From: Michael Tokarev <mjt@tls.msk.ru>
To: wireguard@lists.zx2c4.com
Subject: [PATCH] make conffile a bit more useful
Date: Mon, 18 Jan 2021 13:08:00 +0300 [thread overview]
Message-ID: <20210118100802.8568-1-mjt@msgid.tls.msk.ru> (raw)
Hi! This is my first submission after using wireguard and facing
a few trivial issues which makes using it a bit more clumsy than
necessary.
Following are 2 simple patches.
First one makes wg tool to be able to read the keys specified in
the config file as files, not as inline keys. This way we can
specify either
PrivateKey = 12345= (inline)
or
PrivateKey = /etc/wireguard/iface.key (referring to ext. file)
This is useful because this way whole configuration file becomes
not as much security sensitive as it is now and can be made readable.
This, in turn, is useful when you want to see which key correspond
to which peer, for example, by reading comments in the [Peer] sections
(more about this later).
For now I made the code so it recognizes a filename in PrivateKey
option (and PresharedKey too) by looking at the value - if it
startw with slash and does not "look" like a base64 string it
is treated as a filename. An alternative is to use a separarte
options, such as PrivateKeyFile and PresharedKeyFile.
The second change is the most useful for me. It allows to use a
wg-quick config file by the wg tool directly. This is useful if
one want to quickly reload configuration after a change - this
does not always need to bounce interface. wg will recognize the
configuration commands used by wg-quick and just ignore them.
There's one more thing which I found useful but is currently missing.
It'd be useful if wg can name peers in its output, in addition to
using their (public) keys. Currently when I look at wg output I
see many keys and "allowed IPs", but in order to determine which
peer it is I have to lookup the key in the config file and read
my comments in the corresponding [Peer] section. It'd be nice to
have wg print a Name for the peer automatically. This requies adding
one more command to the config file and to the command line, and
maybe having the interface in the kernel to keep the name together
with the other Peer attributes (this obviously requires changing
the kernel interface), or to have wg to find the Name in the config
file (which it does not know about when invoked without arguments).
I'd go for the kernel option.
Thanks,
/mjt
config.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
reply other threads:[~2021-01-21 13:44 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210118100802.8568-1-mjt@msgid.tls.msk.ru \
--to=mjt@tls.msk.ru \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).