On Thu, Oct 26, 2017 at 12:43 AM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > The hatchet works as follows. On interface addition: > > # echo nameserver 1.2.3.4 > /etc/resolv.conf.wg-quick.wg0 > # [ -f /etc/resolv.conf ] || touch /etc/resolv.conf > # mount -o ro --bind /etc/resolv.conf.wg-quick.wg0 /etc/resolv.conf > # unlink /etc/resolv.conf.wg-quick.wg0 > > On interface removal: > > # umount /etc/resolv.conf > O, I love it! (didn't know you can --bind mount to a file, BTW)
I am sure someone will scream along the way, so jut document it and put a short notice in a comment inside /etc/resolv.conf as to what is going on. And make it optional for people who (pretend to) have control over their systems. And can you briefly remind me why do you need to bother with the resolv settings? May be this is only valid for "use-only-VPN", e.g. laptop in China? > Can anybody think of any potential issues with this? > * See if there is another mount, before doing it, i.e. check for the hatchet before using it? * Not sure anyone will hit the corner case of needing to umount /etc while wireguard is running, but who knows. Cheers, Kalin. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard
