> Will this be in 1.3.6? It looks like it will, I'm testing ... Exactly what will be the final solution upstream is to be determined, Jason considered moving the "syncconf" code into the standard "setconf". Jason's thoughts are here: https://lists.zx2c4.com/pipermail/wireguard/2019-June/004225.html
Regardless if it is "syncconf", "setconf" or something else we can easily adapt, currently we are using the "syncconf" commit per above. A real world example, connecting over WG to a Linode instance of AstLinux: 1) "Restart WireGuard VPN" takes 35 seconds (using "setconf"), 17 seconds for the WG peer to reestablish and the rest of the time are most likely the TCP backoff timers for the HTTPS web interface session, totaling 35 seconds. 2) "Restart WireGuard VPN" takes << 1 second (using "syncconf"), no noticeable impact at all, even when editing the AllowedIPs of the peer tunnel used for access. Lonnie > On Jun 13, 2019, at 4:36 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Thanks Lonnie. > Awesome news as I am looking to build my entire Astlinux network around > Wireguard and this was a big issue especially since I didn't realise that wg > setconf interrupted active tunnels (whoops). > Will this be in 1.3.6? > > Regards > Michael Knill > > On 13/6/19, 1:35 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > > Hi Michael, > >> On Jun 8, 2019, at 10:28 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Hi Lonnie >> >> I have overcome having to reset Wireguard by adding it to the configuration >> and then adding the peer from the command line as follows: >> wg set wg0 peer <Public key of Endpoint VPN Peer collected above> >> allowed-ips <Allocated Endpoint IP Address>/32 >> >> Seems to work fine. May be worthwhile adding it to the GUI. > > The WireGuard author has come up with a new "wg syncconf ..." subcommand > (not in master just yet) > > I added support for it, currently implemented as "service wireguard > reload" ... a web interface item "Reload WireGuard VPN" soon. > > Previously using "wg setconf ..." under the best conditions active tunnels > would be interrupted for 17 seconds, now there is no interruption with "wg > syncconf ...". The wg0 interface is not taken down and back up, so any > static routes will remain. > > So, if all your are doing is editing, adding, and/or deleting peers, > follow it with a "service wireguard reload" or "Reload WireGuard VPN" menu > and it is applied immediately without any interruption. > > In addition, the auto-routes are properly added and deleted due to changes > in the peer configs. > > So far this is working well in testing. > > Michael, long story short, you will be able to add/edit/delete a peer and > simply select "Reload WireGuard VPN", poof you're done. > > Lonnie > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
