search

subspacecommunity / subspace

A fork of the simple WireGuard VPN server GUI community maintained
MIT License
1.8k stars 131 forks source link

[Fix subspacecommunity#129] Add support to pre-shared key for each client #132

Open ssiuhk opened 4 years ago

ssiuhk commented 4 years ago

to: cc: @subspacecommunity/subspace-maintainers related to: resolves:

Background

Added pre-shared key support to enhance security

Changes

Testing

$ git log
commit dab15efd87c1ec801a9f7935d6239dc3ba59cc90 (origin/issue_129, issue_129)
Author: Sam SIU <23556929+ssiuhk@users.noreply.github.com>
Date:   Wed Aug 26 14:06:02 2020 +0800

    [Fix subspacecommunity#129] Add support to pre-shared key for each client

    - Added preSharedKey generation for each config
    - Added keepalive setting
$ docker logs subspace
...............................................
...............................................
...............................................
+ umask
+ umask_val=0022
+ umask 0077
+ test -d /data/wireguard
+ mkdir /data/wireguard
+ cd /data/wireguard
+ mkdir clients
+ touch clients/null.conf
+ mkdir peers
+ touch peers/null.conf
+ mkdir preSharedKey
+ touch preSharedKey/null.psk
+ wg genkey
+ tee server.private
+ wg pubkey
..........................................................................
..........................................................................
+ exec /sbin/my_init
Started runsvdir, PID is 50
wait for processes to start....
run: subspace: (pid 54) 4s; run: log: (pid 53) 4s

Add a client in web interface

$ cat data/wireguard/preSharedKey/rjHNR1Xv9_wH_aIA.psk
r02QXxYkIadJyakBaLRa9zLSWqwXgK7aRr82B/MuZ34=

$ wg showconf wg0
[Interface]
ListenPort = 12345
PrivateKey = WHCRPeXxzNU+d0F1hWODSzOAdqJW4Gsu3/CMo1nA7Ww=

[Peer]
PublicKey = Mco/vm85oQrk12JYODjigLJs55MrPfkEimqF9K1FLW8=
PresharedKey = r02QXxYkIadJyakBaLRa9zLSWqwXgK7aRr82B/MuZ34=
AllowedIPs = 10.99.97.2/32, fd00::10:97:2/128
sonarcloud[bot] commented 4 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

gavinelder commented 4 years ago

This looks like a breaking change for existing users who would have to create a PSK to upgrade to a release containing this.

Some general feedback , can you please provide some basic docs for those who would like to use this feature etc?

Can you also gate it behind a flag ?

ssiuhk commented 4 years ago

Sure, thanks for the feedback! Let me update it