RFC: wg syncpeers wg0 wireguard.conf

Rene 'Renne' Bartsch, B.Sc. Informatics ml at bartschnet.de
Mon Jun 10 14:34:26 CEST 2019


Hi Lonnie,

I agree. If a peer could push updated information of a remote peer (e.g. ip address, port) to all other peers it would be great, too.

Regards,

Renne


Am 09.06.19 um 21:59 schrieb Lonnie Abelbeck:
> Hi List, Request For Comments:
> 
> I would find it useful if "wg" would support a "syncpeers" subcommand.
> --
> Usage: wg syncpeers <interface> <configuration filename>
> --
> Available subcommands:
>    syncpeers: Synchronizes a configuration file of peers to a WireGuard interface
> --
> 
> Given:
> - A user creates a wireguard.conf file.
> 
> - Uses "wg setconf wg0 wireguard.conf" to apply the configuration.
> 
> Request:
> - Later, a user edits a wireguard.conf file: adds peers, deletes peers, and/or edits peers.
> 
> - Use "wg syncpeers wg0 wireguard.conf" to synchronize the configuration file of peers with the current state.
> 
> - Synchronize changes with minimal impact, determine peer differences and leave unchanged settings alone.
> 
> - Basically internally using "wg set wg0 ..." to make the minimum changes.
> 
> - If the [Peer] Endpoint is a DNS hostname, the Endpoint will be resolved and IP updated.
> 
> Note: Interestingly, "wg setconf wg0 wireguard.conf" *almost* performs as requested except for a 17 second interruption of the tunnel *if* PersistentKeepalive is 0.  Even if PersistentKeepalive is 3600, a "wg setconf wg0 wireguard.conf" will not effect an active tunnel except for resetting traffic counters.
> 
> I understand a script could be created to perform this as well, but adding it to "wg" lowers the hurdle for many users.
> 
> If the 17 second interruption of active tunnels while using "wg setconf wg0 wireguard.conf" could be eliminated, this request may be moot.
> 
> Comments please.
> 
> Lonnie
> 
> _______________________________________________
> WireGuard mailing list
> WireGuard at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
> 


More information about the WireGuard mailing list