* how would one go about building an admin frontend? @ 2019-01-11 0:14 John Accoun 2019-01-11 11:17 ` Steve Gilberd 2019-01-16 20:25 ` Tharre 0 siblings, 2 replies; 5+ messages in thread From: John Accoun @ 2019-01-11 0:14 UTC (permalink / raw) To: wireguard [-- Attachment #1.1: Type: text/plain, Size: 938 bytes --] I need to provision a large number of linux devices on multiple locations and put them all on a VPN. Configuring each device manually is too tedious. I was thinking of spinning up a server with a small HTTP api to exchange keys and configure wireguard on both sides. Then each device would call this server to register itself. And while I am a it I thought I could throw together a minimal admin ui that I could use for example to manually remove peers. I red the 'Web App provisioning Server' which I believe describes a possible solution for this use case. But I am confused with the whole data storage thing. Where do configuarations live? Are the configuration files at /etc/whireguard/ the source of truth? If I edit these when is the list of peers refreshed? The above mentioned document suggests shelling out to command line tools. Is this the recommended way. Does a general purpose library for managing wireguard config exist? [-- Attachment #1.2: Type: text/html, Size: 1026 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how would one go about building an admin frontend? 2019-01-11 0:14 how would one go about building an admin frontend? John Accoun @ 2019-01-11 11:17 ` Steve Gilberd 2019-01-13 0:09 ` John Accoun 2019-01-16 20:25 ` Tharre 1 sibling, 1 reply; 5+ messages in thread From: Steve Gilberd @ 2019-01-11 11:17 UTC (permalink / raw) To: John Accoun; +Cc: wireguard [-- Attachment #1.1: Type: text/plain, Size: 1517 bytes --] Why not use an existing solution (e.g. puppet et al)? The capability is already there, unless you need a GUI. Cheers, Steve On Fri, 11 Jan 2019, 21:09 John Accoun, <jsonacc@gmail.com> wrote: > I need to provision a large number of linux devices on multiple locations > and put them all on a VPN. > Configuring each device manually is too tedious. I was thinking of > spinning up a server with a small HTTP api to exchange keys and configure > wireguard on both sides. Then each device would call this server to > register itself. And while I am a it I thought I could throw together a > minimal admin ui that I could use for example to manually remove peers. > > I red the 'Web App provisioning Server' which I believe describes a > possible solution for this use case. But I am confused with the whole data > storage thing. Where do configuarations live? Are the configuration files > at /etc/whireguard/ the source of truth? If I edit these when is the list > of peers refreshed? > > The above mentioned document suggests shelling out to command line tools. > Is this the recommended way. Does a general purpose library for managing > wireguard config exist? > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard > -- Cheers, *Steve Gilberd* Erayd LTD *·* Consultant *Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237* *PO Box 10019, The Terrace, Wellington 6143, NZ* [-- Attachment #1.2: Type: text/html, Size: 2464 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how would one go about building an admin frontend? 2019-01-11 11:17 ` Steve Gilberd @ 2019-01-13 0:09 ` John Accoun 0 siblings, 0 replies; 5+ messages in thread From: John Accoun @ 2019-01-13 0:09 UTC (permalink / raw) To: Steve Gilberd; +Cc: wireguard [-- Attachment #1.1: Type: text/plain, Size: 2144 bytes --] > Why not use an existing solution (e.g. puppet et al)? The capability is already there, No. It's not. Notice that I did mention that the devices would call a server to register themselves. In fact, the whole problem I am trying to solve is providing connectivity to peers behind NATs and connected from unknown locations. Being able to just ssh'ing into a peer is the end goal itself, not the starting point. But let's please not get off topic. I think I was clear in what I asked. On Fri, Jan 11, 2019 at 12:17 PM Steve Gilberd <steve@erayd.net> wrote: > Why not use an existing solution (e.g. puppet et al)? The capability is > already there, unless you need a GUI. > > Cheers, > Steve > > On Fri, 11 Jan 2019, 21:09 John Accoun, <jsonacc@gmail.com> wrote: > >> I need to provision a large number of linux devices on multiple locations >> and put them all on a VPN. >> Configuring each device manually is too tedious. I was thinking of >> spinning up a server with a small HTTP api to exchange keys and configure >> wireguard on both sides. Then each device would call this server to >> register itself. And while I am a it I thought I could throw together a >> minimal admin ui that I could use for example to manually remove peers. >> >> I red the 'Web App provisioning Server' which I believe describes a >> possible solution for this use case. But I am confused with the whole data >> storage thing. Where do configuarations live? Are the configuration files >> at /etc/whireguard/ the source of truth? If I edit these when is the list >> of peers refreshed? >> >> The above mentioned document suggests shelling out to command line tools. >> Is this the recommended way. Does a general purpose library for managing >> wireguard config exist? >> _______________________________________________ >> WireGuard mailing list >> WireGuard@lists.zx2c4.com >> https://lists.zx2c4.com/mailman/listinfo/wireguard >> > -- > > Cheers, > > *Steve Gilberd* > Erayd LTD *·* Consultant > *Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237* > *PO Box 10019, The Terrace, Wellington 6143, NZ* > [-- Attachment #1.2: Type: text/html, Size: 3403 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how would one go about building an admin frontend? 2019-01-11 0:14 how would one go about building an admin frontend? John Accoun 2019-01-11 11:17 ` Steve Gilberd @ 2019-01-16 20:25 ` Tharre 2019-01-21 18:40 ` Vincent Wiemann 1 sibling, 1 reply; 5+ messages in thread From: Tharre @ 2019-01-16 20:25 UTC (permalink / raw) To: John Accoun; +Cc: wireguard [-- Attachment #1.1: Type: text/plain, Size: 1308 bytes --] On 01/11, John Accoun wrote: > I red the 'Web App provisioning Server' which I believe describes a > possible solution for this use case. But I am confused with the whole data > storage thing. Where do configuarations live? Are the configuration files > at /etc/whireguard/ the source of truth? If I edit these when is the list > of peers refreshed? I assume you're referring to [0]? /etc/wireguard is only relevant for wg-quick, if you edit files there your changes will only take effect once you down/up your interface with wg-quick. So you obviously don't want to do it that way. > The above mentioned document suggests shelling out to command line tools. > Is this the recommended way. Does a general purpose library for managing > wireguard config exist? I'm not sure where you read that? In any case, you can control wireguard via netlink[1], and there is also a embeddable library[2] in C available. There also probably exists a netlink library for $YOUR_FAVORITE_LANG. Regards, Tharre [0] https://docs.google.com/document/d/1_3Id-0vVXlXHFB7eT6fnfXoe9ppJoS8pY7R_uCtEZG4 [1] See man 7 rtnetlink [2] https://git.zx2c4.com/WireGuard/tree/contrib/examples/embeddable-wg-library/wireguard.c -- PGP fingerprint: 42CE 7698 D6A0 6129 AA16 EF5C 5431 BDE2 C8F0 B2F4 [-- Attachment #1.2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how would one go about building an admin frontend? 2019-01-16 20:25 ` Tharre @ 2019-01-21 18:40 ` Vincent Wiemann 0 siblings, 0 replies; 5+ messages in thread From: Vincent Wiemann @ 2019-01-21 18:40 UTC (permalink / raw) Cc: wireguard If you don't want to fiddle with setting up connections by yourself and have a clean network design, use systemd-networkd. https://en.nullday.de/it-sec/2018/02/22/wireguard-with-systemd/ Regards, Vincent Wiemann _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-17 1:20 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-01-11 0:14 how would one go about building an admin frontend? John Accoun 2019-01-11 11:17 ` Steve Gilberd 2019-01-13 0:09 ` John Accoun 2019-01-16 20:25 ` Tharre 2019-01-21 18:40 ` Vincent Wiemann
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.