support for Pre/Post Up/Down scripts

[fs111]

First of all great project!

I am wondering if there is an interest in supporting Pre/Post Up/Down scripts. I have implemented something similar in another wireguard management project here: naggie/dsnet@e782db3

wg-access-server is already doing the iptables setup yet there is still a case where that could be useful. I am using a PostUp command to add additional routes on the wireguard interface and would like to do that with wg-access-server too. There are probably other use-cases. LMK if that is a desired feature and I will send a PR.

[T0biii]

Sounds good to me. @DasSkelett @GoliathLabs
i think PRs are always welcome

[DasSkelett]

What additional routes would you like to add? If you want to route additional prefixes to the clients, that would require adding them to AllowedIPs for those as well, which is not possible with wg-access-server, and most likely won't be implemented because it is primarily intended for a simple road-warrior setup.

[fs111]

@DasSkelett one of the peers is a raspberry pi on my home network that acts as a router. I am pushing a route to that network via its wireguard IP, so that I can reach devices on my network that do not support wireguard

[DasSkelett]

While I'm not sure whether your described setup would work like this, it looks like there is indeed some demand for arbitrary code execution on interface up/down.
So we'd very much welcome a PR, thanks!

[DasSkelett]

It will need a permission check of the config file, the application should at least block the execution of the custom commands if it is not owned by root:root and others have write access; and the options should probably not be settable through env bars (would be ugly anyway).