Use custom_config variable to verify custom config is specified rather than only looking in commandline. #135

vulpyne · 2022-02-05T14:34:51Z

Note: I made this change without really understanding the rest of the code or testing with non-custom providers. It compiles appears to work in this case. It seems like the simple/obvious solution but I'm not 100% sure it's correct. Please review before merging.

Closes #134

…r than only looking in commandline.

jamesmcm · 2022-02-05T14:50:41Z

Thanks, this also made me realise we might want to add the open ports and port forwarding to the config file too.

vulpyne · 2022-02-05T14:58:52Z

@jamesmcm

Thanks, this also made me realise we might want to add the open ports and port forwarding to the config file too.

Glad to help! The port stuff is not something I'd need at the moment personally, but I'm sure it would be useful.

I'm not sure if I should just create issues for this instead but a couple other things I noticed:

vopono requires DNS to be set in the Wireguard config even though Wireguard itself doesn't.
vopono seems hardcoded to just route all traffic over the VPN and if the Wireguard config is set up with AllowedIPs to only route some stuff it won't work correctly. This is also not documented as far as I can see.

Unfortunately, I don't currently have the time to dig into fixing those issues myself. The second one doesn't really affect me negatively once I realized what was going on.

jamesmcm · 2022-02-05T15:01:54Z

Thanks, the first one should be manageable - we can just set it to 8.8.8.8 (or user provided --dns ) if missing for example, like with OpenVPN (though there it also checks for the server response).

The second is trickier as it's harder to know what it should do, especially since the killswitch is intended to block all other traffic from getting out of the network namespace.

vulpyne · 2022-02-05T15:07:07Z

The first one isn't too much of a problem, since the fix is obvious (even with no changes to vopono). The handling you mentioned is definitely more ergonomic though!

For the AllowedIPs thing I think just adding a little documentation and showing a warning if the WireGuard config isn't set to handle all traffic would be all that's really needed. The biggest issue with it is that the behavior is unexpected and the reason it doesn't work in that case may not be obvious (especially for a non-technical user.)

StructOpt is removed as a dependency Also make DNS setting in Wireguard config optional And added note regarding AllowedIPs in Wireguard config needing to allow all IPs as discussed in PR #135

Use custom_config variable to verify custom config is specified rathe…

86c1b1b

…r than only looking in commandline.

jamesmcm merged commit a4b436b into jamesmcm:master Feb 5, 2022

jamesmcm added a commit that referenced this pull request Feb 12, 2022

Switch to Clap v3

982b2bb

StructOpt is removed as a dependency Also make DNS setting in Wireguard config optional And added note regarding AllowedIPs in Wireguard config needing to allow all IPs as discussed in PR #135

jamesmcm mentioned this pull request Feb 12, 2022

Switch to Clap v3 #136

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Use custom_config variable to verify custom config is specified rather than only looking in commandline. #135

Use custom_config variable to verify custom config is specified rather than only looking in commandline. #135

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Use custom_config variable to verify custom config is specified rather than only looking in commandline. #135

Use custom_config variable to verify custom config is specified rather than only looking in commandline. #135

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!