wireguard-hosts file

wireguard-hosts file

[jens]

[-- Attachment #1: Type: text/plain, Size: 1081 bytes --]

i really would love to have a feature like wireguard-hosts file.
whereas wg command would print given "name" instead of key - so the
output would be more meaningfull
We have some wireguard running in server like infrastructure, where one
server serves dozens of "clients"

so instead of
peer: l9FxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU=
we would have something alike
peer: superhero downtown

some of you may be familar with batman-adv layer2 routing protocol,
there they also have a batctl which is working pretty similar to wg tool.
there you can add a bat-hosts file which is doing the job, which totaly
works likes any hosts file
a normal hosts file maps ip to name,
a bat-hosts file maps mac addresses to name,
a wg-hosts file would map keys to name.

i found the sources for bat-hosts ( .c .h .sample ) here
https://downloads.open-mesh.org/batman/releases/batman-adv-2019.5/batctl-2019.5.tar.gz

is this something maybe usefull to other also?
is there a chance to have this implemented by default?

thx for answers.
fuzzle

-- 
make the world nicer, please use PGP encryption

[-- Attachment #2: 0x507EB93F6F6DEE01.asc --]
[-- Type: application/pgp-keys, Size: 3122 bytes --]

[-- Attachment #3: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard-hosts file

[Elliot Saba]

[-- Attachment #1.1: Type: text/plain, Size: 2769 bytes --]

Just as a point of reference, I manually implemented my own solution for
this.  I have all my wireguard key files named as `<hostname>.pub` in a
directory, then I source the following as one of my dot files:


#!/usr/bin/env bash


# Don't do anything if `wg` doesn't exist

*if *[[ *-z* $(which wg) ]]; *then*

    *return*

*fi*


# Otherwise, load in our mapping of public keys to hostnames:

# Otherwise, load in our mapping of public keys to hostnames:

*declare* -A WG_HOST_MAP

*for* f *in* ${HOMES_PATH}/etc/secure/wireguard/*.pub; *do*

    HOST=$(basename *"*${f%.*}*"*)

    KEY=$(cat *"*$f*"*)

    WG_HOST_MAP["${KEY}"]="${HOST}"

*done*


function wg()

{

    # Do some special parsing for `wg show`

    *if *[[ *-z* "$1" ]] || [[ "$1" *==* "show" ]]; *then*

        WG_OUTPUT=$(unbuffer sudo -n $(which wg))

        *for* K *in* "${!WG_HOST_MAP[@]}"; *do*

            V="${WG_HOST_MAP["${K}"]}"

            WG_OUTPUT="${WG_OUTPUT/"${K}"/"${V}"}"

        *done*

        *echo* "${WG_OUTPUT}"

    *else*

        # Pass through to actual `wg` otherwise

        sudo -n $(which wg) "$@"

    *fi*

}

*export* -f wg



You’ll notice that it automatically calls `sudo -n` on things, and that it
requires `unbuffer`, which is usually installed alongside `expect`, so that
it can capture the output of `wg` retaining the color codes.
-E


On January 24, 2020 at 8:04:12 AM, jens (jens@viisauksena.de) wrote:

i really would love to have a feature like wireguard-hosts file.
whereas wg command would print given "name" instead of key - so the
output would be more meaningfull
We have some wireguard running in server like infrastructure, where one
server serves dozens of "clients"

so instead of
peer: l9FxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU=
we would have something alike
peer: superhero downtown

some of you may be familar with batman-adv layer2 routing protocol,
there they also have a batctl which is working pretty similar to wg tool.
there you can add a bat-hosts file which is doing the job, which totaly
works likes any hosts file
a normal hosts file maps ip to name,
a bat-hosts file maps mac addresses to name,
a wg-hosts file would map keys to name.

i found the sources for bat-hosts ( .c .h .sample ) here
https://downloads.open-mesh.org/batman/releases/batman-adv-2019.5/batctl-2019.5.tar.gz

is this something maybe usefull to other also?
is there a chance to have this implemented by default?

thx for answers.
fuzzle

-- 
make the world nicer, please use PGP encryption
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

[-- Attachment #1.2: Type: text/html, Size: 24255 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard-hosts file

[Inrin]

Maybe instead of an external file, why not add an option like Alias/Nick/Displayname/Peername?
This would have the benefit of keeping the public key in display.

For the get going you might use (GNU) sed or similar to achieve this feature.
Create a file peernames as follows:

   s|<BASE64>|my nice peername|
   s|<BASE64>|my other peername|

and pipe wg through sed:
   wg | sed -f peernames

Of course you can get more creative. Maybe keep the public key there.
I'm not sure how to keep the colouring though.

PS:
I'm not sure if BSDs or others SED support changing / in substitutions.

On Fri, Jan 24, 2020 at 05:01:49PM +0100, jens wrote:
>i really would love to have a feature like wireguard-hosts file.
>whereas wg command would print given "name" instead of key - so the
>output would be more meaningfull
>We have some wireguard running in server like infrastructure, where one
>server serves dozens of "clients"
>
>so instead of
>peer: l9FxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU=
>we would have something alike
>peer: superhero downtown
>
>some of you may be familar with batman-adv layer2 routing protocol,
>there they also have a batctl which is working pretty similar to wg tool.
>there you can add a bat-hosts file which is doing the job, which totaly
>works likes any hosts file
>a normal hosts file maps ip to name,
>a bat-hosts file maps mac addresses to name,
>a wg-hosts file would map keys to name.
>
>i found the sources for bat-hosts ( .c .h .sample ) here
>https://downloads.open-mesh.org/batman/releases/batman-adv-2019.5/batctl-2019.5.tar.gz
>
>is this something maybe usefull to other also?
>is there a chance to have this implemented by default?
>
>thx for answers.
>fuzzle
>
>--
>make the world nicer, please use PGP encryption


>_______________________________________________
>WireGuard mailing list
>WireGuard@lists.zx2c4.com
>https://lists.zx2c4.com/mailman/listinfo/wireguard

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard-hosts file

[Steven Honson]

[-- Attachment #1.1: Type: text/plain, Size: 1999 bytes --]

Hi!

There was some work underway a while back for something along these lines in https://git.zx2c4.com/wireguard-monolithic-historical/commit/?h=lr/peer-names&id=f50ef1676fe5861c9071910d2caf64593a28d837, <https://git.zx2c4.com/wireguard-monolithic-historical/log/?h=lr/peer-names> but unfortunately that work stalled out.

There are a few workarounds/alternatives out there such as https://github.com/warner/wireguard-vanity-address, which will help you generate keypairs with a short defined string in the public key, but this isn't likely to be workable for a large number of peers.

Cheers,
Steven

On Sat, 25 Jan 2020, at 3:01 AM, jens wrote:
> i really would love to have a feature like wireguard-hosts file.
> whereas wg command would print given "name" instead of key - so the
> output would be more meaningfull
> We have some wireguard running in server like infrastructure, where one
> server serves dozens of "clients"
> 
> so instead of
> peer: l9FxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU=
> we would have something alike
> peer: superhero downtown
> 
> some of you may be familar with batman-adv layer2 routing protocol,
> there they also have a batctl which is working pretty similar to wg tool.
> there you can add a bat-hosts file which is doing the job, which totaly
> works likes any hosts file
> a normal hosts file maps ip to name,
> a bat-hosts file maps mac addresses to name,
> a wg-hosts file would map keys to name.
> 
> i found the sources for bat-hosts ( .c .h .sample ) here
> https://downloads.open-mesh.org/batman/releases/batman-adv-2019.5/batctl-2019.5.tar.gz
> 
> is this something maybe usefull to other also?
> is there a chance to have this implemented by default?
> 
> thx for answers.
> fuzzle
> 
> -- 
> make the world nicer, please use PGP encryption
> 
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
> 
> 
> *Attachments:*
>  * 0x507EB93F6F6DEE01.asc

[-- Attachment #1.2: Type: text/html, Size: 3034 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard-hosts file

[Barry Scott]

> On 24 Jan 2020, at 16:01, jens <jens@viisauksena.de> wrote:
> 
> i really would love to have a feature like wireguard-hosts file.
> whereas wg command would print given "name" instead of key - so the
> output would be more meaningfull
> We have some wireguard running in server like infrastructure, where one
> server serves dozens of "clients"
> 
> so instead of
> peer: l9FxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU=
> we would have something alike
> peer: superhero downtown
> 
> some of you may be familar with batman-adv layer2 routing protocol,
> there they also have a batctl which is working pretty similar to wg tool.
> there you can add a bat-hosts file which is doing the job, which totaly
> works likes any hosts file
> a normal hosts file maps ip to name,
> a bat-hosts file maps mac addresses to name,
> a wg-hosts file would map keys to name.
> 
> i found the sources for bat-hosts ( .c .h .sample ) here
> https://downloads.open-mesh.org/batman/releases/batman-adv-2019.5/batctl-2019.5.tar.gz
> 
> is this something maybe usefull to other also?
> is there a chance to have this implemented by default?

I thought about this problem as well. I was thinking along the lines
of having a user-defined string field that could be used as the
friendly client name instead of the client public key.

But since I concluded that I needed my own tooling on top of
what wireguard provides at the server end. At that point
I can replace the wg command with my own that does what
I want.

I use the client public key as the key into my client database.

I have a python script that added clients to the database,
generates a new server wg0.conf and a wg0.conf for each client.
It takes care of allocating the next free IP address in the VPN pool
for example.

Another python script takes the output of "wg show wg0 dump" and
the database to create a status output that uses the client names.

Barry



> 
> thx for answers.
> fuzzle
> 
> -- 
> make the world nicer, please use PGP encryption
> <0x507EB93F6F6DEE01.asc>_______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: wireguard-hosts file

[Kai Haberzettl]

[-- Attachment #1.1: Type: text/plain, Size: 1585 bytes --]

Maybe an Alternative would be simpler to implement: Make wg output all
comment lines of the corresponding [peer] section from the .conf file in
addition to what it already lists. That would serve the same purpose, I
think.

On Fri, Jan 24, 2020 at 5:07 PM jens <jens@viisauksena.de> wrote:

> i really would love to have a feature like wireguard-hosts file.
> whereas wg command would print given "name" instead of key - so the
> output would be more meaningfull
> We have some wireguard running in server like infrastructure, where one
> server serves dozens of "clients"
>
> so instead of
> peer: l9FxaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaU=
> we would have something alike
> peer: superhero downtown
>
> some of you may be familar with batman-adv layer2 routing protocol,
> there they also have a batctl which is working pretty similar to wg tool.
> there you can add a bat-hosts file which is doing the job, which totaly
> works likes any hosts file
> a normal hosts file maps ip to name,
> a bat-hosts file maps mac addresses to name,
> a wg-hosts file would map keys to name.
>
> i found the sources for bat-hosts ( .c .h .sample ) here
>
> https://downloads.open-mesh.org/batman/releases/batman-adv-2019.5/batctl-2019.5.tar.gz
>
> is this something maybe usefull to other also?
> is there a chance to have this implemented by default?
>
> thx for answers.
> fuzzle
>
> --
> make the world nicer, please use PGP encryption
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #1.2: Type: text/html, Size: 2307 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard