search

WireGuard / wgctrl-go

Package wgctrl enables control of WireGuard interfaces on multiple platforms.
https://godoc.org/golang.zx2c4.com/wireguard/wgctrl
MIT License
727 stars 85 forks source link

internal/wguser: support for MacOS #96

Open aep opened 3 years ago

aep commented 3 years ago

is macox supported? i'm just getting "file does not exist" for ConfigureDevice

mdlayher commented 3 years ago

I don't have a Mac. It's possible the userspace implementation's UNIX socket lives in an unexpected path on Mac, so PRs are welcome.

aep commented 3 years ago

yeah looks like it doesnt expose the same control sockets. no idea if it can even be controlled

d1ss0nanz commented 3 years ago

Works fine on my device.

It's important that you bring up the interface with "wireguard-go " before you configure it.

duyleekun commented 3 years ago

Works fine on my device.

It's important that you bring up the interface with "wireguard-go " before you configure it.

wireguard-go works but I want to leverage the version in the Mac App Store. Could have better implementation than the wireguard-go

mdlayher commented 3 years ago

Pretty sure they are the same underlying implementation and the GUI just connects to wireguard-go.

qzi commented 2 years ago

Works fine on my device.

It's important that you bring up the interface with "wireguard-go " before you configure it.

it there a sample about the programming WireGuard?

stv0g commented 1 year ago

@duyleekun

wireguard-go works but I want to leverage the version in the Mac App Store. Could have better implementation than the wireguard-go

The version from the AppStore is based on WireGuardKit (wireguard-apple repo) which bundles wireguard-go as an macOS/iOS Network Extension.

WireGuardKit does not expose the UAPI via a standard socket. which wireguard-go uses. Instead it uses device.IpcSet() to directly configure the tunnel device: https://git.zx2c4.com/wireguard-apple/tree/Sources/WireGuardKitGo/api-apple.go

We maybe can extend WireGuardKit to also open a UAPI socket for macOS (iOS doesnt really make sense imho). However, we would need to check if macOS Network Extensions are sandboxed and such a socket would be accessible by the user.

nohajc commented 10 months ago

We maybe can extend WireGuardKit to also open a UAPI socket for macOS (iOS doesnt really make sense imho). However, we would need to check if macOS Network Extensions are sandboxed and such a socket would be accessible by the user.

Hi, I have a working implementation of your suggestion. Since all software distributed via App Store has to be sandboxed, there's a limitation as to where you can place the unix socket. However, there's no problem accessing that socket from outside if you assume all the command-line tooling is not sandboxed (which is the case for Homebrew installations at least).

https://github.com/WireGuard/wireguard-apple/pull/27 https://github.com/WireGuard/wireguard-go/pull/89 https://github.com/WireGuard/wgctrl-go/pull/143 https://github.com/WireGuard/wireguard-tools/pull/21

stv0g commented 10 months ago

Great work 👍🏻 I would love to see this merged.