diff options
Diffstat (limited to 'src/tools/man/wg.8')
| -rw-r--r-- | src/tools/man/wg.8 | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/src/tools/man/wg.8 b/src/tools/man/wg.8 index 49dc15b..ac281bc 100644 --- a/src/tools/man/wg.8 +++ b/src/tools/man/wg.8 @@ -5,17 +5,17 @@ wg - set and retrieve configuration of WireGuard interfaces .SH SYNOPSIS .B wg -[ +[ .I COMMAND -] [ +] [ .I OPTIONS -]... [ +]... [ .I ARGS ]... .SH DESCRIPTION -.B wg +.B wg is the configuration utility for getting and setting the configuration of WireGuard tunnel interfaces. The interfaces themselves can be added and removed using @@ -37,7 +37,7 @@ Sub-commands that take an INTERFACE must be passed a WireGuard interface. .TP \fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIlisten-port\fP | \fIfwmark\fP | \fIpeers\fP | \fIpreshared-keys\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshakes\fP | \fIpersistent-keepalive\fP | \fItransfer\fP | \fIdump\fP] -Shows current WireGuard configuration of specified \fI<interface>\fP. +Shows current WireGuard configuration and runtime information of specified \fI<interface>\fP. If no \fI<interface>\fP is specified, \fI<interface>\fP defaults to \fIall\fP. If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces, one per line, and quit. If no options are given after the interface @@ -94,6 +94,14 @@ Appends the contents of \fI<configuration-filename>\fP, which must be in the format described by \fICONFIGURATION FILE FORMAT\fP below, to the current configuration of \fI<interface>\fP. .TP +\fBsyncconf\fP \fI<interface>\fP \fI<configuration-filename>\fP +Like \fBsetconf\fP, but reads back the existing configuration first +and only makes changes that are explicitly different between the configuration +file and the interface. This is much less efficient than \fBsetconf\fP, +but has the benefit of not disrupting current peer sessions. The contents of +\fI<configuration-filename>\fP must be in the format described by +\fICONFIGURATION FILE FORMAT\fP below. +.TP \fBgenkey\fP Generates a random \fIprivate\fP key in base64 and prints it to standard output. @@ -114,7 +122,7 @@ A private key and a corresponding public key may be generated at once by calling $ wg genkey | tee private.key | wg pubkey > public.key .TP \fBhelp\fP -Show usage message. +Shows usage message. .SH CONFIGURATION FILE FORMAT The configuration file format is based on \fIINI\fP. There are two top level sections @@ -148,7 +156,7 @@ CIDR masks from which incoming traffic for this peer is allowed and to which outgoing traffic for this peer is directed. The catch-all \fI0.0.0.0/0\fP may be specified for matching all IPv4 addresses, and \fI::/0\fP may be specified for matching all IPv6 addresses. May be specified -multiple times. Required. +multiple times. .IP \(bu Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a port number. This endpoint will be updated automatically to the most recent @@ -211,6 +219,9 @@ If set to \fIalways\fP, always print ANSI colorized output. If set to \fInever\f .TP .I WG_HIDE_KEYS If set to \fInever\fP, then the pretty-printing \fBshow\fP sub-command will show private and preshared keys in the output. If set to \fIalways\fP, something invalid, or unset, then private and preshared keys will be printed as "(hidden)". +.TP +.I WG_ENDPOINT_RESOLUTION_RETRIES +If set to an integer or to \fIinfinity\fP, DNS resolution for each peer's endpoint will be retried that many times for non-permanent errors, with an increasing delay between retries. If unset, the default is 15 retries. .SH SEE ALSO .BR ip (8), |