* [PATCH] make conffile a bit more useful
@ 2021-01-18 10:08 Michael Tokarev
0 siblings, 0 replies; only message in thread
From: Michael Tokarev @ 2021-01-18 10:08 UTC (permalink / raw)
To: wireguard
Hi! This is my first submission after using wireguard and facing
a few trivial issues which makes using it a bit more clumsy than
necessary.
Following are 2 simple patches.
First one makes wg tool to be able to read the keys specified in
the config file as files, not as inline keys. This way we can
specify either
PrivateKey = 12345= (inline)
or
PrivateKey = /etc/wireguard/iface.key (referring to ext. file)
This is useful because this way whole configuration file becomes
not as much security sensitive as it is now and can be made readable.
This, in turn, is useful when you want to see which key correspond
to which peer, for example, by reading comments in the [Peer] sections
(more about this later).
For now I made the code so it recognizes a filename in PrivateKey
option (and PresharedKey too) by looking at the value - if it
startw with slash and does not "look" like a base64 string it
is treated as a filename. An alternative is to use a separarte
options, such as PrivateKeyFile and PresharedKeyFile.
The second change is the most useful for me. It allows to use a
wg-quick config file by the wg tool directly. This is useful if
one want to quickly reload configuration after a change - this
does not always need to bounce interface. wg will recognize the
configuration commands used by wg-quick and just ignore them.
There's one more thing which I found useful but is currently missing.
It'd be useful if wg can name peers in its output, in addition to
using their (public) keys. Currently when I look at wg output I
see many keys and "allowed IPs", but in order to determine which
peer it is I have to lookup the key in the config file and read
my comments in the corresponding [Peer] section. It'd be nice to
have wg print a Name for the peer automatically. This requies adding
one more command to the config file and to the command line, and
maybe having the interface in the kernel to keep the name together
with the other Peer attributes (this obviously requires changing
the kernel interface), or to have wg to find the Name in the config
file (which it does not know about when invoked without arguments).
I'd go for the kernel option.
Thanks,
/mjt
config.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-01-21 13:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-18 10:08 [PATCH] make conffile a bit more useful Michael Tokarev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).