dynamic reload of configuration file

dynamic reload of configuration file

[Raffaele Spazzoli]

[-- Attachment #1.1: Type: text/plain, Size: 447 bytes --]

Hi,

I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic
and can come and go at any time. Is there a way to reconfigure a wireguard
device without restarting it or losing the current connections?

If yes, how can it be done?


Thanks,
Raffaele

Raffaele Spazzoli
Senior Architect - OpenShift <https://www.openshift.com>, Containers
and PaaS Practice <https://www.redhat.com/en/services/consulting/paas>
Tel: +1 216-258-7717

[-- Attachment #1.2: Type: text/html, Size: 990 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: dynamic reload of configuration file

[Samuel Holland]

On 02/17/19 09:21, Raffaele Spazzoli wrote:
> I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic 
> and can come and go at any time. Is there a way to reconfigure a wireguard 
> device without restarting it or losing the current connections?
> 
> If yes, how can it be done?

Yes, please read the wg(8) manual page, specifically the `set`, `setconf`, and
`addconf` sections.

Cheers,
Samuel
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: dynamic reload of configuration file

[M. Dietrich]

[-- Attachment #1.1: Type: text/plain, Size: 510 bytes --]

Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21:
> I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic
> and can come and go at any time. Is there a way to reconfigure a wireguard
> device without restarting it or losing the current connections?

yes.

> If yes, how can it be done?

other way around: configure wireguard with the `wg` command
and  that is persisted to the configuration file.

on restart the file is read and your config applied.

M. Dietrich

[-- Attachment #1.2: Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: dynamic reload of configuration file

[Raffaele Spazzoli]

[-- Attachment #1.1: Type: text/plain, Size: 1423 bytes --]

Samuel,

I read that section of the docs. it doesn't explain the behavior of those
commands on an already "warm" wireguard device (i.e. while the device is in
up state).

M. Dietrich,

the add conf may work when adding a node, but I also need something when
removing a node of the mesh.

two questions:
1. If initialize a wireguard device with a configuration file and then
update the file will the configuration be updated?
2. if I run the set-conf command on an already initialized wiredguard
device, will the configuration be updated without losing the current (and
still existing after the new configuration) connections?

Thanks,
Raffaele

Raffaele Spazzoli
Senior Architect - OpenShift <https://www.openshift.com>, Containers
and PaaS Practice <https://www.redhat.com/en/services/consulting/paas>
Tel: +1 216-258-7717




On Sun, Feb 17, 2019 at 12:38 PM M. Dietrich <mdt@emdete.de> wrote:

> Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21:
> > I'm using wireguard to build a VPN mesh. The nodes of the mesh are
> dynamic
> > and can come and go at any time. Is there a way to reconfigure a
> wireguard
> > device without restarting it or losing the current connections?
>
> yes.
>
> > If yes, how can it be done?
>
> other way around: configure wireguard with the `wg` command
> and  that is persisted to the configuration file.
>
> on restart the file is read and your config applied.
>
> M. Dietrich
>

[-- Attachment #1.2: Type: text/html, Size: 2343 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: dynamic reload of configuration file

[Lonnie Abelbeck]

Raffaele, typing "wg help" should answer many of your questions:
--
# wg help
Usage: wg <cmd> [<args>]

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.
--

--
# wg set --help
Usage: wg set <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]...
--

Lonnie


> On Feb 18, 2019, at 7:51 AM, Raffaele Spazzoli <rspazzol@redhat.com> wrote:
> 
> Samuel,
> 
> I read that section of the docs. it doesn't explain the behavior of those commands on an already "warm" wireguard device (i.e. while the device is in up state).
> 
> M. Dietrich,
> 
> the add conf may work when adding a node, but I also need something when removing a node of the mesh.
> 
> two questions:
> 1. If initialize a wireguard device with a configuration file and then update the file will the configuration be updated?
> 2. if I run the set-conf command on an already initialized wiredguard device, will the configuration be updated without losing the current (and still existing after the new configuration) connections?
> 
> Thanks,
> Raffaele
> 
> Raffaele Spazzoli
> Senior Architect - OpenShift, Containers and PaaS Practice
> Tel: +1 216-258-7717
> 
> 
> 
> 
> On Sun, Feb 17, 2019 at 12:38 PM M. Dietrich <mdt@emdete.de> wrote:
> Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21:
> > I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic
> > and can come and go at any time. Is there a way to reconfigure a wireguard
> > device without restarting it or losing the current connections?
> 
> yes.
> 
> > If yes, how can it be done?
> 
> other way around: configure wireguard with the `wg` command
> and  that is persisted to the configuration file.
> 
> on restart the file is read and your config applied.
> 
> M. Dietrich
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard