Jason A. Donenfeld
Jason at zx2c4.com
Sat Apr 14 00:31:13 CEST 2018
On Mon, Mar 26, 2018 at 7:17 PM, ST <smntov at gmail.com> wrote:
> 1. Labels.
> Is it possible to add an optional label to a peer to make it a bit more
> usable for humans (who tend not to remember IPs or keys). A label
> associated with a peer is just a string (could be a first/last name,
> email, "NY Office" or whatever). So if you read through the .conf file
> or query wg for that label - you can get the right IP to SSH to, if
> In the .conf file it could probably be realized through some sort of
> comments before each [Peer] section (didn't check whether # or something
> actually work). But querying wg from command line for a label is also
A lot of people have asked for this; there's some discussion on the
list. I'm not entirely opposed to it, but the use case does seem
extremely limited. Often times you want a label so that you can then
correlate it with another piece of information to find more info in a
database or in an API. But in that case, why not use the public key as
the piece of correlating information? On the other hand, it would make
things a bit nicer from an administrative perspective if you're using
the basic wg utility and want a bit more information in there.
I've implemented this feature in a branch, but keep hesitating each
time I think about merging it. I should revisit it and come up with
something definitive one way or another.
> 2. Includes in .conf files.
> Is it possible to include .conf files in the main wg0.conf file? Like:
> Include ./us_peers.conf
> Include ./eu_peers.conf
Seems useful, though a bit awkward to have in the .ini syntax. Many
systems, instead of include directives, choose to either go with an
external preprocessor (m4, cpp, bash, etc) for this kind of thing, or
go with the conf.d approach:
The conf.d approach has the advantage of being very easy to understand
and deal with, and one can see clearly how it would work with
wireguard -- `wg setconf wg0 <(cat
/etc/wireguard/someserver.conf.d/*)`. Would that handle your use case?
More information about the WireGuard