks such as `wg addconf $DEV <(wg-quick strip $DEV)`.
Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The commit 7c833642 ("wg-quick: freebsd: allow loopback to work") was
supposed to make things better, but actually it just started sending
legitimate localhost traffic over the WireGuard interface, which is
really quite bad.
This reverts commit 7c833642dfa342218602ab18e7091e86408d2982.
Reported-by: Matt Smith <matt.xtaz@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This avoids another ip(8) invocation for little benefit.
Confirmed to work with iproute2 and busybox.
Signed-off-by: Aaron Jones <aaronmdjones@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The kernel has very specific rules correlating file type with comment
type, and also SPDX identifiers can't be merged with other comments.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The only things wg-quick(8) needs from Homebrew are bash(1) and wg(8).
Other than that, it's explicitly coded against the native system
utilities. Since wg-quick(8) and bash(1) are invoked in auto_su by their
full absolute path (via $SELF and $BASH, respectively), we can simply
set the $PATH to be prefixed by the default system binary paths. This
way, if users install tools that conflict with system tools -- such as
GNU coreutils -- we won't accidently call those.
Reported-by: Deirdre Connolly <durumcrustulum@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
It's unclear why it was like this in the first place, but it apparently
broke certain IPv6 setups.
Reported-by: Jonas Blahut <j@die-blahuts.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
`ndc users add` eventually invokes SOCK_DESTROY on user sockets, causing
them to reconnect. By delaying this until after routes are set, we
ensure that the sockets reconnect using the tunnel, rather than the old
route.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This works around a race condition in macOS's network daemons, while
also adding one in the form of possibly calling kill -ALRM on a stale
PID; unfortunately bash can't wait from a trap.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This knob might disappear at some point, and we don't want to encourage
its use, so it's not being documented, but this should help with
development of new implementations.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
For properly configured Homebrew installations /usr/local/bin should be
before /bin, so this should still work. This allows the script to be
used in more than one setting.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Jason A. Donenfeld
Luis Ressel
Aaron Jones