Skip to content

Commit

Permalink
Use preshared keys and make pingable (#15)
Browse files Browse the repository at this point in the history
* make wireguard pingable

* accept preshared key for a peer

* forked to inventage

* Revert "forked to inventage"

This reverts commit d7cdee9.
  • Loading branch information
fbuetler authored Mar 12, 2023
1 parent ed90ef8 commit 971edbb
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 5 deletions.
3 changes: 2 additions & 1 deletion pkg/wgembed/iface.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@ import (

type WireGuardInterface interface {
LoadConfig(config *ConfigFile) error
AddPeer(publicKey string, addressCIDR []string) error
AddPeer(publicKey string, presharedKey string, addressCIDR []string) error
ListPeers() ([]wgtypes.Peer, error)
RemovePeer(publicKey string) error
PublicKey() (string, error)
Close() error
Ping() error
}

// Options contains configuration options for the interface
Expand Down
25 changes: 22 additions & 3 deletions pkg/wgembed/management.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,23 @@ import (
// AddPeer adds a new peer to the interface.
// The subnet sizes in addressCIDR should be /32 for IPv4 and /128 for IPv6,
// as the whole subnet will be added to AllowedIPs for this device.
func (wg *commonInterface) AddPeer(publicKey string, addressCIDR []string) error {
key, err := wgtypes.ParseKey(publicKey)
// The presharedKey is optinal and can be omitted with nil
func (wg *commonInterface) AddPeer(publicKey string, presharedKey string, addressCIDR []string) error {
wgPublicKey, err := wgtypes.ParseKey(publicKey)
if err != nil {
return errors.Wrapf(err, "bad public key %v", publicKey)
}

var wgPresharedKey *wgtypes.Key
if len(presharedKey) != 0 {
psk, err := wgtypes.ParseKey(presharedKey)
if err != nil {
logrus.WithError(err).Warnf("ignoring bad pre-shared key: %v", presharedKey)
} else {
wgPresharedKey = &psk
}
}

parsedAddresses := make([]net.IPNet, 0, len(addressCIDR))
for _, addr := range addressCIDR {
_, allowedIPs, err := net.ParseCIDR(addr)
Expand All @@ -31,7 +42,8 @@ func (wg *commonInterface) AddPeer(publicKey string, addressCIDR []string) error
config.ReplacePeers = false
config.Peers = []wgtypes.PeerConfig{
{
PublicKey: key,
PublicKey: wgPublicKey,
PresharedKey: wgPresharedKey,
AllowedIPs: parsedAddresses,
ReplaceAllowedIPs: true,
},
Expand Down Expand Up @@ -109,6 +121,13 @@ func (wg *commonInterface) Port() (int, error) {
return device.ListenPort, nil
}

func (wg *commonInterface) Ping() error {
if _, err := wg.ListPeers(); err != nil {
return errors.New("failed to ping wireguard")
}
return nil
}

func (wg *commonInterface) configure(cb func(*wgtypes.Config) error) error {
// TODO: concurrency
// s.lock.Lock()
Expand Down
6 changes: 5 additions & 1 deletion pkg/wgembed/noop.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ func (wg *NoOpWireguardInterface) LoadConfig(config *ConfigFile) error {
return nil
}

func (wg *NoOpWireguardInterface) AddPeer(publicKey string, addressCIDR []string) error {
func (wg *NoOpWireguardInterface) AddPeer(publicKey string, presharedKey string, addressCIDR []string) error {
return nil
}

Expand All @@ -32,3 +32,7 @@ func (wg *NoOpWireguardInterface) PublicKey() (string, error) {
func (wg *NoOpWireguardInterface) Close() error {
return nil
}

func (wg *NoOpWireguardInterface) Ping() error {
return nil
}

0 comments on commit 971edbb

Please sign in to comment.