Commits on Oct 4, 2020

1. wg-quick linux: Add strip-and-eval cmd to extract keys from PostUp …

   The manpage mentions the trick to use PostUp to read the PrivateKey (or
   PresharedKey) from a command (or file). However, when you actually use
   that you notice that this is currently not fully supported. The issue is
   that
   
   ```Shell
   wg syncconf wgnet0 <(wg-quick strip wgnet0)
   ```
   
   from the manpage now breaks the VPN because it *removes* the private key
   from the WireGuard interface. The reason is that `strip` removes PostUp
   of course.
   
   This patch tries to add full support to read WireGuard keys from files
   or command outputs by evaluating PostUp using a best effort approach
   (using regex). It will not work for everything but when you follow the
   manpage closely, it will work.
   
   I also propose to update the systemd template to make seamless use of
   this. This is not a must because the sysadmin can easily change the
   ExecReload using systemd drop-in files.
   
   Note that the patchset is incomplete (currently only for Linux).
   I don’t have all the other OSes laying around. When the patch looks ok,
   I can apply it to the other versions also.
   
   Example use of this patch:
   https://github.com/ypid/ansible-wireguard/tree/prepare-for-debops
   
   Signed-off-by: Robin Schneider <[email protected]>

   

   ypid committed Oct 4, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 4963c83
   • Browse repository at this point

   Copy the full SHA

   4963c83 View commit details

   Browse the repository at this point in the history