'wg syncconf' and interface addresses

'wg syncconf' and interface addresses

[David Steinn Geirsson]

Hi,

In the wg(8) man page, under the section CONFIGURATION FILE FORMAT, is a list of allowed keys in the config. For the Interface section, it lists the valid keys as PrivateKey, ListenPort and FwMark. However, wireguard configuration files commonly have an Address key in there as well, and it is used by wg-quick to configure the wg interface IP address.

The problem is that such a configuration will fail when used with the wg tool. For instance, it is not possible to use 'wg syncconf' with it, as it will complain about an invalid configuration.

Is Address a valid key for WireGuard configuration, and if so should the wg tool not parse and apply those changes as well?

We are hitting this issue as we have a WireGuard server on FreeBSD. I'm trying to extend the FreeBSD package rc script to support graceful reload, and ended up having to remove the Address key from the configuration and configuring the IP address as part of the rc.d script. But I would prefer if 'wg syncconf' could handle that as well.

Best regards,
Davíð

Re: 'wg syncconf' and interface addresses

[Luis Ressel]

On Tue, Mar 17, 2020 at 04:13:34PM +0000, David Steinn Geirsson wrote:
> Is Address a valid key for WireGuard configuration, and if so should the wg tool not parse and apply those changes as well?

The wg-quick script uses an extension of the wg config file format, with
config keys such as Address which aren't recognized by wg.

If you wish to use a config file with both wg-quick and wg, you can use
the "wg-quick strip" verb to remove wg-quick options from the config
file. In some shells such as bash, this can be done quite comfortably:
$ wg syncconf wg0 <(wg-quick strip wg0)

Cheers,
Luis

Re: 'wg syncconf' and interface addresses

[David Steinn Geirsson]

----- Original Message -----
> From: "Luis Ressel" <aranea@aixah.de>
> To: "David Steinn Geirsson" <david@isnic.is>
> Cc: "wireguard" <wireguard@lists.zx2c4.com>
> Sent: Tuesday, March 17, 2020 6:34:59 PM
> Subject: Re: 'wg syncconf' and interface addresses

> On Tue, Mar 17, 2020 at 04:13:34PM +0000, David Steinn Geirsson wrote:
>> Is Address a valid key for WireGuard configuration, and if so should the wg tool
>> not parse and apply those changes as well?
> 
> The wg-quick script uses an extension of the wg config file format, with
> config keys such as Address which aren't recognized by wg.
> 
> If you wish to use a config file with both wg-quick and wg, you can use
> the "wg-quick strip" verb to remove wg-quick options from the config
> file. In some shells such as bash, this can be done quite comfortably:
> $ wg syncconf wg0 <(wg-quick strip wg0)

Thanks, I did not know about 'wg-quick strip'. I was thinking of some sed tricks
to remove these keys but that's much better.

> 
> Cheers,
> Luis