Menu
▾
▴
Re: [leaf-user] Can openresolv.lrp be added to Bering-uClibc to provide resolvconf for wireguard
|
From: LEAF <le...@pa...> - 2026-03-31 12:45:06
|
Hi Erich,
Quick update on today's play
On 31/03/2026 9:53 pm, Erich Titl wrote:
>
> modprobe will not do this. I _believe_ most of the modules are loaded
> when you start shorewall, which itself calls
> mount_modules/umount_modules to make the modules available.
>
I found if I modify the /etc/init.d/wireguard start function from:
$WG_QUICK up $INTERFACE
to:
/usr/sbin/mount_modules
$WG_QUICK up $INTERFACE
/usr/sbin/umount_modules
All the module names I had to add to /etc/modules for wireguard can go
away. As long as you don't run wg-quick directly on the first start and
always use the init.d script for this. If /etc/default/wireguard has
start set to Yes, this will just happen and load all the needed
wireguard modules.
Of course I needed to add /etc/init.d/wireguard in the local files list
so the changes get saved to configdb.lrp so they survive a reboot.
Maybe this change can be made to wireguard.lrp going forward by the LEAF
developers so this isn't necessary for others to do in the future.
> I _guess_ in the "standard" set up LEAF is using shorewall as its
> iptables set_up utility. If your installation does not use this you
> may have to install the kernel modules yourself. Your method to add it
> to etc/modules might be inconvenient but most intuitive.
>
I'm using shorewall as well to handle the masquerading / SNAT of the
traffic from Mint VM through the router VM to the VPN link. Though I
haven't got that working yet. All traffic from the router VM to the VPN
link dies when shorewall is started, so I don't have something setup
right. But I did discover I have to use init.d scripts to start
shorewall in the first instance so the modules that shorewall needs get
loaded after a reboot instead of using "shorewall start" directly.
>
> Look above, I somehow guessed it. I believe once you have shorewall up
> and running your troubles will just disappear.
>
Except you need the wireguard link created before shorewall can use it
as far as I know. I'm not creating it via the interfaces file, so it
doesn't exist until wg-quick creates it.
After all this, it would still be nice to have an openresolv.lrp so
future users don't have to make all the same discoveries and back them
up to configdb.lrp
Thanks,
Mark
|
