remove peer endpoint

Devin Smith devinrsmith at protonmail.com
Wed Jan 8 01:48:11 CET 2020


It's more of a theoretical question wrt configuration (an attempt of mine to define a more declarative configuration model on top of wg) - but I can see how it's probably not very useful in most cases. There may be some edge cases where it may make sense - for example, you create a new peer with an (incorrect) endpoint, but realize that endpoint should actually be unset. It's easy enough to tear down the peer, and rebuild it without the endpoint set; or just leave the endpoint since it's a hint; but the first is "inefficient", and the second leaves the runtime at odds with the desired (declarative) configuration.

It's probably a fringe issue, so not sure if it makes sense to add it.


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, December 30, 2019 3:37 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:

> Hi Devin,
>
> Could you let me know your reason for wanting this? If there's a good
> justification, we could consider adding it. But I'd like some
> reasoning as it relates to the entire system you're trying to build,
> first.
>
> Thanks,
> Jason
>
> On Sat, Dec 28, 2019 at 10:36 PM Jason A. Donenfeld Jason at zx2c4.com wrote:
>
> > I'm interested to learn, why would you want such a thing? The endpoint field is only ever a "hint" anyway, due to the roaming.
> > On Sat, Dec 28, 2019, 13:12 Devin Smith devinrsmith at protonmail.com wrote:
> >
> > > If I'm not mistaken, `wg set <interface> peer <base64> remove` removes the whole peer - I'm looking to remove just the peer's endpoint attribute [endpoint <ip>:<port>].
> > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > On Friday, December 27, 2019 10:51 AM, Lonnie Abelbeck lists at lonnie.abelbeck.com wrote:
> > >
> > > > > On Dec 27, 2019, at 9:51 AM, Devin Smith devinrsmith at protonmail.com wrote:
> > > > > Is it possible to remove the endpoint of a peer via the `wg set` command? All of the other peer attributes (preshared-key, persistent-keepalive, allowed-ips) are removable in this fashion (and documented in the man page). I've tried `wg set <interface> peer <base64-public-key> endpoint 0` ...
> > > >
> > > > Yes, this works:
> > > >
> > > > wg set <interface> peer <base64-public-key> remove
> > > >
> > > > ---------------------------------------------------
> > > >
> > > > If you forget, "wg set --help" will remind you.
> > > > Lonnie
> > >
> > > WireGuard mailing list
> > > WireGuard at lists.zx2c4.com
> > > https://lists.zx2c4.com/mailman/listinfo/wireguard




More information about the WireGuard mailing list