Typo below: - 2) "Restart WireGuard VPN" takes << 1 second (using "syncconf"), no noticeable impact at all, even when editing the AllowedIPs of the peer tunnel used for + 2) "Reload WireGuard VPN" takes << 1 second (using "syncconf"), no noticeable impact at all, even when editing the AllowedIPs of the peer tunnel used for
> On Jun 13, 2019, at 5:47 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > >> Will this be in 1.3.6? > > It looks like it will, I'm testing ... Exactly what will be the final > solution upstream is to be determined, Jason considered moving the "syncconf" > code into the standard "setconf". Jason's thoughts are here: > https://lists.zx2c4.com/pipermail/wireguard/2019-June/004225.html > > Regardless if it is "syncconf", "setconf" or something else we can easily > adapt, currently we are using the "syncconf" commit per above. > > > A real world example, connecting over WG to a Linode instance of AstLinux: > > 1) "Restart WireGuard VPN" takes 35 seconds (using "setconf"), 17 seconds for > the WG peer to reestablish and the rest of the time are most likely the TCP > backoff timers for the HTTPS web interface session, totaling 35 seconds. > > 2) "Restart WireGuard VPN" takes << 1 second (using "syncconf"), no > noticeable impact at all, even when editing the AllowedIPs of the peer tunnel > used for access. > > Lonnie > > > >> On Jun 13, 2019, at 4:36 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Thanks Lonnie. >> Awesome news as I am looking to build my entire Astlinux network around >> Wireguard and this was a big issue especially since I didn't realise that wg >> setconf interrupted active tunnels (whoops). >> Will this be in 1.3.6? >> >> Regards >> Michael Knill >> >> On 13/6/19, 1:35 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: >> >> Hi Michael, >> >>> On Jun 8, 2019, at 10:28 PM, Michael Knill >>> <michael.kn...@ipcsolutions.com.au> wrote: >>> >>> Hi Lonnie >>> >>> I have overcome having to reset Wireguard by adding it to the configuration >>> and then adding the peer from the command line as follows: >>> wg set wg0 peer <Public key of Endpoint VPN Peer collected above> >>> allowed-ips <Allocated Endpoint IP Address>/32 >>> >>> Seems to work fine. May be worthwhile adding it to the GUI. >> >> The WireGuard author has come up with a new "wg syncconf ..." subcommand >> (not in master just yet) >> >> I added support for it, currently implemented as "service wireguard >> reload" ... a web interface item "Reload WireGuard VPN" soon. >> >> Previously using "wg setconf ..." under the best conditions active tunnels >> would be interrupted for 17 seconds, now there is no interruption with "wg >> syncconf ...". The wg0 interface is not taken down and back up, so any >> static routes will remain. >> >> So, if all your are doing is editing, adding, and/or deleting peers, >> follow it with a "service wireguard reload" or "Reload WireGuard VPN" menu >> and it is applied immediately without any interruption. >> >> In addition, the auto-routes are properly added and deleted due to changes >> in the peer configs. >> >> So far this is working well in testing. >> >> Michael, long story short, you will be able to add/edit/delete a peer and >> simply select "Reload WireGuard VPN", poof you're done. >> >> Lonnie >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
