Re: remove peer endpoint

From: em12345 <em12345@web.de>
To: wireguard@lists.zx2c4.com
Subject: Re: remove peer endpoint
Date: Mon, 30 Dec 2019 11:13:02 +0100	[thread overview]
Message-ID: <b01381cb-dd21-10fe-8223-19bbcf9fcca8@web.de> (raw)
In-Reply-To: <CAHmME9q=L1kyxSu8KBVMkZx6-A77RaAeCtXeOaYQbXGDho-Ujg@mail.gmail.com>

Hi,

in my case the reason is not exactly being able to remove the endpoint,
but rather being able to setup a peer without endpoint, so that only the
endpoint needs to be setup later.

Scenario:
All keys for interface and peer are configured via "wg" standard config
file, so that the interface can be brought up at boot time.

But when having to use a to be resolved host name as endpoint, then the
boot process blocks for around a minute in case no network (incl. DNS)
is available. At least when running systemd reading
/etc/network/interfaces. I'm not using systemd builtin wg support.

There is of course the possibility to bring up the wg-* interfaces later
altogether. But the easiest way for me was to use a local endpoint IP
(127.0.1.1) address, and then use up/down scripts triggered on LAN/WLAN
up/down, which then only resolve the endpoint host name and set via wg
the resolved IP of that.

This way I'm also able to use several hostnames from different DynDNS
providers, in case one service provider is down, which wg as far as I
know doesn't currently support.
I.e:
	1.) resolve first host name
	2.) set endpoint IP on peer
	3.) ping into tunnel to see if it is working
	4.) if not working, then try next host name

Thanks,

Emmanuel

On 2019-12-30 10:37, Jason A. Donenfeld wrote:
> Hi Devin,
>
> Could you let me know your reason for wanting this? If there's a good
> justification, we could consider adding it. But I'd like some
> reasoning as it relates to the entire system you're trying to build,
> first.
>
> Thanks,
> Jason
>
> On Sat, Dec 28, 2019 at 10:36 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>>
>> I'm interested to learn, why would you want such a thing? The endpoint field is only ever a "hint" anyway, due to the roaming.
>>
>> On Sat, Dec 28, 2019, 13:12 Devin Smith <devinrsmith@protonmail.com> wrote:
>>>
>>> If I'm not mistaken, `wg set <interface> peer <base64> remove` removes the whole peer - I'm looking to remove just the peer's endpoint attribute [endpoint <ip>:<port>].
>>>
>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>> On Friday, December 27, 2019 10:51 AM, Lonnie Abelbeck <lists@lonnie.abelbeck.com> wrote:
>>>
>>>>> On Dec 27, 2019, at 9:51 AM, Devin Smith devinrsmith@protonmail.com wrote:
>>>>> Is it possible to remove the endpoint of a peer via the `wg set` command? All of the other peer attributes (preshared-key, persistent-keepalive, allowed-ips) are removable in this fashion (and documented in the man page). I've tried `wg set <interface> peer <base64-public-key> endpoint 0` ...
>>>>
>>>> Yes, this works:
>>>>
>>>> -------------------
>>>>
>>>> wg set <interface> peer <base64-public-key> remove
>>>> --
>>>>
>>>> If you forget, "wg set --help" will remind you.
>>>>
>>>> Lonnie
>>>
>>>
>>> _______________________________________________
>>> WireGuard mailing list
>>> WireGuard@lists.zx2c4.com
>>> https://lists.zx2c4.com/mailman/listinfo/wireguard
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard