The rc.d script for wireguard currently only supports stop and start. This means that when we deploy a new configuration for our wireguard server from Ansible, the interface is brought down and recreated, causing a small interruption in traffic for all clients. 'wg syncconf' provides an interface to apply only the needed changes, and should be called on reload. However, it does not allow an Address= line under the [Interface] section. The rc.d script must be changed to set the address itself, after wg-quick creates the interface. I have a fix for this working on our server but it's not mergeable as-is as it depends on bash. It would be great to see a solution for this upstream.
Created attachment 212491 [details] Proposed patch to add reload functionality to wireguard rc.d script Adding a patch to address this. This is tested working in our setup. This will use the 'wg syncconf' functionality to reload all peer and key settings, but will skip the interface address configuration and other wg-quick specific stuff. So changing the interface address will still require a restart.
Committed in r529909. Thanks!
A commit references this bug: Author: decke Date: Mon Mar 30 19:18:04 UTC 2020 New revision: 529909 URL: https://svnweb.freebsd.org/changeset/ports/529909 Log: net/wireguard: Implement reload command in rc.d script to reload all peer and key settings without restarting the daemon to avoid interface up/down and loosing traffic. This does not work if you change the Address= line in the [Interface] section which needs a real restart. PR: 244862 Submitted by: david@isnic.is Changes: head/net/wireguard/Makefile head/net/wireguard/files/wireguard.in