wg-quick alternate script
bowtieinwind at protonmail.com
Wed Nov 11 12:16:07 CET 2020
First of all, I would like to thank you kindly for creating WireGuard. It
is a wonderful piece of software. My thanks go to Jason, but also to the
whole community involved in that project. People tend to forget this kind
of work is mostly done during our spare time, it is really important to
In the last past weeks, I had to connect to various untrusted networks,
some in my neighbourhood, some at work. By default, I'm in paranoid mode,
that's why I installed WireGuard. Even if I do most of my work on Linux,
my primary peer (which can be called the server here) is running on
OpenBSD 6.8. I like to see WireGuard directly in default system, so I can
use it without installing anything else. It's the same with Unbound. If
some OpenBSD folks are also reading this email, thanks a lot !
According to my needs, I decided to write another wg-quick(8) script
using ksh. Most of the work was done with mksh(1), but I'm pretty sure
it could work with pdksh(1) or even ksh88(1). I did it for three reasons :
- I would like to use WireGuard on my own Linux distribution. bash(1)
is not included in the base system.
- wg-quick(8) needs "up" and "down" to setup and close the connection.
wg-kyc initiates the connection and waits for SIGINT or SIGTERM. When
it is triggered, the connection is closed. It mimics OpenVPN.
- My systems do not rely on bash(1), therefore I would like to also avoid
it for my VPN.
However, my tool has less features than wg-quick(8). It doesn't support
specific routing table (fwmark) or all *Up and *Down hooks. Those
settings are directly hard coded inside. It was also specifically written
for Linux. Thankfully, most of the OS commands can be easily modified.
Of course, I fully encourage people to modify it.
The sources are available online.
In any case, take care of yourself especially now, in these difficult
PS: Donate to WireGuard !
More information about the WireGuard