From 7df25293c436beef0b86dd7954ce0ee495c4936b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 24 Jan 2017 04:20:05 +0100 Subject: tools: remove key for any empty file Rather than just using /dev/null to mean key removal, match on any empty file, so that this interface is cross platform. --- src/tools/wg.8 | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'src/tools/wg.8') diff --git a/src/tools/wg.8 b/src/tools/wg.8 index 54ae378..2ec005c 100644 --- a/src/tools/wg.8 +++ b/src/tools/wg.8 @@ -60,20 +60,21 @@ most systems but if you are using .BR bash (1), you may safely pass in a string by specifying as \fIprivate-key\fP or \fIpreshared-key\fP the expression: <(echo PRIVATEKEYSTRING). If -\fI/dev/null\fP is specified as the filename for either \fIprivate-key\fP or -\fIpreshared-key\fP, the key is removed from the device. The use of -\fIpreshared-key\fP is optional, and may be omitted; it adds an additional -layer of symmetric-key cryptography to be mixed into the already existing -public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP -is specified, but the value is the empty string, all allowed ips are removed -from the peer. The use of \fIpersistent-keepalive\fP is optional and is by -default off; setting it to 0 or "off", disables it. Otherwise it represents, -in seconds, between 1 and 65535 inclusive, how often to send an authenticated -empty packet to the peer, for the purpose of keeping a stateful firewall or NAT -mapping valid persistently. For example, if the interface very rarely sends -traffic, but it might at anytime receive traffic from a peer, and it is behind -NAT, the interface might benefit from having a persistent keepalive interval -of 25 seconds; however, most users will not need this. +\fI/dev/null\fP or another empty file is specified as the filename for +either \fIprivate-key\fP or \fIpreshared-key\fP, the key is removed from +the device. The use of \fIpreshared-key\fP is optional, and may be omitted; +it adds an additional layer of symmetric-key cryptography to be mixed into +the already existing public-key cryptography, for post-quantum resistance. +If \fIallowed-ips\fP is specified, but the value is the empty string, all +allowed ips are removed from the peer. The use of \fIpersistent-keepalive\fP +is optional and is by default off; setting it to 0 or "off", disables it. +Otherwise it represents, in seconds, between 1 and 65535 inclusive, how often +to send an authenticated empty packet to the peer, for the purpose of keeping +a stateful firewall or NAT mapping valid persistently. For example, if the +interface very rarely sends traffic, but it might at anytime receive traffic +from a peer, and it is behind NAT, the interface might benefit from having a +persistent keepalive interval of 25 seconds; however, most users will not need +this. .TP \fBsetconf\fP \fI\fP \fI\fP Sets the current configuration of \fI\fP to the contents of -- cgit v1.2.3-59-g8ed1b