tunspace: bring interfaces up later to prevent log spam

Bird, OLSR and Babel spam syslog if the wireguard interface doesn't
have its private key configured yet. Prevent this by bringing the
interface up later, once it's fully configured.

    Socket error on ts_wg0: Required key not available

Author: pktpls

packages/tunspace/tunspace.uc

@@ -171,13 +171,10 @@ function create_wg_interface(nsid, ifname, ifcfg, netns) {
     return false;
   }
 
-  // set mtu and bring the interface up
+  // set mtu. interface will be brought up later when it's fully configured.
   if (0 != shell_command("ip link set "+ifname+" mtu "+ifcfg.mtu)) {
     return false;
   }
-  if (0 != shell_command("ip link set up "+ifname)) {
-    return false;
-  }
 
   // configure wireguard
   wg_request(wg.const.WG_CMD_SET_DEVICE, wg.const.NLM_F_REQUEST, {
@@ -232,6 +229,11 @@ function wg_replace_endpoint(ifname, cfg, next) {
   let srvcfg = cfg.wireguard_servers[next];
   let certopt = srvcfg.insecure_cert ? "--no-check-certificate" : "";
 
+  // bring interface down to prevent OLSR and Babel from spamming syslog.
+  if (0 != shell_command("ip link set down "+ifname)) {
+    return false;
+  }
+
   // generate a fresh private key
   let randfd = fs.open("/dev/random");
   let privkey = randfd.read(32);
@@ -347,6 +349,12 @@ function wg_replace_endpoint(ifname, cfg, next) {
     log("WG_CMD_SET_DEVICE failed: "+err);
     return false;
   }
+
+  // bring interface up, it's fully configured now
+  if (0 != shell_command("ip link set up "+ifname)) {
+    return false;
+  }
+
   return true;
 }