Re: wireguard confusion

From: Polarian <polarian_at_polarian.dev>
Date: Wed, 09 Oct 2024 00:48:01 UTC
Hello,

As for the scripts not being ported, wg-quick can be omitted and you
could use ifconfig directly within rc.conf.

However, this is not clean, nor secure in the slightest, as you would
need to stick your private key in the rc.conf which by default can be
read by any user.

It would be nice if WG(4) could load configs natively without needing a
script to do so, in the same format as wg-quick does (look for
/etc/wireguard/<interface>.conf), therefore no bash needed, and it can
be baked into the base system easily without relying on third party
scripts. I assume the problem with this is someone has to code it.

> > If anything, I'd do something to the base copy -- if not delete it,
> > maybe rename it, how about wgtool ?
> >   
> 
> I can't think of a good reason to do this, no.  You should be using
> the version in base, not the version in ports.

I would like to point out that this entire thread is about wireguard
confusion, and you want to rename the standard name (wg) to a
non-standard name, even if this was a good idea, this would cause even
more confusion.

> >>> Little nitpick at this, can't you exclude wg from the port then?  
> >   
> >> At this point we probably could- all supported versions should have
> >> it- but I have no opinion.  CC decke@  
> > 
> > Note that the rc bit would have to be modified in that case, as it
> > hardcodes the pathname to /usr/local/bin/wg.
> >   
> 
> That can be fixed.

I am a little confused why you would hardcode the path to wg in the
script and not use whats in $PATH (which, as I explained in my first
email in this thread, defaults to /usr/bin/wg), maybe someone knows the
reason for this? (I am curious)

Take care,
-- 
Polarian
GPG signature: 0770E5312238C760
Jabber/XMPP: polarian@icebound.dev