howto/wireguard.md
... ...
@@ -90,16 +90,16 @@ The script makes some changes that are not valid when used for DN42 tunnels, and
90 90
91 91
- **Warning: a common pattern for DN42 tunnels is to use `AllowedIPs = 0.0.0.0/0` or `AllowedIPs = ::/0` then use firewall rules to limit source and destination addresses. If you do not add 'Table = off' this could cause you to route clearnet traffic via your peer and potentially lose connectivity to your node!**
92 92
93
-- It is common in DN42 to use Point-to-Point addressing schemes on tunnel interfaces (that is, using IPv4/32 and IPv6/128 addresses); this is not supported by wg-quick. To configure PTP addresses you must add a '_PostUp_' statement that first removes the addresses that wg-quick has configured and then re-add them. On Linux, this will typically be done using `ip` from `iproute2`.
93
+- It is common in DN42 to use Point-to-Point addressing schemes on tunnel interfaces (that is, using IPv4/32 and IPv6/128 addresses); this is not supported by wg-quick. To configure PTP addresses you must add a '_PostUp_' statement. On Linux, this will typically be done using `ip` from `iproute2`.
94 94
95 95
An example wg-quick script that incorporates the above two workarounds is below, where `<MyIPv[46]>` are the DN42 IP addresses of your node and `<PeerIPv[46]>` are the IP addresses for your peer.
96 96
97 97
```
98 98
[Interface]
99 99
PrivateKey = <your private key>
100
-Address = <MyIPv4>/32, <MyIPv6>/128
101
-PostUp = /sbin/ip addr del dev wg0 <MyIPv4>/32 && /sbin/ip addr add dev wg0 <MyIPv4>/32 peer <PeerIPv4>/32
102
-PostUp = /sbin/ip addr del dev wg0 <MyIPv6>/128 && /sbin/ip addr add dev wg0 <MyIPv6>/128 peer <PeerIPv6>/128
100
+Address = <your link-local address, if any>
101
+PostUp = /sbin/ip addr add dev wg0 <MyIPv4>/32 peer <PeerIPv4>/32
102
+PostUp = /sbin/ip addr add dev wg0 <MyIPv6>/128 peer <PeerIPv6>/128
103 103
Table = off
104 104
105 105
[Peer]