Open itoffshore opened 1 year ago
It seems a problem if configs already deployed to remote peers with old PresharedKeys. Any chance to implement a workaround to keep old PresharedKeys when adding new peers?
It seems a problem if configs already deployed to remote peers with old PresharedKeys. Any chance to implement a workaround to keep old PresharedKeys when adding new peers?
Hi @ww7 , more recently I've started using & contributing documentation to netbird
There is an option for post-quantum cryptography with pre-shared keys rotated every 2 minutes with rosenpass.eu
Also useful is mutual TLS to remove the need for a VPN. I use mTLS with Knot DNS (it works perfectly)
This PR is based on an old previous PR & adds a
--psk
option togenconfig
for pre-shared keys:json
importblack
code formattingwg-meshconf
version to2.5.2
--help
option fromargparse
updates
README
with:wg-meshconf
as an isolated app withpipx
--psk
functionality (disabled by default to not interfere with existing user configuration)The pre-shared keys are not stored in the
database
as they should be being rotated periodically ( they are re-generated every timegenconfig
is run with--psk
).From a security perspective storing the pre-shared keys along side the private keys defeats their purpose.