Re: dynamic reload of configuration file

From: Lonnie Abelbeck <lists@lonnie.abelbeck.com>
To: Raffaele Spazzoli <rspazzol@redhat.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: dynamic reload of configuration file
Date: Mon, 18 Feb 2019 08:56:03 -0600	[thread overview]
Message-ID: <3C0540CA-7490-48CA-8EF6-EDC95DC3E64B@lonnie.abelbeck.com> (raw)
In-Reply-To: <CACOeLqLEo2mX3AXvEPcG6EAOdwQf+PW3BvfKvYFPzsu6vLp5GQ@mail.gmail.com>

Raffaele, typing "wg help" should answer many of your questions:
--
# wg help
Usage: wg <cmd> [<args>]

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.
--

--
# wg set --help
Usage: wg set <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]...
--

Lonnie


> On Feb 18, 2019, at 7:51 AM, Raffaele Spazzoli <rspazzol@redhat.com> wrote:
> 
> Samuel,
> 
> I read that section of the docs. it doesn't explain the behavior of those commands on an already "warm" wireguard device (i.e. while the device is in up state).
> 
> M. Dietrich,
> 
> the add conf may work when adding a node, but I also need something when removing a node of the mesh.
> 
> two questions:
> 1. If initialize a wireguard device with a configuration file and then update the file will the configuration be updated?
> 2. if I run the set-conf command on an already initialized wiredguard device, will the configuration be updated without losing the current (and still existing after the new configuration) connections?
> 
> Thanks,
> Raffaele
> 
> Raffaele Spazzoli
> Senior Architect - OpenShift, Containers and PaaS Practice
> Tel: +1 216-258-7717
> 
> 
> 
> 
> On Sun, Feb 17, 2019 at 12:38 PM M. Dietrich <mdt@emdete.de> wrote:
> Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21:
> > I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic
> > and can come and go at any time. Is there a way to reconfigure a wireguard
> > device without restarting it or losing the current connections?
> 
> yes.
> 
> > If yes, how can it be done?
> 
> other way around: configure wireguard with the `wg` command
> and  that is persisted to the configuration file.
> 
> on restart the file is read and your config applied.
> 
> M. Dietrich
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard