add/remove a peer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ST <smntov@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: add/remove a peer
Date: Sat, 24 Mar 2018 22:32:47 +0300	[thread overview]
Message-ID: <1521919967.1921.32.camel@gmail.com> (raw)

Hello,

I'm learning WireGuard and have a question regarding adding/removing a
peer.

Is there something like:

1) wg add peer ABCDEF... allowed-ips 192.168.88.0/24 endpoint
209.202.254.14:8172

and by default, if some(/all) values are not provided - WG will generate
them on its own. E.g. if IP is not provided - it will scan all known IPs
and choose a new one (with /32) from the range that was mentioned with
`ip address add dev wg0` command. This way system administrator doesn't
have to choose IPs manually for new clients (doing so manually is
boring, time consuming and error prone). The same for the keys: the
server will generate the pair of keys - the public (together with the
new IP) keep for itself to set a new peer/client. And the private key
together with 0.0.0.0/0 (or the range mentioned with `ip address add dev
wg0` command) print as output to be used for setting up a new client.

So adding a new client on server could look like this:

wg add peer persistent-keepalive 25  endpoint vpn0.example.org:22000 >
wg0.conf

Where wg0.conf will look like:

[Interface]
PrivateKey = ui4AN....AbhwcvHWo=
ListenPort = 22000

[Peer]
PublicKey = ViCKc...gQp43rp7BHM=
AllowedIPs = 10.0.0.0/8
Endpoint = vpn0.example.org:22000
PersistentKeepalive = 25

wg0.conf can now be encrypted, let's say with PGP and sent to the new
client to be placed under /etc/wireguard/wg0.conf. Super easy even for
not so tech-savvy folks...

2) similar for removing clients:

wg rm peer ABCDEF...
or
wg rm peer allowed-ips 192.168.88.4/32

Is this implemented already or should I file it as a feature request
somewhere? (if so - where?)

Thank you!

next             reply	other threads:[~2018-03-24 19:21 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-24 19:32 ST [this message]
2018-03-25 16:43 ` add/remove a peer Wang Jian
2018-03-25 17:57   ` ST
2018-03-25 18:10   ` ST
2018-03-25 19:17     ` Kalin KOZHUHAROV
2018-03-25 19:42       ` Roman Mamedov
2018-03-26 15:13       ` ST
2018-03-26 18:46 ` Luis Ressel
2018-03-26 19:48   ` ST

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1521919967.1921.32.camel@gmail.com \
    --to=smntov@gmail.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.