[ wireguard-devel] Purge old peer

[ wireguard-devel] Purge old peer

[Nicolas Prochazka]

[-- Attachment #1: Type: text/plain, Size: 365 bytes --]

Hello,
we hare using wireguard with a lot of client, with a lot of dynamically
generated peer key.
So we have, server side, a lot of peers that are become obsoletes
At this time, we delete peer , based on latest handshake > delta time ,
with wg command.
Is the best thing to do ? is it possible to implement an auto purge of old
peer ?

Regards,
Nicolas Prochazka.

[-- Attachment #2: Type: text/html, Size: 439 bytes --]

Re: [ wireguard-devel] Purge old peer

[jens]

On 01.03.2017 14:47, Nicolas Prochazka wrote:
> Hello,
> we hare using wireguard with a lot of client, with a lot of
> dynamically generated peer key.
> So we have, server side, a lot of peers that are become obsoletes
> At this time, we delete peer , based on latest handshake > delta time
> , with wg command.
> Is the best thing to do ? is it possible to implement an auto purge of
> old peer ?
>
>
user handling, somehow "user-state" is something which may better
parseable in terms of "wg" output - but to implement it in wireguard
itself opens a whole lot of topics. And i prefer solutions build around
the kernel modul itself and keep it quite impossible to trigger an
invalidation of any peer (by manipulating time servers or exploiting
some strange timeissues like leap seconds, timezones etc.) - especially
since this is the special usecase for many2one connections, like your
Serverexample.

--=20
make the world nicer, please use PGP encryption