WireGuard Archive on lore.kernel.org
 help / color / Atom feed
From: Devin Smith <devinrsmith@protonmail.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: remove peer endpoint
Date: Wed, 08 Jan 2020 00:48:11 +0000
Message-ID: <h5iy7cvtz8UAyNLvf8J_py2H-5UOHp_9QN3wUWviT19l2T6BeiZVuaXZ5GN5712b4NIw7zODom88DP1JCh19XKm8yiY_0pddzdQ9gaauhF8=@protonmail.com> (raw)
In-Reply-To: <CAHmME9q=L1kyxSu8KBVMkZx6-A77RaAeCtXeOaYQbXGDho-Ujg@mail.gmail.com>

It's more of a theoretical question wrt configuration (an attempt of mine to define a more declarative configuration model on top of wg) - but I can see how it's probably not very useful in most cases. There may be some edge cases where it may make sense - for example, you create a new peer with an (incorrect) endpoint, but realize that endpoint should actually be unset. It's easy enough to tear down the peer, and rebuild it without the endpoint set; or just leave the endpoint since it's a hint; but the first is "inefficient", and the second leaves the runtime at odds with the desired (declarative) configuration.

It's probably a fringe issue, so not sure if it makes sense to add it.


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, December 30, 2019 3:37 AM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:

> Hi Devin,
>
> Could you let me know your reason for wanting this? If there's a good
> justification, we could consider adding it. But I'd like some
> reasoning as it relates to the entire system you're trying to build,
> first.
>
> Thanks,
> Jason
>
> On Sat, Dec 28, 2019 at 10:36 PM Jason A. Donenfeld Jason@zx2c4.com wrote:
>
> > I'm interested to learn, why would you want such a thing? The endpoint field is only ever a "hint" anyway, due to the roaming.
> > On Sat, Dec 28, 2019, 13:12 Devin Smith devinrsmith@protonmail.com wrote:
> >
> > > If I'm not mistaken, `wg set <interface> peer <base64> remove` removes the whole peer - I'm looking to remove just the peer's endpoint attribute [endpoint <ip>:<port>].
> > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > On Friday, December 27, 2019 10:51 AM, Lonnie Abelbeck lists@lonnie.abelbeck.com wrote:
> > >
> > > > > On Dec 27, 2019, at 9:51 AM, Devin Smith devinrsmith@protonmail.com wrote:
> > > > > Is it possible to remove the endpoint of a peer via the `wg set` command? All of the other peer attributes (preshared-key, persistent-keepalive, allowed-ips) are removable in this fashion (and documented in the man page). I've tried `wg set <interface> peer <base64-public-key> endpoint 0` ...
> > > >
> > > > Yes, this works:
> > > >
> > > > wg set <interface> peer <base64-public-key> remove
> > > >
> > > > ---------------------------------------------------
> > > >
> > > > If you forget, "wg set --help" will remind you.
> > > > Lonnie
> > >
> > > WireGuard mailing list
> > > WireGuard@lists.zx2c4.com
> > > https://lists.zx2c4.com/mailman/listinfo/wireguard


_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

      parent reply index

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-27 15:51 Devin Smith
2019-12-27 16:51 ` Lonnie Abelbeck
2019-12-27 18:28   ` Devin Smith
2019-12-28 20:53     ` em12345
2019-12-28 21:36     ` Jason A. Donenfeld
2019-12-30  9:37       ` Jason A. Donenfeld
2019-12-30 10:13         ` em12345
2019-12-30 10:58           ` Jason A. Donenfeld
2019-12-30 11:50             ` em12345
2019-12-30 11:53               ` Jason A. Donenfeld
2020-01-08  0:48         ` Devin Smith [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='h5iy7cvtz8UAyNLvf8J_py2H-5UOHp_9QN3wUWviT19l2T6BeiZVuaXZ5GN5712b4NIw7zODom88DP1JCh19XKm8yiY_0pddzdQ9gaauhF8=@protonmail.com' \
    --to=devinrsmith@protonmail.com \
    --cc=Jason@zx2c4.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com
	public-inbox-index wireguard

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git