[PATCH] Adding support for reloading configuration via systemd

Jason A. Donenfeld Jason at zx2c4.com
Tue Jul 28 11:03:39 CEST 2020 

On Mon, Jul 27, 2020 at 10:04 PM Tore Anderson <tore at fud.no> wrote:
> Absolutely, a 'wg syncconf' wrapper is unable to fully implement every
> conceivable change to the wg-quick config file. That said, 99.9% of my
> configuration changes are additions/removal of [Peer] sections that 'wg
> syncconf' do handle perfectly. Being able to add and remove individual
> VPN users without disrupting the traffic of other unrelated users is a
> really big win for me. I would imagine this to ability be highly
> desirable for most other VPN server operators as well – even for those
> that do not use systemd.

But for people shell scripting, can't they just use `wg syncconf
wgnet0 <(wg-quick strip wgnet0)`, so that it's explicit what's
happening?

> I do use systemd, so I am personally fine with what just got merged. I
> do have to wonder, though, if I committed some sort of faux pas and/or
> violated some contribution guideline in posting my initial submission,
> considering that it was consistently ignored for months even though it
> implemented essentially the same thing as what ended up being merged
> just now.

No faux pas, just a bit backlogged in reviews. Then Domonkos' patch
came through, which seemed more straightforwardly mergable.

> Anyway. I would, if you are interested in that, be happy update my
> patch to rename the new wg-quick action «syncconf» instead of «reload»,
> in order to more clearly indicate that this action will only change the
> parameters that 'wg syncconf' can change.

I'm still pretty hesitant for the reasons I outlined in the previous
email. If anything, it'd probably have to be "syncpeers", but even
then, it wouldn't update the routing information that wg-quick(8)
sometimes does. The right thing to do for a `wg-quick reload` command
would be to take into account all of the various other changes, and
mutate them the minimal distance to reflect the updated config file.
But this sounds pretty hard to do in bash. And that makes me worry
about overall mission creep in wg-quick(8). syncconf in wg(8) is
fairly simple, though still a bit verbose, but that's in C:
https://git.zx2c4.com/wireguard-tools/tree/src/setconf.c#n30 . And
there's a very clear way of doing this, whereas there are lots of
weird edge cases when handling routing.

Plus, how hard is it to add `wg syncconf wgnet0 <(wg-quick strip
wgnet0)` to scripts?

Jason

More information about the WireGuard mailing list