Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Best practice for using on working configuration? #74

Open
pompushko opened this issue Jun 5, 2024 · 3 comments
Open

Best practice for using on working configuration? #74

pompushko opened this issue Jun 5, 2024 · 3 comments

Comments

@pompushko
Copy link

pompushko commented Jun 5, 2024
edited
Loading

Hello

I have a big wg0.conf file with 30+ peers.

Is there any good way to use WireRest with current configuration and dont broke anything?
Also, I dont use pre-shared key. How to disable it via any flag or variable?
Is there any variable to listen only specific IP?

Thank you.
@FokiDoki
Copy link
Owner

FokiDoki commented Jun 5, 2024
edited
Loading

Hi!
WireRest has been tested on configurations with over 10,000 peers, 30 is a breeze :)

There is no flag to disable PSK generation, but you can simply send an empty value as in the example below. PSK will not be generated

{
  "publicKey": "PUBKEY",
  "presharedKey": "",
  "privateKey": "PRIVATE_KEY",
 //other data
}

WireRest does not have the feature of listening to a specific IP address. You can instead specify a subnet by passing --server.address=192.168.1.100 in the run arguments. Replace 192.168.1.100 with the IP address available on your server. Alternatively, you can configure some kind of firewall (such as UFW) to configure access rules.

@pompushko
Copy link
Author

pompushko commented Jun 6, 2024
edited
Loading

Well. Yes. I tried to play and yes. I have to send only to auto generate peer data.

{
  "presharedKey": ""
}

But this is super weird :D
Why not only make a get request and thats all. Without any data except token?

Thank you for server IP setting :)

@pompushko
Copy link
Author

pompushko commented Jun 10, 2024
edited
Loading

Okay. Here is mine 2 coins about backup after any changes in wg0.conf:

pupa@vpn-1:~$ cat /etc/systemd/system/wireguard-backup.path
[Unit]
Description=Watch for changes in config of WireGuard VPN

[Path]
Unit=wireguard-backup.service
PathChanged=/etc/wireguard/wg0.conf

[Install]
WantedBy=multi-user.target

Use any cloud or storage for backups. I use GCP

pupa@vpn-1:~$ cat /etc/systemd/system/wireguard-backup.service
[Unit]
Description=Upload backup for config file of WireGuard VPN
After=network.target

[Service]
Type=oneshot
ExecStartPre=/usr/bin/sleep 10
ExecStart=/usr/bin/bash -c "/usr/bin/gcloud storage cp /etc/wireguard/wg0.conf gs://my-vpn/$(date +"%%Y%%m%%d%%H%%M%%S")_wg0.conf"

[Install]
WantedBy=multi-user.target

sudo systemctl enable wireguard-backup.{path,service}
sudo systemctl start wireguard-backup.{path,service}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pompushko @FokiDoki