* dynamic reload of configuration file @ 2019-02-17 15:21 Raffaele Spazzoli 2019-02-17 17:22 ` Samuel Holland 2019-02-17 17:31 ` M. Dietrich 0 siblings, 2 replies; 5+ messages in thread From: Raffaele Spazzoli @ 2019-02-17 15:21 UTC (permalink / raw) To: wireguard [-- Attachment #1.1: Type: text/plain, Size: 447 bytes --] Hi, I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic and can come and go at any time. Is there a way to reconfigure a wireguard device without restarting it or losing the current connections? If yes, how can it be done? Thanks, Raffaele Raffaele Spazzoli Senior Architect - OpenShift <https://www.openshift.com>, Containers and PaaS Practice <https://www.redhat.com/en/services/consulting/paas> Tel: +1 216-258-7717 [-- Attachment #1.2: Type: text/html, Size: 990 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dynamic reload of configuration file 2019-02-17 15:21 dynamic reload of configuration file Raffaele Spazzoli @ 2019-02-17 17:22 ` Samuel Holland 2019-02-17 17:31 ` M. Dietrich 1 sibling, 0 replies; 5+ messages in thread From: Samuel Holland @ 2019-02-17 17:22 UTC (permalink / raw) To: Raffaele Spazzoli, wireguard On 02/17/19 09:21, Raffaele Spazzoli wrote: > I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic > and can come and go at any time. Is there a way to reconfigure a wireguard > device without restarting it or losing the current connections? > > If yes, how can it be done? Yes, please read the wg(8) manual page, specifically the `set`, `setconf`, and `addconf` sections. Cheers, Samuel _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dynamic reload of configuration file 2019-02-17 15:21 dynamic reload of configuration file Raffaele Spazzoli 2019-02-17 17:22 ` Samuel Holland @ 2019-02-17 17:31 ` M. Dietrich 2019-02-18 13:51 ` Raffaele Spazzoli 1 sibling, 1 reply; 5+ messages in thread From: M. Dietrich @ 2019-02-17 17:31 UTC (permalink / raw) To: Raffaele Spazzoli, wireguard [-- Attachment #1.1: Type: text/plain, Size: 510 bytes --] Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21: > I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic > and can come and go at any time. Is there a way to reconfigure a wireguard > device without restarting it or losing the current connections? yes. > If yes, how can it be done? other way around: configure wireguard with the `wg` command and that is persisted to the configuration file. on restart the file is read and your config applied. M. Dietrich [-- Attachment #1.2: Type: application/pgp-signature, Size: 833 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dynamic reload of configuration file 2019-02-17 17:31 ` M. Dietrich @ 2019-02-18 13:51 ` Raffaele Spazzoli 2019-02-18 14:56 ` Lonnie Abelbeck 0 siblings, 1 reply; 5+ messages in thread From: Raffaele Spazzoli @ 2019-02-18 13:51 UTC (permalink / raw) To: M. Dietrich; +Cc: wireguard [-- Attachment #1.1: Type: text/plain, Size: 1423 bytes --] Samuel, I read that section of the docs. it doesn't explain the behavior of those commands on an already "warm" wireguard device (i.e. while the device is in up state). M. Dietrich, the add conf may work when adding a node, but I also need something when removing a node of the mesh. two questions: 1. If initialize a wireguard device with a configuration file and then update the file will the configuration be updated? 2. if I run the set-conf command on an already initialized wiredguard device, will the configuration be updated without losing the current (and still existing after the new configuration) connections? Thanks, Raffaele Raffaele Spazzoli Senior Architect - OpenShift <https://www.openshift.com>, Containers and PaaS Practice <https://www.redhat.com/en/services/consulting/paas> Tel: +1 216-258-7717 On Sun, Feb 17, 2019 at 12:38 PM M. Dietrich <mdt@emdete.de> wrote: > Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21: > > I'm using wireguard to build a VPN mesh. The nodes of the mesh are > dynamic > > and can come and go at any time. Is there a way to reconfigure a > wireguard > > device without restarting it or losing the current connections? > > yes. > > > If yes, how can it be done? > > other way around: configure wireguard with the `wg` command > and that is persisted to the configuration file. > > on restart the file is read and your config applied. > > M. Dietrich > [-- Attachment #1.2: Type: text/html, Size: 2343 bytes --] [-- Attachment #2: Type: text/plain, Size: 148 bytes --] _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: dynamic reload of configuration file 2019-02-18 13:51 ` Raffaele Spazzoli @ 2019-02-18 14:56 ` Lonnie Abelbeck 0 siblings, 0 replies; 5+ messages in thread From: Lonnie Abelbeck @ 2019-02-18 14:56 UTC (permalink / raw) To: Raffaele Spazzoli; +Cc: WireGuard mailing list Raffaele, typing "wg help" should answer many of your questions: -- # wg help Usage: wg <cmd> [<args>] Available subcommands: show: Shows the current configuration and device information showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf' set: Change the current configuration, add peers, remove peers, or change peers setconf: Applies a configuration file to a WireGuard interface addconf: Appends a configuration file to a WireGuard interface genkey: Generates a new private key and writes it to stdout genpsk: Generates a new preshared key and writes it to stdout pubkey: Reads a private key from stdin and writes a public key to stdout You may pass `--help' to any of these subcommands to view usage. -- -- # wg set --help Usage: wg set <interface> [listen-port <port>] [fwmark <mark>] [private-key <file path>] [peer <base64 public key> [remove] [preshared-key <file path>] [endpoint <ip>:<port>] [persistent-keepalive <interval seconds>] [allowed-ips <ip1>/<cidr1>[,<ip2>/<cidr2>]...] ]... -- Lonnie > On Feb 18, 2019, at 7:51 AM, Raffaele Spazzoli <rspazzol@redhat.com> wrote: > > Samuel, > > I read that section of the docs. it doesn't explain the behavior of those commands on an already "warm" wireguard device (i.e. while the device is in up state). > > M. Dietrich, > > the add conf may work when adding a node, but I also need something when removing a node of the mesh. > > two questions: > 1. If initialize a wireguard device with a configuration file and then update the file will the configuration be updated? > 2. if I run the set-conf command on an already initialized wiredguard device, will the configuration be updated without losing the current (and still existing after the new configuration) connections? > > Thanks, > Raffaele > > Raffaele Spazzoli > Senior Architect - OpenShift, Containers and PaaS Practice > Tel: +1 216-258-7717 > > > > > On Sun, Feb 17, 2019 at 12:38 PM M. Dietrich <mdt@emdete.de> wrote: > Quotation from Raffaele Spazzoli at Februar 17, 2019 16:21: > > I'm using wireguard to build a VPN mesh. The nodes of the mesh are dynamic > > and can come and go at any time. Is there a way to reconfigure a wireguard > > device without restarting it or losing the current connections? > > yes. > > > If yes, how can it be done? > > other way around: configure wireguard with the `wg` command > and that is persisted to the configuration file. > > on restart the file is read and your config applied. > > M. Dietrich > _______________________________________________ > WireGuard mailing list > WireGuard@lists.zx2c4.com > https://lists.zx2c4.com/mailman/listinfo/wireguard _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-18 14:56 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-02-17 15:21 dynamic reload of configuration file Raffaele Spazzoli 2019-02-17 17:22 ` Samuel Holland 2019-02-17 17:31 ` M. Dietrich 2019-02-18 13:51 ` Raffaele Spazzoli 2019-02-18 14:56 ` Lonnie Abelbeck
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).