wg usage :: questions/proposals

Adrian Sevcenco adrian.sev at gmail.com
Mon Nov 27 12:40:55 CET 2017

Hi! I started yesterday to use Wireguard and in about 1h i already had 
in place about a dozen of tunnels .. so, yeah, this project is at this 
level of awesomeness ..

Following the usage patterns i encountered some steps that i think that 
can be simplified :

1. it would be useful if wg could use the ip command and take (and save)
device information with showconf .. something like :
any pairs of options belonging to "ip link add"
OPTARGS="string to be used with ip link add"

and wg could parse this section and run

ip link add dev NAME <pairs_of_options> OPTARGS type wireguard
ip address add dev NAME IP_CIDR

Aditionaly maybe would be useful an
options of "ip link set"
OPTARGS="string to be used with ip link set"

and similar run
ip link set NAME <pairs_of_options> OPTARGS

after parsing of Device sections wg would run
ip link set up dev NAME

if NAME exists setconf would throw "Device already setup" but with some 
"force" option like "wg -f setconf" it would delete the found device and 
proceed with the configuration

2. maybe the keys format could be something like :
key ; ip:port(mandatory) ; hostname (optional)

this way one could do for the server case :
wg set ${DEV} private-key ${PRIV_KEY}
without listen-port

for the client case :
wg set ${DEV} private-key CLIENT_PRIV_KEY_FILE peer SERVER_PUB_KEY_FILE 
allowed-ips persistent-keepalive 25

where endpoint information is taken from the server public key file

and for the additions of the peers :
wg set ${DEV} peer PEER_PUB_KEY_FILE

where allowed-ips is taken from the file

3. is allowed-ips only an ip? could be a network?
for cases where the client is taking the ip from dhcp and the network is
known and the tunnel stays even if the ip changes ..

Thank you very much for your great work!!

More information about the WireGuard mailing list