From: Whit Blauvelt <whit@transpect.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: What are the options for stopping and starting?
Date: Mon, 4 Dec 2017 14:27:52 -0500 [thread overview]
Message-ID: <20171204192752.GB5311@black.transpect.com> (raw)
In-Reply-To: <CAHmME9oksyuGfxEAxeoSmdwaiYhLZjyVSeZc7LCCYcc3KwnRLg@mail.gmail.com>
On Mon, Dec 04, 2017 at 07:06:27PM +0100, Jason A. Donenfeld wrote:
> Sort of but not quite. You're thinking about this all wrong though and
> you're going to get into trouble. There aren't services or daemons.
Hi Jason,
Thanks for the quick, detailed answers.
While it's obvious wg-quick is a special purpose script, the precise niche
it's good for is underspecified; as is the incompatibility of the resulting
extra lines in the conf files. So if you were going to expand the docs to
avoid confusing average sysadmins like me, those would be nice things to
add.
I hope I was clear that I understand this is not about services or daemons
in userspace (although wg-quick has some daemonic properties). Yet in a way
it's normal to think of a VPN as a service, even if with WireGuard the
service is provided by the kernal rather than a user-space daemon. Yeah,
it's not the technical use of "service," but it's regular English, like
"telephone service" or "postal service."
It's natural in that metaphor of "service" to ask how to "turn it on" and
"turn it off." Okay, so "ip link set wg0 down" is the off switch; and "wg
setconf wg0 wg0.conf" is the on switch?
If so, it's just a bit unusual to have the off switch be outside of the
product (wg), while the on switch is inside it. Each command makes sense;
having them be so far apart is an unusual placement. I respect you're
adherence to KISS here. Yet an additional option like "wg setconf wg0
standby" (to set the link down while perserving the options if possible), or
"wg setconf wg0 off" (to turn it off and lose option settings) would fulfil
the user's expectation of the on switch and the off switch being found in
the same place. In a way it simplifies the interface to have features where
people most naturally look for them.
Now that I understand it, I've got no problem with it. I'm just pointing out
that for the next new user, unless the docs further explain this, the same
confusion could occur.
Best,
Whit
next prev parent reply other threads:[~2017-12-04 19:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-04 16:01 Whit Blauvelt
2017-12-04 16:14 ` Jason A. Donenfeld
2017-12-04 17:29 ` Whit Blauvelt
2017-12-04 17:31 ` Aaron Jones
2017-12-04 18:37 ` Whit Blauvelt
2017-12-04 18:49 ` Jason A. Donenfeld
2017-12-04 18:06 ` Jason A. Donenfeld
2017-12-04 19:27 ` Whit Blauvelt [this message]
2017-12-04 19:36 ` Jason A. Donenfeld
2017-12-04 17:00 ` Aaron Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171204192752.GB5311@black.transpect.com \
--to=whit@transpect.com \
--cc=Jason@zx2c4.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).