Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix subspacecommunity#129] Add support to pre-shared key for each client #132

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Fix subspacecommunity#129] Add support to pre-shared key for each client #132

wants to merge 1 commit into from

Conversation

ssiuhk
Copy link

@ssiuhk ssiuhk commented Aug 26, 2020
edited
Loading

to:
cc: @subspacecommunity/subspace-maintainers
related to:
resolves:

Background

Added pre-shared key support to enhance security

Changes

  • Summary of changes
  • Added preSharedKey generation for each config
  • Added keepalive setting

Testing

$ git log
commit dab15efd87c1ec801a9f7935d6239dc3ba59cc90 (origin/issue_129, issue_129)
Author: Sam SIU <23556929+ssiuhk@users.noreply.github.com>
Date:   Wed Aug 26 14:06:02 2020 +0800

    [Fix subspacecommunity#129] Add support to pre-shared key for each client

    - Added preSharedKey generation for each config
    - Added keepalive setting

$ docker logs subspace
...............................................
...............................................
...............................................
+ umask
+ umask_val=0022
+ umask 0077
+ test -d /data/wireguard
+ mkdir /data/wireguard
+ cd /data/wireguard
+ mkdir clients
+ touch clients/null.conf
+ mkdir peers
+ touch peers/null.conf
+ mkdir preSharedKey
+ touch preSharedKey/null.psk
+ wg genkey
+ tee server.private
+ wg pubkey
..........................................................................
..........................................................................
+ exec /sbin/my_init
Started runsvdir, PID is 50
wait for processes to start....
run: subspace: (pid 54) 4s; run: log: (pid 53) 4s

Add a client in web interface

$ cat data/wireguard/preSharedKey/rjHNR1Xv9_wH_aIA.psk
r02QXxYkIadJyakBaLRa9zLSWqwXgK7aRr82B/MuZ34=

$ wg showconf wg0
[Interface]
ListenPort = 12345
PrivateKey = WHCRPeXxzNU+d0F1hWODSzOAdqJW4Gsu3/CMo1nA7Ww=

[Peer]
PublicKey = Mco/vm85oQrk12JYODjigLJs55MrPfkEimqF9K1FLW8=
PresharedKey = r02QXxYkIadJyakBaLRa9zLSWqwXgK7aRr82B/MuZ34=
AllowedIPs = 10.99.97.2/32, fd00::10:97:2/128

@ssiuhk
[Fix subspacecommunity#129] Add support to pre-shared key for each cl…
dab15ef 
…ient

- Added preSharedKey generation for each config
- Added keepalive setting
@sonarcloud
Copy link

sonarcloud bot commented Aug 26, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@gavinelder
Copy link

This looks like a breaking change for existing users who would have to create a PSK to upgrade to a release containing this.

Some general feedback , can you please provide some basic docs for those who would like to use this feature etc?

Can you also gate it behind a flag ?

@ssiuhk
Copy link
Author

ssiuhk commented Sep 23, 2020

Sure, thanks for the feedback! Let me update it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ssiuhk @gavinelder