f65fba7dd8
man: update wg-quick(8) to show Debian resolvconf braindamage
...
While OpenResolv supports explicit ordering directives such as `-m` and
exclusivity directives such as `-x`, Debian's own resolvconf supports
none of this, instead using a hard coded list of interface name
templates for determining ordering. While trying to emulate `-x` is
difficult [*], we can at least try to mostly emulate `-m 0` by
masquerading as a `tun*` interface to resolvconf. Ugly, but it works.
[*] One heavy handed way of emulating `-x` would be something like:
# echo nameserver 8.8.8.8 > /etc/resolv.conf.wg0-exclusive
# mount --bind -o ro /etc/resolv.conf.wg0-exclusive /etc/resolv.conf
# rm -f /etc/resolv.conf.wg0-exclusive
This in practice works quite well, but is a bit heavy to put in a man
page. It also doesn't "stack" well. For example, if we simply run
`umount /etc/resolv.conf`, how do we know which resolv.conf entry we're
unmounting?
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-30 18:07:28 +02:00
682b15cb5e
wg-quick: use src routing for default routes in v6
...
Otherwise, traffic is sent with the IP address of a different interface,
and then packets don't actually get delivered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-18 14:41:34 +02:00
641b479b44
man: fix psk mention in wg-quick man page
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-18 14:41:24 +02:00
3a7be3fac5
wg: opt-in globally to GNU-isms to keep the BSDs happy
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:34:23 +02:00
945fae0c7c
wg: support text-based ipc
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:13:14 +02:00
c3b2dbcdb0
wg: check for proto error on set too
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
067ebe2cb9
wg: stricter key file reading
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
fabb6eca2b
noise: redesign preshared key mode
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
13db708a0f
wg-quick: auto MTU discovery
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
83223f8e4c
wg: retry name resolution on temporary failure
...
This should solve many problems at init time.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-05-17 18:07:42 +02:00
c98c415bd1
wg: no hyphen in preshared, to keep uniformity
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-20 22:53:00 +02:00
5fab6f18d5
wg: argc is always 1
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
6a967c63a7
wg: check for malloc failure
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
755217bd85
wg: side channel resistant base64
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-04-19 18:26:32 +02:00
d42dd68add
wg: do not use addrconfig with port in gai
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-28 10:46:31 +02:00
6d20c647d0
uapi: add version magic
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
a8803c17a7
wg-quick: various cleanups
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
3067b59798
wg: document # comments in wg(8) man page
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-24 04:44:27 +01:00
ef66ea99e4
wg-quick: support old ip(8)
...
Old versions of ip(8) do not accept arguments to `ip rule show.` This
patch works around that limitation.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-03-19 15:34:46 +01:00
89cb1a18a4
contrib: add wg-json utility
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 15:58:45 +01:00
aefa5e8edc
wg: fix bash completion spaces
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
bda4b8c60b
wg: add wg show [interface] dump
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
d4edc7baa8
wg: give "off" value for fwmark
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
a9bcd0d401
wg-quick: allow config files without trailing newline
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-23 07:09:49 +01:00
b20702bfa3
extract-keys: respect compat directives
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-20 21:55:44 +01:00
6448d5557c
wg-quick: unquote fwmark for bash 4.3
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-14 11:41:56 +01:00
f60ceb76e6
wg-quick: set LC_ALL for consistent regex
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:18 +01:00
c8472e2dab
socket: enable setting of fwmark
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:18 +01:00
ef29165cde
socket: general ephemeral ports instead of name-based ports
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:17 +01:00
cf2cb85a08
wg-quick: support v6 dual stack
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-13 21:55:17 +01:00
3606898d23
wg: remove key for any empty file
...
Rather than just using /dev/null to mean key removal, match on any empty
file, so that this interface is cross platform.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07 12:21:22 +01:00
666623a82e
wg: setconf should remove existing psk
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-02-07 12:21:22 +01:00
4586e14749
wg-quick: recommend using resolvconf in exclusive mode
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-19 00:07:31 +01:00
db4f06d118
wg: man: recommend correct port
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-15 22:22:45 +01:00
1d20912898
wg-quick: parse IPv6 endpoints correctly
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-15 13:01:06 +01:00
035a649641
wg-quick: better removal of suppress_prefix rule
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-11 00:29:58 +01:00
396dc76a04
Update copyright
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 06:36:19 +01:00
f43b43376b
uapi: use sockaddr union instead of sockaddr_storage
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 06:29:24 +01:00
48f7c3522a
uapi: use flag instead of C bitfield for portability
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
12904a1095
wg: ipc: read from socket incrementally
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
e92e0dca14
wg: error on short ret reads
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-10 05:36:43 +01:00
16060516bb
wg-quick: enforce good permissions
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-09 00:22:21 +01:00
bf5d24eca4
wg: add installation note for distros
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 19:41:23 +01:00
d2f244b136
wg: remove DESTDIR for autodetection
...
DESTDIR is always empty, no need to check anything there. Check the main
system instead.
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
6b940830e9
wg: add systemd unit and auto-detection
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
7c202eb5fc
wg: add makefile instructions
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
e975597e72
wg: add wg-quick
...
This is based on wg-config, but is even easier to use, and now makes
our full tools suite.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-05 02:30:20 +01:00
bf158a73fe
wg: add bash completion for wg(8)
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-04 07:15:11 +01:00
fd9e737c72
contrib: slight ncat tweak
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-01-03 06:06:59 +01:00
ae82dcfed3
wg: syscall.h should actually be sys/syscall.h
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-12-30 17:53:05 +01:00
Jason A. Donenfeld
Pim van Pelt
Christian Hesse