FokiDoki / WireRest

REST API for Wireguard
MIT License
23 stars 7 forks source link

Best practice for using on working configuration? #74

Open pompushko opened 5 months ago

pompushko commented 5 months ago

Hello

I have a big wg0.conf file with 30+ peers.

Is there any good way to use WireRest with current configuration and dont broke anything? Also, I dont use pre-shared key. How to disable it via any flag or variable? Is there any variable to listen only specific IP?

Thank you.

FokiDoki commented 5 months ago

Hi! WireRest has been tested on configurations with over 10,000 peers, 30 is a breeze :)

There is no flag to disable PSK generation, but you can simply send an empty value as in the example below. PSK will not be generated

{
  "publicKey": "PUBKEY",
  "presharedKey": "",
  "privateKey": "PRIVATE_KEY",
 //other data
}

WireRest does not have the feature of listening to a specific IP address. You can instead specify a subnet by passing --server.address=192.168.1.100 in the run arguments. Replace 192.168.1.100 with the IP address available on your server. Alternatively, you can configure some kind of firewall (such as UFW) to configure access rules.

pompushko commented 5 months ago

Well. Yes. I tried to play and yes. I have to send only to auto generate peer data.

{
  "presharedKey": ""
}

But this is super weird :D Why not only make a get request and thats all. Without any data except token?

Thank you for server IP setting :)

pompushko commented 5 months ago

Okay. Here is mine 2 coins about backup after any changes in wg0.conf:

pupa@vpn-1:~$ cat /etc/systemd/system/wireguard-backup.path
[Unit]
Description=Watch for changes in config of WireGuard VPN

[Path]
Unit=wireguard-backup.service
PathChanged=/etc/wireguard/wg0.conf

[Install]
WantedBy=multi-user.target

Use any cloud or storage for backups. I use GCP

pupa@vpn-1:~$ cat /etc/systemd/system/wireguard-backup.service
[Unit]
Description=Upload backup for config file of WireGuard VPN
After=network.target

[Service]
Type=oneshot
ExecStartPre=/usr/bin/sleep 10
ExecStart=/usr/bin/bash -c "/usr/bin/gcloud storage cp /etc/wireguard/wg0.conf gs://my-vpn/$(date +"%%Y%%m%%d%%H%%M%%S")_wg0.conf"

[Install]
WantedBy=multi-user.target
sudo systemctl enable wireguard-backup.{path,service}
sudo systemctl start wireguard-backup.{path,service}