aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/wg-quick.bash (follow)
Commit message (Collapse)AuthorAgeFilesLines
* wg: reorganize for multiplatform wg-quickJason A. Donenfeld2018-05-141-334/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: preliminary support for go implementationJason A. Donenfeld2018-05-101-1/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: account for specified fwmark in auto routing modeJason A. Donenfeld2018-04-151-19/+23
| | | | | | | | | | | | If we're doing automatic routing with default routes, but the config has also specified an explicit fwmark, then use that explicit fwmark, even if it's conflicting, since the administrator has explicitly opted into using it. Also, when shutting down the interface, we only now remove the fancy rules if we're in automatic routing mode with default routes. Suggested-by: Luis Ressel <aranea@aixah.de> Reported-by: Saeid Akbari <saeidscorp@yahoo.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: hide errors on saveJason A. Donenfeld2018-03-041-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: if resolvconf/run/iface exists, use itJason A. Donenfeld2018-03-041-1/+1
| | | | | | | Some older broken resolvconfs don't support resolvconf -l, but do have a file in a standard location, so use it. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: if resolvconf/interface-order exists, use itJason A. Donenfeld2018-03-041-3/+12
| | | | | | | | | Some older broken resolvconf implementations ignore -m, but do have an interface-order list. It's better to use this list dynamically, in case it changes, or in case it's not used by the OS's resolvconf implementation, such as in the case of systemd or openresolv. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: allow in-line commentsJason A. Donenfeld2018-02-171-3/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: match from beginning rather than shift rightJason A. Donenfeld2018-02-061-2/+2
| | | | | | | Before, this meant that it simply took the last 15 characters, instead of erroring out when there's more than 15 chars. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: ifnames have max len of 15Jason A. Donenfeld2018-01-101-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: year bumpJason A. Donenfeld2018-01-031-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: dumber matching for default routesJason A. Donenfeld2017-12-131-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: add the "Table" config optionLuis Ressel2017-12-131-3/+13
| | | | | | | | | * Table=auto (default) selects the current behaviour * Table=off disables creation of routes altogether * All other values are passed through to "ip route add"'s table option Signed-off-by: Luis Ressel <aranea@aixah.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: add SPDX tags to all filesGreg Kroah-Hartman2017-12-091-0/+1
| | | | | | | | | | | | | | It's good to have SPDX identifiers in all files as the Linux kernel developers are working to add these identifiers to all files. Update all files with the correct SPDX license identifier based on the license text of the project or based on the license in the file itself. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Modified-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: allow for tabs in keysJason A. Donenfeld2017-11-101-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: stat the correct enclosing folder of config fileJason A. Donenfeld2017-11-101-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: save all hooks on saveJason A. Donenfeld2017-11-011-5/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: fsync the temporary file before renamingJason A. Donenfeld2017-10-311-0/+1
| | | | | | | | This ensures that on an unclean shutdown, we either see the old content or the new content, but not empty content. Suggested-by: Ka Ho Ng <ngkaho1234@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: allow for saving existing interfaceJason A. Donenfeld2017-10-311-1/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: allow for the hatchet, but not by defaultJason A. Donenfeld2017-10-311-0/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: remember to rewind DNS settings on failureJason A. Donenfeld2017-10-311-3/+8
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: allow specifiying multiple hooksJason A. Donenfeld2017-10-311-17/+19
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: check permissions of parent directoryJason A. Donenfeld2017-10-021-1/+1
| | | | | | | Also prefix octal 0, in case these files are actually of modes that don't start with 0 by accident (such as SUID or sticky bit). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: verify wireguard interface in more clever wayJason A. Donenfeld2017-10-021-1/+1
| | | | | | | This helps with old Debian which has ancient iproute2, as well as paving the path toward this script supporting userspace implementations. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: anchor sysctl regex to start and endJason A. Donenfeld2017-10-021-1/+1
| | | | | | | | This doesn't actually fix a real problem, but it is more correct than not having it. Suggested-by: Aaron Sigel <aaron@vtty.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: add explicit support for common DNS usageJason A. Donenfeld2017-07-261-0/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: do not use grepJason A. Donenfeld2017-07-241-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: do not set explicit src route for v6 default routeJason A. Donenfeld2017-07-241-11/+3
| | | | | | | | | | | This was only required because clueless network operators were trying to route fec0::/10 globally, when that range doesn't actually have global scope. Now that we understand the cause was operator error, we revert the change here, so that the routing table is kept consistent. This reverts commit 64e47de870a2f0575b5564a70e5680b48ab83ff9. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: usage typosJason A. Donenfeld2017-07-201-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: use printf -v instead of namerefs for bash 4.2Jason A. Donenfeld2017-06-281-3/+2
| | | | | | I'm not happy about this. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: properly match IPv6 endpointJason A. Donenfeld2017-06-241-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: match ipv6 default route more broadlyJason A. Donenfeld2017-06-121-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: make sure we have empty table for both v6 and v4Jason A. Donenfeld2017-06-111-1/+3
| | | | | | | | Otherwise, we wind up not doing the right thing in the v6-only case, or doing something totally borked when v4 and v6 are filled unevenly. Reported-by: Roelf Wichertjes <contact@roelf.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: use src routing for default routes in v6Jason A. Donenfeld2017-05-181-3/+11
| | | | | | | Otherwise, traffic is sent with the IP address of a different interface, and then packets don't actually get delivered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: auto MTU discoveryJason A. Donenfeld2017-05-171-0/+23
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: various cleanupsJason A. Donenfeld2017-03-241-5/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: support old ip(8)Pim van Pelt2017-03-191-4/+8
| | | | | | | Old versions of ip(8) do not accept arguments to `ip rule show.` This patch works around that limitation. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: give "off" value for fwmarkJason A. Donenfeld2017-02-231-1/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: allow config files without trailing newlineJason A. Donenfeld2017-02-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: unquote fwmark for bash 4.3Jason A. Donenfeld2017-02-141-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: set LC_ALL for consistent regexJason A. Donenfeld2017-02-131-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* socket: enable setting of fwmarkJason A. Donenfeld2017-02-131-15/+20
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: support v6 dual stackJason A. Donenfeld2017-02-131-7/+18
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: parse IPv6 endpoints correctlyJason A. Donenfeld2017-01-151-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: better removal of suppress_prefix ruleJason A. Donenfeld2017-01-111-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Update copyrightJason A. Donenfeld2017-01-101-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg-quick: enforce good permissionsJason A. Donenfeld2017-01-091-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wg: add wg-quickJason A. Donenfeld2017-01-051-0/+209
This is based on wg-config, but is even easier to use, and now makes our full tools suite. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.