Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Anonymous Anonymous]

Nicely done! Common sense won after all.
>Notice the two =E2=80=98Address=E2=80=99 lines at the top, and that =E2=80=
=98SaveConfig=E2=80=99 is set to =E2=80=98true=E2=80=99, indicating that th=
e configuration file should be saved on shutdown using the current status o=
f the interface.
On Sun, Jan 1, 2017, at 22:57, Jason A. Donenfeld wrote:
> Hi guys,
>=20
> The re-written `wg-auto-config` script is now a part of src/tools and
> adds a few configuration variables to the configuration file format,
> to make it really easy to define VPNs with a single file. This has
> been requested by many of you, and here is, at long last, a basic
> solution.
>=20
> It's a simple bash script. It gets installed by `make install` in the
> src/tools directory, but I realize that not all distributions want
> this. For example, both NixOS and OpenWRT already have WireGuard built
> into their network management utilities, and OpenWRT doesn't even ship
> bash. So for these distributions, where it is useless, I expect for
> them to install with `WITH_WGAUTOCONFIG=3Dno make -C src/tools install`,
> in order to not install it. As WireGuard gets integrated into other
> network management utilities, such as systemd-networkd, I expect for
> this script to fade in usefulness and eventually be removed all
> together. But for now, it's quite helpful and will be useful to some
> users.
>=20
> So what is this tool? Here's the man page:
> https://git.zx2c4.com/WireGuard/about/src/tools/wg-auto-config.8
>=20
> And here's an example:
>=20
> [Interface]
> Address =3D 10.200.100.8/24
> PostUp =3D echo =E2=80=99nameserver 10.200.100.1=E2=80=99 | cmd resolvcon=
f -a $INTERFACE -m
> 0
> PostDown =3D cmd resolvconf -d $INTERFACE
> PrivateKey =3D oK56DE9Ue9zK76rAc8pBl6opph+1v36lm7cXXsQKrQM=3D
> PresharedKey =3D /UwcSPg38hW/D9Y3tcS1FOV0K1wuURMbS0sesJEP5ak=3D
>=20
> [Peer]
> PublicKey =3D GtL7fZc/bLnqZldpVofMCD6hDjrK28SsdLxevJ+qtKU=3D
> AllowedIPs =3D 0.0.0.0/0
> Endpoint =3D demo.wireguard.io:51820
>=20
> This is a normal wg(8) format, except with the addition of the
> "Address" line and the "PostUp" and "PostDown" lines. You give this to
> wg-auto-config, and everything, including routing, is taken care of
> for you. For example, save this in /etc/wireguard/wgdemo0.conf and
> then run:
>=20
> $ wg-auto-config up wgdemo0
>=20
> And voila, your VPN is running.
>=20
> Check out the man page, read the script --
> https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config -- and
> please let me know what you think before I cut the next snapshot.
>=20
> Regards,
> Jason
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Jason A. Donenfeld]

The winner was: wg-quick.

https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Jason A. Donenfeld]

On Tue, Jan 3, 2017 at 7:57 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> So, it seems like thing to do at this point would be to open this
> thread up for bike-shedding over the name. What might we call this
> tool to convey what it does?
>
> - wg-helper
> - wg-quick-setup
> - wg-ezconfig
> - wg-wrapper
> - wg+ip+magic
> - ??

Someone has suggested `wgupdown`, with the wgup -> wgupdown, wgdown ->
wgupdown symlinks, so that

   $ wgup wgdemo0

could work.

This seems elegant, though it does establish the tool with a bit too
much authority for a dinky bash script.

Opinions?
Bikesheds?

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Jason A. Donenfeld]

On Tue, Jan 3, 2017 at 7:46 AM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
> debian is unlikely to install this if it is expected to be named with a
> .bash suffix:

That's just the title in the source tree. The make file installs it as
`wg-auto-config`.

> That said, i'm not sure what you want with this.  If the ultimate goal
> is to have systemd-style .network files, you should ask for these
> changes in systemd itself.  That's likely the cleanest approach.  If you
> do this, please post a link here to the systemd github issue or pull
> request. :)

There already is a systemd-networkd pull request. I didn't write the
code for it, and it seems like it could use quite a bit of review, but
I'm pretty sure systemd-networkd .network files are going to happen.

The goal of this tool is just to have something quick&dirty for people
to use for flipping on and off their VPN. And it seems like some
people who don't use systemd-network wanted something easy they could
run from a "wireguard@.service" file.

If you have an objection to shipping this, I could just move it back
into contrib.

> (a) fork and exec ip from wg itself
> when running "wg setconf"

Not an option. wg(8) is intended to only take care of
wireguard-related things, and not overlap with ip(8). It should not be
a network management tool at all. In fact, the ultimate goal is to
fold its functionality into iproute2/ip(8).

> (b) name the wrapper something like
> /usr/bin/wg+ip

That's a decent idea for a name. But it does a _bit_ more than merely
combine the two utilities.

So, it seems like thing to do at this point would be to open this
thread up for bike-shedding over the name. What might we call this
tool to convey what it does?

- wg-helper
- wg-quick-setup
- wg-ezconfig
- wg-wrapper
- wg+ip+magic
- ??

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 1338 bytes --]

On Mon 2017-01-02 10:17:30 -0500, Jason A. Donenfeld wrote:
> On Mon, Jan 2, 2017 at 5:57 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>> Check out the man page, read the script --
>> https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config -- and
>> please let me know what you think before I cut the next snapshot.
> Renamed:
> https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config.bash

debian is unlikely to install this if it is expected to be named with a
.bash suffix:

  https://www.debian.org/doc/debian-policy/ch-files.html#s-scripts

>>> When scripts are installed into a directory in the system PATH, the
>>> script name should not include an extension such as .sh or .pl that
>>> denotes the scripting language currently used to implement it.


That said, i'm not sure what you want with this.  If the ultimate goal
is to have systemd-style .network files, you should ask for these
changes in systemd itself.  That's likely the cleanest approach.  If you
do this, please post a link here to the systemd github issue or pull
request. :)

If it's just "we want a configuration for wg, but with some common/handy
wrappers around /bin/ip", you could (a) fork and exec ip from wg itself
when running "wg setconf", or (b) name the wrapper something like
/usr/bin/wg+ip 

        --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Jason A. Donenfeld]

On Mon, Jan 2, 2017 at 5:57 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> Check out the man page, read the script --
> https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config -- and
> please let me know what you think before I cut the next snapshot.
Renamed:
https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config.bash

Re: [TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Jason A. Donenfeld]

On Mon, Jan 2, 2017 at 5:57 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> The re-written `wg-auto-config` script is now a part of src/tools and

I'm not too thrilled about the name. Any suggestions? wg-quick-config?
wg-quickndirty? wg-easy-setup? wg-hamsandwich?

Jason

[TOOL] wg-config graduates to src/tools, becomes wg-auto-config

[Jason A. Donenfeld]

Hi guys,

The re-written `wg-auto-config` script is now a part of src/tools and
adds a few configuration variables to the configuration file format,
to make it really easy to define VPNs with a single file. This has
been requested by many of you, and here is, at long last, a basic
solution.

It's a simple bash script. It gets installed by `make install` in the
src/tools directory, but I realize that not all distributions want
this. For example, both NixOS and OpenWRT already have WireGuard built
into their network management utilities, and OpenWRT doesn't even ship
bash. So for these distributions, where it is useless, I expect for
them to install with `WITH_WGAUTOCONFIG=3Dno make -C src/tools install`,
in order to not install it. As WireGuard gets integrated into other
network management utilities, such as systemd-networkd, I expect for
this script to fade in usefulness and eventually be removed all
together. But for now, it's quite helpful and will be useful to some
users.

So what is this tool? Here's the man page:
https://git.zx2c4.com/WireGuard/about/src/tools/wg-auto-config.8

And here's an example:

[Interface]
Address =3D 10.200.100.8/24
PostUp =3D echo =E2=80=99nameserver 10.200.100.1=E2=80=99 | cmd resolvconf =
-a $INTERFACE -m 0
PostDown =3D cmd resolvconf -d $INTERFACE
PrivateKey =3D oK56DE9Ue9zK76rAc8pBl6opph+1v36lm7cXXsQKrQM=3D
PresharedKey =3D /UwcSPg38hW/D9Y3tcS1FOV0K1wuURMbS0sesJEP5ak=3D

[Peer]
PublicKey =3D GtL7fZc/bLnqZldpVofMCD6hDjrK28SsdLxevJ+qtKU=3D
AllowedIPs =3D 0.0.0.0/0
Endpoint =3D demo.wireguard.io:51820

This is a normal wg(8) format, except with the addition of the
"Address" line and the "PostUp" and "PostDown" lines. You give this to
wg-auto-config, and everything, including routing, is taken care of
for you. For example, save this in /etc/wireguard/wgdemo0.conf and
then run:

$ wg-auto-config up wgdemo0

And voila, your VPN is running.

Check out the man page, read the script --
https://git.zx2c4.com/WireGuard/tree/src/tools/wg-auto-config -- and
please let me know what you think before I cut the next snapshot.

Regards,
Jason