On 03-01-2021 20:59, Chris Osicki wrote:
On Sat, Jan 02, 2021 at 03:37:09PM +0100, Jason A. Donenfeld wrote:
Hi,
I was thinking recently that most people have switched from a model of
updating the runtime configuration and then reading that back into a
config file, to editing the config file and then syncing that with the
runtime config. In other words, people have moved from doing:
# wg set wg0 peer ... allowed-ips ...
# wg-quick save wg0
To doing:
# vim /etc/wireguard/wg0.conf
# wg syncconf wg0 <(wg-quick strip wg0)
I think this is mostly a positive change too in terms of reliability.
Reading back the runtime configuration was always a bit hit or miss,
and I suspect that more times than not people have been confused by
SaveConfig=true.
That raises the question: are there good uses left for SaveConfig=true
and `wg-quick save` that warrant keeping the feature around?
Temporarily caching a roamed endpoint IP, perhaps, but how helpful is
that?
I haven't thought too deeply about this in order to be wedded to one
outcome over the other yet, but seeing some confusion today, again, in
#wireguard over the feature made me wonder.
Any opinions on this? Any one on this list actively use this feature
and see replacements for it (e.g. syncconf) as clearly inferior?
Jason
Hi Jason
Being an old fashioned Unix admin, ~30 years spent in this job, I vote for the
traditional way of doing it:
change the config file and let the application reread it.
I think the KISS principle is still valid ;-)
I totally agree. Reloading the config file is much nicer :)
I also don't need to save roaming endpoints. All WireGuard tunnels I use
have at-least one side with a fixed endpoint. And if that's not the case
I imagine you probably need a more complicated solution than wg-quick.
Thanks for the excellent software, Jason!
I also totally agree with this. WireGuard has made my life a lot easier :)
Regards,
Maarten
