From: Adrian Sevcenco <adrian.sev@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: wg usage :: questions/proposals
Date: Mon, 27 Nov 2017 13:40:55 +0200 [thread overview]
Message-ID: <4d6cd46f-dca8-7b9c-4c22-b5062244093e@gmail.com> (raw)
Hi! I started yesterday to use Wireguard and in about 1h i already had
in place about a dozen of tunnels .. so, yeah, this project is at this
level of awesomeness ..
Following the usage patterns i encountered some steps that i think that
can be simplified :
#####
1. it would be useful if wg could use the ip command and take (and save)
device information with showconf .. something like :
[Device]
NAME=wg0
IP_CIDR=some_ip/netmask
..
any pairs of options belonging to "ip link add"
..
OPTARGS="string to be used with ip link add"
and wg could parse this section and run
ip link add dev NAME <pairs_of_options> OPTARGS type wireguard
ip address add dev NAME IP_CIDR
Aditionaly maybe would be useful an
[Device_Options]
options of "ip link set"
.......
OPTARGS="string to be used with ip link set"
and similar run
ip link set NAME <pairs_of_options> OPTARGS
after parsing of Device sections wg would run
ip link set up dev NAME
if NAME exists setconf would throw "Device already setup" but with some
"force" option like "wg -f setconf" it would delete the found device and
proceed with the configuration
#####
2. maybe the keys format could be something like :
key ; ip:port(mandatory) ; hostname (optional)
this way one could do for the server case :
wg set ${DEV} private-key ${PRIV_KEY}
without listen-port
for the client case :
wg set ${DEV} private-key CLIENT_PRIV_KEY_FILE peer SERVER_PUB_KEY_FILE
allowed-ips 0.0.0.0/0 persistent-keepalive 25
where endpoint information is taken from the server public key file
and for the additions of the peers :
wg set ${DEV} peer PEER_PUB_KEY_FILE
where allowed-ips is taken from the file
#####
3. is allowed-ips only an ip? could be a network?
for cases where the client is taking the ip from dhcp and the network is
known and the tunnel stays even if the ip changes ..
Thank you very much for your great work!!
Adrian
reply other threads:[~2017-11-27 11:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4d6cd46f-dca8-7b9c-4c22-b5062244093e@gmail.com \
--to=adrian.sev@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).