Hacker News new | past | comments | ask | show | jobs | submit login

Is there a way with wireguard to replicate the "push routes from the server" feature of OpenVPN? I would really like to switch but I cannot find a way to replicate that

WireGuard’s philosophy seems to follow the unix “do one thing and do it well”. So for dynamic routing, 2FA, config management etc you are expected to use other tools for that. Ie for dynamic routing you should be running BGP or OSPF over the tunnel.

I don’t particularly like this approach, definitely prefer how OpenVPN handles both routing updates (subnet push) and 2FA, despite its other flaws (slower, especially).

it should be noted that anything that relies on non unicast packets being routed is not possible.

Wg-quick from the same project as Wireguard supports pre/post-up/down Hooks. You should be able to very easily write a post-up hook that read the rules from the server and a pre-down one that delete them.

Since your are connected to the server using Wireguard, you don't need to check its identity you can just open the correct port, read the rules and apply them, a simple Python or Perl script should be able to do what you want.

mmmh I can explore this idea, thanks for the tip!

I'm working on this to add TOTP support, I will publish it when it's ready, you may be able to reuse some parts of the implementation.

Algo VPN scripts (Wireguard where it can be) does this.

But Algo is too much opinionated for my use case, or at least looks like by reading its docs. Plus, the VPN I need to replace is not "for personal use".

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact