-
Notifications
You must be signed in to change notification settings - Fork 195
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
wg-quick linux: Add strip-and-eval cmd to extract keys from PostUp
The manpage mentions the trick to use PostUp to read the PrivateKey (or PresharedKey) from a command (or file). However, when you actually use that you notice that this is currently not fully supported. The issue is that ```Shell wg syncconf wgnet0 <(wg-quick strip wgnet0) ``` from the manpage now breaks the VPN because it *removes* the private key from the WireGuard interface. The reason is that `strip` removes PostUp of course. This patch tries to add full support to read WireGuard keys from files or command outputs by evaluating PostUp using a best effort approach (using regex). It will not work for everything but when you follow the manpage closely, it will work. I also propose to update the systemd template to make seamless use of this. This is not a must because the sysadmin can easily change the ExecReload using systemd drop-in files. Note that the patchset is incomplete (currently only for Linux). I don’t have all the other OSes laying around. When the patch looks ok, I can apply it to the other versions also. Example use of this patch: https://github.com/ypid/ansible-wireguard/tree/prepare-for-debops Signed-off-by: Robin Schneider <[email protected]>
- Loading branch information
Showing
3 changed files
with
43 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters