Bug 253154

Summary:

wireguard - add peer alias

Product:

Base System

Reporter:

Balaev PA <mail>

Component:

kern

Assignee:

freebsd-net (Nobody) <net>

Status:

Closed Not Accepted

Severity:

Affects Some People

CC:

decke, grehan, kevans, lwhsu, mail, mmacy

Priority:

---

Version:

CURRENT

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
alias name	none

Description Balaev PA 2021-02-01 10:52:27 UTC

Created attachment 222065 [details]
alias name

When you have many peers, it becomes difficult to understand who is who. You can only write in notepad lines such as: "pub-key -> Alice" or via comment in wireguard config file. But FreeBSD doesn't have it either. So I added optional alias parameter to ifconfig. Example:

# ifconfig wg0 peer public-key \
        d+tsnnberdvggwffmugyod06dwjk8c6o542u/dbr+cc= endpoint 192.168.1.86:51820 allowed-ips 10.0.0.3/32 alias Bob
# ifconfig wg0 peer public-key \
        d+TSNnberdVGGWFfMuGYOD06dwjk8c6o541u/dBr+Cc= endpoint 192.168.1.86:51820 allowed-ips 10.0.0.4/32 alias Alice
# ifconfig wg0 peer public-key \
        d+TSNnberdVGGWFfMuGYOD06dwjk8c6o543u/dBr+Cc= endpoint 192.168.1.86:51820 allowed-ips 10.0.0.5/32

And peer list becomes more pretty to understand who is who:

# ifconfig wg0 peer-list
[Peer]
PublicKey = d+TSNnberdVGGWFfMuGYOD06dwjk8c6o543u/dBr+Cc=
Endpoint = 192.168.1.86:51820
AllowedIPs = 10.0.0.5/32
[Peer]
Alias = Alice
PublicKey = d+TSNnberdVGGWFfMuGYOD06dwjk8c6o541u/dBr+Cc=
Endpoint = 192.168.1.86:51820
AllowedIPs = 10.0.0.4/32
[Peer]
Alias = Bob
PublicKey = d+tsnnberdvggwffmugyod06dwjk8c6o542u/dbr+cc=
Endpoint = 192.168.1.86:51820
AllowedIPs = 10.0.0.3/32

Comment 1 Mark Linimon freebsd_committer

2021-02-01 17:01:17 UTC

^Triage: assign to net@.

Also, note that we have deprecated using [patch] and the 'patch' Keyword in favor of deriving that information from the Bugzilla metadata (e.g. from the Attachments themselves).

Comment 2 Kyle Evans freebsd_committer

2021-03-09 14:07:34 UTC

I think this is something we should seek to eventually OBE with wireguard-tools... I have this gut feeling that we don't want to get into the business of storing peer aliases when nobody else does.

Also, I don't think upstream would accept it in -tools given that this has been a problem for a while and they haven't implemented it, so we'd have to maintain it as a local patch to -tools.

Comment 3 Bernhard Froehlich freebsd_committer

2021-03-09 14:50:49 UTC

I agree that this has been requested a few times upstream in various forms (extended in the pubkey, as identifier, as alias, etc.) and upstream refuses to accept this. I also see the need for it myself and would like to have it but this is definitely an upstream topic and should be decided there.