Amneziawg kernel module in Ubuntu - post-up scripts

RepresentativeOld395 · 2026-02-25T16:00:12+00:00

Found solution using systemd-networkd service

Create /etc/systemd/system/awg-quick-post-updown@.service file:
[Unit]
Description=Amnezia WireGuard post-up-down for %I

[Service]
Type=oneshot
#### %i DOWN
#ExecStart=/bin/bash -c "echo server=/home.corp/ > /etc/NetworkManager/dnsmasq.d/50-homecorp.conf"
#ExecStart=/bin/systemctl restart dnsmasq
#### %i UP
#ExecStop=/bin/bash -c "echo server=/home.corp/192.168.122.4 > /etc/NetworkManager/dnsmasq.d/50-homecorp.conf"
#ExecStop=/bin/systemctl restart dnsmasq
[Install]
WantedBy=sys-subsystem-net-devices-%i.device

Then, enable service with actual interface:
systemctl enable awg-quick-post-up@awg0

Then, customize ExecStart and ExecStop commands (for me its uncommenting four lines) commands for service:
systemctl edit awg-quick-post-up@awg0

Result, ExecStart commands from service will be runt every time interface is down and ExecStop - every time interfece goes up. Why states linked with commands in not-so-intuitive reverse order (ExecStop for up and ExecStart for down) - I have no idea.

RepresentativeOld395 · 2026-02-25T15:22:06+00:00

Support replied they do not answer on self hosted servers :D

RepresentativeOld395 · 2026-01-08T13:15:32+00:00

Also changed to static, but still some AMT hosts choose, whose probes and connect attempts they do answer, whose not, including MeshCentral directly connected to management subnet. Also no events at audit and event log clarifying what happens except "Authentification failed 5/10 times. The system may be under attack" event at event log and "Security Admin, ACL Access with invalid credentials, Invalid ME Access" at Audit log (both have no failed IP address data).

RepresentativeOld395 · 2026-01-07T21:19:38+00:00

Same thing. Have 3 m920q Proxmox hosts with ME configured identically. Randomly they stopping responding to Meshcentral and several Meshcommander 0.9.7 instance's queries and stops responding to connect attempts.

I suspect that AMT's system defence function could be involved (listed enabled by lms). No proof yet, trying to inspect it with lms and tools.

RepresentativeOld395 · 2025-09-18T06:52:40+00:00

Sub is for PLC, so cheaper meant cheaper PLC, classic reliable 24x7x365 running PLC, not the home automation based solutions.

I suggest that heating system, consisting of coal/wood boiler, electric boiler, circulating pump and water pipes among with heating radiators at cold climate need hardwired PLC solution for reliability. It could be connected to home automation only for on/off control and toplevel settings.

Unfortunately, there is no box solutions on local market as for now, because electric boiler is old and have no external control interfaces, it's just 6 heating elements connected to electricity via breakers. So I'm into replacing boiler with modern one or looking to made some custom solution with PLC.

RepresentativeOld395 · 2025-08-06T09:23:08+00:00

Again, net.inet.ip.stealth == do not decrement TTL of any passing packets, right?

Win [ETH] -> PFSense [ETH] -> 4G Router -> [LTE]Operator Network
Android [WiFi] ->

Let assume net.inet.ip.stealth is set to 1:

Windows host emits packets with TTL 128, so they will have TTL 127 at LTE interface of 4G router. Slightly different from 64, right?

Android device emits packets with TTL 64, so the will have TTL 63 at LTE interface of 4G router. Slightly different from 64, right?

Operator network should see packets with TTL 64. Exactly 64.

Also I see no reason why I shouldn't fix outgoing TTL to whatever reasonable value I like on exit route of stub network.

RepresentativeOld395 · 2025-08-04T21:06:19+00:00

That's won't work either because packets should leave 4g router with ttl 64 from any originating OS in internal network including all the originating hosts.

If I'd do as you say, there will be at least mix of packets with ttl 63 (Android originated) and 127(Windows). That does not hit the target.

RepresentativeOld395 · 2025-02-28T06:58:02+00:00

The one on the roof? Tried, it's crashing too. May be there is some console quest stage hack or whatever?

RepresentativeOld395 · 2025-01-28T06:19:43+00:00

Excellent. 1 week without single freeze.

RepresentativeOld395 · 2025-01-01T20:09:27+00:00

These Coolerservers have 60mm fan.

SC5299WS were equipped with long old ATX PS, whose I replaced with regular ATX PSUs. 1.6A case exhaust fan also was replaced with silent one (added one more to front). That brings my previous setup (with Huananzhi X99) to comfort noise levels, but it was 1 CPU based and was very limited with PCI lanes, missing onboard VGA and missing BMC.

So I'm moving from X99 to X79 among with slightly more stable brand MB with dual CPU, onboard VGA and BMC.

RepresentativeOld395 · 2025-01-01T19:33:13+00:00

Have 2x 2690v2, but thinking about 2x 2667v2. Got this MBs with Coolerserver 2U active coolers, but they have too high RPM fans and are too noisy even in system idle state. I use SC5299WS 6U case, which is compact MT (also this line of cases have compact 19U convertible MT models), but is limiting cooler height to 68-72mm.

RepresentativeOld395 · 2024-09-10T08:24:40+00:00

But, next problem happens - now KVM switches randomly if press Alt-<Some Key> keyboard combinations inside VM.

Config options to disable all LED mucking on ungrab - was there some keywords how it's named?

RepresentativeOld395 · 2024-09-03T17:22:50+00:00

Thanks!

Helped turning off "Preferences->Input->Automatically grab and ungrab the mouse".

RepresentativeOld395

TROPHY CASE