Typo below: - 2) "Restart WireGuard VPN" takes << 1 second (using "syncconf"), no noticeable impact at all, even when editing the AllowedIPs of the peer tunnel used for + 2) "Reload WireGuard VPN" takes << 1 second (using "syncconf"), no noticeable impact at all, even when editing the AllowedIPs of the peer tunnel used for
> On Jun 13, 2019, at 5:47 PM, Lonnie Abelbeck <[email protected]> > wrote: > >> Will this be in 1.3.6? > > It looks like it will, I'm testing ... Exactly what will be the final > solution upstream is to be determined, Jason considered moving the "syncconf" > code into the standard "setconf". Jason's thoughts are here: > https://lists.zx2c4.com/pipermail/wireguard/2019-June/004225.html > > Regardless if it is "syncconf", "setconf" or something else we can easily > adapt, currently we are using the "syncconf" commit per above. > > > A real world example, connecting over WG to a Linode instance of AstLinux: > > 1) "Restart WireGuard VPN" takes 35 seconds (using "setconf"), 17 seconds for > the WG peer to reestablish and the rest of the time are most likely the TCP > backoff timers for the HTTPS web interface session, totaling 35 seconds. > > 2) "Restart WireGuard VPN" takes << 1 second (using "syncconf"), no > noticeable impact at all, even when editing the AllowedIPs of the peer tunnel > used for access. > > Lonnie > > > >> On Jun 13, 2019, at 4:36 PM, Michael Knill >> <[email protected]> wrote: >> >> Thanks Lonnie. >> Awesome news as I am looking to build my entire Astlinux network around >> Wireguard and this was a big issue especially since I didn't realise that wg >> setconf interrupted active tunnels (whoops). >> Will this be in 1.3.6? >> >> Regards >> Michael Knill >> >> On 13/6/19, 1:35 pm, "Lonnie Abelbeck" <[email protected]> wrote: >> >> Hi Michael, >> >>> On Jun 8, 2019, at 10:28 PM, Michael Knill >>> <[email protected]> wrote: >>> >>> Hi Lonnie >>> >>> I have overcome having to reset Wireguard by adding it to the configuration >>> and then adding the peer from the command line as follows: >>> wg set wg0 peer <Public key of Endpoint VPN Peer collected above> >>> allowed-ips <Allocated Endpoint IP Address>/32 >>> >>> Seems to work fine. May be worthwhile adding it to the GUI. >> >> The WireGuard author has come up with a new "wg syncconf ..." subcommand >> (not in master just yet) >> >> I added support for it, currently implemented as "service wireguard >> reload" ... a web interface item "Reload WireGuard VPN" soon. >> >> Previously using "wg setconf ..." under the best conditions active tunnels >> would be interrupted for 17 seconds, now there is no interruption with "wg >> syncconf ...". The wg0 interface is not taken down and back up, so any >> static routes will remain. >> >> So, if all your are doing is editing, adding, and/or deleting peers, >> follow it with a "service wireguard reload" or "Reload WireGuard VPN" menu >> and it is applied immediately without any interruption. >> >> In addition, the auto-routes are properly added and deleted due to changes >> in the peer configs. >> >> So far this is working well in testing. >> >> Michael, long story short, you will be able to add/edit/delete a peer and >> simply select "Reload WireGuard VPN", poof you're done. >> >> Lonnie >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [email protected]. >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [email protected]. > > > > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
