From nobody Wed Oct 09 00:48:01 2024 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XNZ4Z47bQz5YbZ0 for ; Wed, 09 Oct 2024 00:48:14 +0000 (UTC) (envelope-from polarian@polarian.dev) Received: from mail.polarian.dev (mail.polarian.dev [IPv6:2001:8b0:57a:2385::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4XNZ4X6VNSz4m3w for ; Wed, 9 Oct 2024 00:48:12 +0000 (UTC) (envelope-from polarian@polarian.dev) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=polarian.dev header.s=polarian header.b=IGxg91qi; spf=pass (mx1.freebsd.org: domain of polarian@polarian.dev designates 2001:8b0:57a:2385::8 as permitted sender) smtp.mailfrom=polarian@polarian.dev; dmarc=pass (policy=reject) header.from=polarian.dev Received: from Hydrogen (_gateway [192.168.2.1]) by mail.polarian.dev (Postfix) with ESMTPSA id 480E110A0772 for ; Wed, 09 Oct 2024 00:48:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/relaxed; d=polarian.dev; s=polarian; t=1728434883; bh=8IsZID5vX4KkDivsUBD3zBxUP1sFqY0wrwIDI9mONII=; h=Date:From:To:Subject:In-Reply-To:References; b=IGxg91qi0qs6H3JzcLfy0JVmHUJQo/4kwbuGg9FWd8A8x6DHuMTWu8bz2gIhH9lHx ETgIAE1CaHWphQ1VEVP/P+b6+/LFK82L52u97Rv4uE51w1ItD5CQsTj1sBQxfF3L3R TBj/541t5EFgwkYd4X5iZA4wzRxNSi/SyubxmEBs= Date: Wed, 9 Oct 2024 01:48:01 +0100 From: Polarian To: questions@freebsd.org Subject: Re: wireguard confusion Message-ID: <20241009014801.60e084f9@Hydrogen> In-Reply-To: References: <29044f1d-f835-459d-8e1c-17832580b5d9@FreeBSD.org> <20241008024304.5ff138a9@Hydrogen> <4e50caf7-dd15-4c8c-9a69-b2f7dbee8b46@FreeBSD.org> X-Mailer: Claws Mail 3.20.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.41 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_LONG(-0.91)[-0.909]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[polarian.dev,reject]; R_DKIM_ALLOW(-0.20)[polarian.dev:s=polarian]; R_SPF_ALLOW(-0.20)[+ip6:2001:8b0:57a:2385::8]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_ONE(0.00)[1]; RCPT_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:20712, ipnet:2001:8b0::/32, country:GB]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MLMMJ_DEST(0.00)[questions@freebsd.org]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[polarian.dev:+] X-Rspamd-Queue-Id: 4XNZ4X6VNSz4m3w X-Spamd-Bar: --- Hello, As for the scripts not being ported, wg-quick can be omitted and you could use ifconfig directly within rc.conf. However, this is not clean, nor secure in the slightest, as you would need to stick your private key in the rc.conf which by default can be read by any user. It would be nice if WG(4) could load configs natively without needing a script to do so, in the same format as wg-quick does (look for /etc/wireguard/.conf), therefore no bash needed, and it can be baked into the base system easily without relying on third party scripts. I assume the problem with this is someone has to code it. > > If anything, I'd do something to the base copy -- if not delete it, > > maybe rename it, how about wgtool ? > > > > I can't think of a good reason to do this, no. You should be using > the version in base, not the version in ports. I would like to point out that this entire thread is about wireguard confusion, and you want to rename the standard name (wg) to a non-standard name, even if this was a good idea, this would cause even more confusion. > >>> Little nitpick at this, can't you exclude wg from the port then? > > > >> At this point we probably could- all supported versions should have > >> it- but I have no opinion. CC decke@ > > > > Note that the rc bit would have to be modified in that case, as it > > hardcodes the pathname to /usr/local/bin/wg. > > > > That can be fixed. I am a little confused why you would hardcode the path to wg in the script and not use whats in $PATH (which, as I explained in my first email in this thread, defaults to /usr/bin/wg), maybe someone knows the reason for this? (I am curious) Take care, -- Polarian GPG signature: 0770E5312238C760 Jabber/XMPP: polarian@icebound.dev