network: wireguard: do not add routes to AllowedIPs= by default

As setting such routes may break existing setups.

Closes #21964.

diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index 7d5c0ac7299adddc9f0d78caf15300be57ef2356..051c45c74852450c14e268c1656c469bf95e88d0 100644 (file)
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -1581,7 +1581,7 @@
           <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
           or a number in the range 1…4294967295. When <literal>off</literal> the routes to the
           addresses specified in the <varname>AllowedIPs=</varname> setting will not be configured.
-          Defaults to <literal>main</literal>. This setting will be ignored when the same setting is
+          Defaults to <literal>off</literal>. This setting will be ignored when the same setting is
           specified in the [WireGuardPeer] section.</para>
         </listitem>
       </varlistentry>

diff --git a/src/network/netdev/wireguard.c b/src/network/netdev/wireguard.c
index af91dc625761281bfb8e178401a21da15b9c16ee..2b26a92f5d9f235757b149c86abf4e7beb2b18be 100644 (file)
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@@ -895,13 +895,8 @@ int config_parse_wireguard_route_table(
         assert(data);
         assert(userdata);
 
-        if (isempty(rvalue)) {
-                *table = RT_TABLE_MAIN;
-                return 0;
-        }
-
-        if (streq(rvalue, "off")) {
-                *table = 0;
+        if (isempty(rvalue) || streq(rvalue, "off")) {
+                *table = 0; /* Disabled. */
                 return 0;
         }
 
@@ -1061,7 +1056,6 @@ static void wireguard_init(NetDev *netdev) {
         assert(w);
 
         w->flags = WGDEVICE_F_REPLACE_PEERS;
-        w->route_table = RT_TABLE_MAIN;
 }
 
 static void wireguard_done(NetDev *netdev) {