Add pre-shared key option to genconfig

itoffshore commented 1 year ago

This PR is based on an old previous PR & adds a --psk option to genconfig for pre-shared keys:

fixes missing json import
includes python black code formatting
bumps the wg-meshconf version to 2.5.2
lower cased some help message to be uniform with the default --help option from argparse
updates README with:
- how to install wg-meshconf as an isolated app with pipx
- new optional --psk functionality (disabled by default to not interfere with existing user configuration)

The pre-shared keys are not stored in the database as they should be being rotated periodically ( they are re-generated every time genconfig is run with --psk).

From a security perspective storing the pre-shared keys along side the private keys defeats their purpose.

ww7 commented 6 months ago

It seems a problem if configs already deployed to remote peers with old PresharedKeys. Any chance to implement a workaround to keep old PresharedKeys when adding new peers?

itoffshore commented 2 months ago

It seems a problem if configs already deployed to remote peers with old PresharedKeys. Any chance to implement a workaround to keep old PresharedKeys when adding new peers?

Hi @ww7 , more recently I've started using & contributing documentation to netbird

There is an option for post-quantum cryptography with pre-shared keys rotated every 2 minutes with rosenpass.eu

Also useful is mutual TLS to remove the need for a VPN. I use mTLS with Knot DNS (it works perfectly)

k4yt3x / wg-meshconf

Add pre-shared key option to genconfig #35