From 8f6035f25f769ea65625b390d01d11a2fa82f140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 10 Nov 2016 10:46:57 +0100 Subject: [PATCH] wireguard: move article to draft again --- ...wireguard-with-floating-endpoints.markdown | 109 ------------------ 1 file changed, 109 deletions(-) delete mode 100644 source/_posts/2016-11-09-wireguard-with-floating-endpoints.markdown diff --git a/source/_posts/2016-11-09-wireguard-with-floating-endpoints.markdown b/source/_posts/2016-11-09-wireguard-with-floating-endpoints.markdown deleted file mode 100644 index 41cf715..0000000 --- a/source/_posts/2016-11-09-wireguard-with-floating-endpoints.markdown +++ /dev/null @@ -1,109 +0,0 @@ ---- -layout: post -title: "Wireguard with floating endpoints" -date: 2016-11-09 19:01:39 +0100 -comments: true -categories: - - wireguard - - vpn - - dynamic dns ---- - -Since systemd-networkd v23x support [Wireguard](https://wireguard.io). It -supports dns hostnames as endpoint but will resolve them only once at startup. -This breaks if the endpoint is only reachable via a dynamic addresses behind -dyndns. The following systemd timer will update networkd configuration every -five minute in case the endpoint address changes. That way also ipv4 or ipv6 can -be enforced. - -Save the following to files as `/etc/systemd/update-wireguard-endpoint.timer` -and `/etc/systemd/update-wireguard-endpoint.service`: - -``` -# /etc/systemd/update-wireguard-endpoint.timer -[Unit] -Description="Update wireguard endpoint five minute" - -[Timer] -OnBootSec=1min -OnUnitActiveSec=5min - -[Install] -WantedBy=multi-user.target -``` - -``` -# /etc/systemd/update-wireguard-endpoint.service -[Unit] -Description="Update wireguard endpoint" - -[Service] -ExecStart=/usr/local/bin/update-wireguard-endpoint -``` - -Replace all the the `` with the approciate values and save as -`/usr/local/bin/update-wireguard-endpoint`: - -```bash -#!/usr/bin/env bash -set -eu pipeofail - -PRIVATE_KEY="" -PUBLIC_KEY="" -ENDPOINT_HOST="" -ENDPOINT_PORT="" -# other possible values: ahostsv4 or ahostsv6 to enforce either ipv4 or ipv6 -ADDRESS_FAMILY="hosts" - -tempfile="$(mktemp)" -trap "rm -r '$tempfile'" EXIT - -resolved_endpoint="$(getent "$ADDRESS_FAMILY" "$ENDPOINT_HOST" | awk '{if ($1 ~ /:/) {printf "[%s]", $1; exit} else { print $1; exit} }')" - -cat > "$tempfile" </dev/null 2>&1; then - cp "$tempfile" /etc/systemd/network/wg0.netdev - systemctl restart systemd-networkd -fi -``` - -Also make sure that the script is executable using the the following command: - -```bash -$ chmod +x /usr/local/bin/update-wireguard-endpoint -``` - -To configure addresses on the interface create a new `.network` file as usual: - -``` -#/etc/systemd/network/wg0.network -[Match] -Name=wg0 - -[Network] -## example: -#Address=fe80::1/64 -#Address=192.168.77.2/24 -``` - -Then enable the timer and check the status of the command: - -``` -systemctl enable --now update-wireguard-endpoint.timer -systemctl status update-wireguard-endpoint.service -```