search

Lochnair / vyatta-wireguard

GNU General Public License v3.0
705 stars 37 forks source link

Allow descriptive prefix in peer key/name. #92

Open farmwald opened 5 years ago

farmwald commented 5 years ago

Currently, the peer names are just straight keys, which are random strings of characters. If you have a lot of peers, it's a real pain to find the right one to edit. I suggest we allow a descriptive prefix to the peer names, which is is stripped for wireguard, but allows one to easily determine which peer is which.

Thus the following would be the same peer key: foobar=alonglistofcharsformingakey= alonglistofcharsformingakey=

The "foobar=" would be stripped from the key presented to wireguard, but would be used in listing and sorting the peers in the gui interface.

rufoa commented 5 years ago

you can find keys by their description fairly easily from the cli like this:

# show interfaces wireguard | grep -B2 aws
     peer 6mR0WhRdPmnOVhZKqdhWDCuf/2u4ioEUyMyOysoUQUY= {
         allowed-ips 0.0.0.0/0
         description "aws lightsail"
farmwald commented 5 years ago

I was hoping for something that works from the GUI.

Lochnair commented 5 years ago

I can see that finding a peer in the config tree GUI can be annoying as it currently stands. There's also the benefit of autocomplete being useful with peers in contrast to now. I am however quite opposed to having a combination of description and public key in the peer node.

If I'm going to change it I'd rather just do a breaking change and do this:

    wireguard wg0 {
        peer <descriptive name> {
            public-key <base64 encoded key>
        }
    }
andrewgdunn commented 5 years ago

either use the unique and meaningful key as the root node, or use the description, but don't nest description under the key... that seems silly.

farmwald commented 5 years ago

I'm happy with the proposed breaking change.

phillipmcmahon commented 5 years ago

I'd be happy with the breaking change too.

greenstone7 commented 5 years ago

I suggest to name the field pubkey instead of public-key. So it would be the same as in the Vyos configuration.

https://vyos.readthedocs.io/en/latest/vpn/wireguard.html#configuration

network-shark commented 5 years ago

This issue also affects the Netmiko and Napalm Project. It is using https://github.com/hedin/vyatta-conf-parser library , but the class needs uniq key value pairs .

I like your idea you mentioned above , it should fix the parser too.

Thank you for all the work you have done.