-2. Because assigned interfaces become a system dependency, this package includes several (clever) tricks to allow the system to be upgraded and rebooted with WireGuard tunnels assigned to pfSense interfaces (e.g. LAN, OPT#, etc...). There are now two `<earlyshellcmds>` that are installed. One is a bootstrapper and one is a reloader. The bootstrapper [here](https://github.com/theonemcdonald/pfSense-pkg-WireGuard/blob/main/src/files/usr/local/pkg/wireguard/etc/rc.bootstrap_wireguard) always runs first and is written to disk by the package internals instead of by `pkg(7)`. This means that this script will remain on your system by default even if the WireGuard package is uninstalled. There will be a configuration setting to change this behavior soon. This bootstrapper protects the system from interface mismatches on startup caused by WireGuard tunnels not being built (even though they are assigned) because the package is being updated or was removed for some reason. This is accomplishd by temporarily creating loopback interfaces of the same names, thus allowing the system to boot. However, if the WireGuard package is installed, the reloader [here](https://github.com/theonemcdonald/pfSense-pkg-WireGuard/blob/main/src/files/usr/local/etc/rc.reload_wireguard) will destroy these temporary loopbacks and replace them with true `wg(8)` tunnels early on system startup.
0 commit comments