persistent keepalive: documentation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
fc743caf3b
commit
d81cafde7f
21
src/wg.8
21
src/wg.8
|
@ -36,7 +36,7 @@ Sub-commands that take an INTERFACE must be passed a WireGuard interface.
|
||||||
.SH COMMANDS
|
.SH COMMANDS
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
\fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIpreshared-key\fP | \fIlisten-port\fP | \fIpeers\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshake\fP | \fIbandwidth\fP]
|
\fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIpreshared-key\fP | \fIlisten-port\fP | \fIpeers\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshake\fP | \fIpersistent-keepalive\fP | \fIbandwidth\fP]
|
||||||
Shows current WireGuard configuration of specified \fI<interface>\fP.
|
Shows current WireGuard configuration of specified \fI<interface>\fP.
|
||||||
If no \fI<interface>\fP is specified, \fI<interface>\fP defaults to \fIall\fP.
|
If no \fI<interface>\fP is specified, \fI<interface>\fP defaults to \fIall\fP.
|
||||||
If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces,
|
If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces,
|
||||||
|
@ -49,7 +49,7 @@ newlines and tabs, meant to be used in scripts.
|
||||||
Shows the current configuration of \fI<interface>\fP in the format described
|
Shows the current configuration of \fI<interface>\fP in the format described
|
||||||
by \fICONFIGURATION FILE FORMAT\fP below.
|
by \fICONFIGURATION FILE FORMAT\fP below.
|
||||||
.TP
|
.TP
|
||||||
\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] [\fIprivate-key\fP \fI<file-path>\fP] [\fIpreshared-key\fP \fI<file-path>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2>\fP]...] ]...
|
\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] [\fIprivate-key\fP \fI<file-path>\fP] [\fIpreshared-key\fP \fI<file-path>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIpersistent-keepalive\fP \fI<interval seconds>\fP] [\fIallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2>\fP]...] ]...
|
||||||
Sets configuration values for the specified \fI<interface>\fP. Multiple
|
Sets configuration values for the specified \fI<interface>\fP. Multiple
|
||||||
\fIpeer\fPs may be specified, and if the \fIremove\fP argument is given
|
\fIpeer\fPs may be specified, and if the \fIremove\fP argument is given
|
||||||
for a peer, that peer is removed, not configured. If \fIlisten-port\fP
|
for a peer, that peer is removed, not configured. If \fIlisten-port\fP
|
||||||
|
@ -66,7 +66,14 @@ you may safely pass in a string by specifying as \fIprivate-key\fP or
|
||||||
layer of symmetric-key cryptography to be mixed into the already existing
|
layer of symmetric-key cryptography to be mixed into the already existing
|
||||||
public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP
|
public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP
|
||||||
is specified, but the value is the empty string, all allowed ips are removed
|
is specified, but the value is the empty string, all allowed ips are removed
|
||||||
from the peer.
|
from the peer. The use of \fIpersistent-keepalive\fP is optional and is by
|
||||||
|
default off; setting it to 0 or "off", disables it. Otherwise it represents,
|
||||||
|
in seconds, between 10 and 3600 inclusive, how often to send an empty UDP
|
||||||
|
packet to the peer, for the purpose of keeping a stateful firewall or NAT
|
||||||
|
mapping valid persistently. For example, if the interface very rarely sends
|
||||||
|
traffic, but it might at anytime receive traffic from a peer, and it is behind
|
||||||
|
NAT, the interface might benefit from having a persistent keepalive interval
|
||||||
|
of 25 seconds.
|
||||||
.TP
|
.TP
|
||||||
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
|
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
|
||||||
Sets the current configuration of \fI<interface>\fP to the contents of
|
Sets the current configuration of \fI<interface>\fP to the contents of
|
||||||
|
@ -134,6 +141,14 @@ Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
|
||||||
port number. This endpoint will be updated automatically to the most recent
|
port number. This endpoint will be updated automatically to the most recent
|
||||||
source IP address and port of correctly authenticated packets from the peer.
|
source IP address and port of correctly authenticated packets from the peer.
|
||||||
Optional.
|
Optional.
|
||||||
|
.IP \(bu
|
||||||
|
PersistentKeepalive \(em a seconds interval, between 10 and 3600 inclusive, of
|
||||||
|
how often to send an empty UDP packet to the peer for the purpose of keeping a
|
||||||
|
stateful firewall or NAT mapping valid persistently. For example, if the interface
|
||||||
|
very rarely sends traffic, but it might at anytime receive traffic from a peer,
|
||||||
|
and it is behind NAT, the interface might benefit from having a persistent keepalive
|
||||||
|
interval of 25 seconds. If set to 0 or "off", this option is disabled. By default or
|
||||||
|
when unspecified, this option is off. Optional.
|
||||||
|
|
||||||
.SH CONFIGURATION FILE FORMAT EXAMPLE
|
.SH CONFIGURATION FILE FORMAT EXAMPLE
|
||||||
This example may be used as a model for writing configuration files.
|
This example may be used as a model for writing configuration files.
|
||||||
|
|
Reference in New Issue