From 1a96887f7ad8f2a6e0ef10022feb971615c8c5a6 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Jul 2016 02:52:41 +0200 Subject: persistent keepalive: documentation --- src/tools/wg.8 | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'src/tools/wg.8') diff --git a/src/tools/wg.8 b/src/tools/wg.8 index eee6d7b..347fb27 100644 --- a/src/tools/wg.8 +++ b/src/tools/wg.8 @@ -36,7 +36,7 @@ Sub-commands that take an INTERFACE must be passed a WireGuard interface. .SH COMMANDS .TP -\fBshow\fP { \fI\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIpreshared-key\fP | \fIlisten-port\fP | \fIpeers\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshake\fP | \fIbandwidth\fP] +\fBshow\fP { \fI\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIpreshared-key\fP | \fIlisten-port\fP | \fIpeers\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshake\fP | \fIpersistent-keepalive\fP | \fIbandwidth\fP] Shows current WireGuard configuration of specified \fI\fP. If no \fI\fP is specified, \fI\fP defaults to \fIall\fP. If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces, @@ -49,7 +49,7 @@ newlines and tabs, meant to be used in scripts. Shows the current configuration of \fI\fP in the format described by \fICONFIGURATION FILE FORMAT\fP below. .TP -\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIpreshared-key\fP \fI\fP] [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIendpoint\fP \fI:\fP] [\fIallowed-ips\fP \fI/\fP[,\fI/\fP]...] ]... +\fBset\fP \fI\fP [\fIlisten-port\fP \fI\fP] [\fIprivate-key\fP \fI\fP] [\fIpreshared-key\fP \fI\fP] [\fIpeer\fP \fI\fP [\fIremove\fP] [\fIendpoint\fP \fI:\fP] [\fIpersistent-keepalive\fP \fI\fP] [\fIallowed-ips\fP \fI/\fP[,\fI/\fP]...] ]... Sets configuration values for the specified \fI\fP. Multiple \fIpeer\fPs may be specified, and if the \fIremove\fP argument is given for a peer, that peer is removed, not configured. If \fIlisten-port\fP @@ -66,7 +66,14 @@ you may safely pass in a string by specifying as \fIprivate-key\fP or layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP is specified, but the value is the empty string, all allowed ips are removed -from the peer. +from the peer. The use of \fIpersistent-keepalive\fP is optional and is by +default off; setting it to 0 or "off", disables it. Otherwise it represents, +in seconds, between 10 and 3600 inclusive, how often to send an empty UDP +packet to the peer, for the purpose of keeping a stateful firewall or NAT +mapping valid persistently. For example, if the interface very rarely sends +traffic, but it might at anytime receive traffic from a peer, and it is behind +NAT, the interface might benefit from having a persistent keepalive interval +of 25 seconds. .TP \fBsetconf\fP \fI\fP \fI\fP Sets the current configuration of \fI\fP to the contents of @@ -134,6 +141,14 @@ Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a port number. This endpoint will be updated automatically to the most recent source IP address and port of correctly authenticated packets from the peer. Optional. +.IP \(bu +PersistentKeepalive \(em a seconds interval, between 10 and 3600 inclusive, of +how often to send an empty UDP packet to the peer for the purpose of keeping a +stateful firewall or NAT mapping valid persistently. For example, if the interface +very rarely sends traffic, but it might at anytime receive traffic from a peer, +and it is behind NAT, the interface might benefit from having a persistent keepalive +interval of 25 seconds. If set to 0 or "off", this option is disabled. By default or +when unspecified, this option is off. Optional. .SH CONFIGURATION FILE FORMAT EXAMPLE This example may be used as a model for writing configuration files. -- cgit v1.2.3-59-g8ed1b