persistent keepalive: documentation

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2016-07-08 02:52:41 +02:00
parent fc743caf3b
commit d81cafde7f

View file

@ -36,7 +36,7 @@ Sub-commands that take an INTERFACE must be passed a WireGuard interface.
.SH COMMANDS .SH COMMANDS
.TP .TP
\fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIpreshared-key\fP | \fIlisten-port\fP | \fIpeers\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshake\fP | \fIbandwidth\fP] \fBshow\fP { \fI<interface>\fP | \fIall\fP | \fIinterfaces\fP } [\fIpublic-key\fP | \fIprivate-key\fP | \fIpreshared-key\fP | \fIlisten-port\fP | \fIpeers\fP | \fIendpoints\fP | \fIallowed-ips\fP | \fIlatest-handshake\fP | \fIpersistent-keepalive\fP | \fIbandwidth\fP]
Shows current WireGuard configuration of specified \fI<interface>\fP. Shows current WireGuard configuration of specified \fI<interface>\fP.
If no \fI<interface>\fP is specified, \fI<interface>\fP defaults to \fIall\fP. If no \fI<interface>\fP is specified, \fI<interface>\fP defaults to \fIall\fP.
If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces, If \fIinterfaces\fP is specified, prints a list of all WireGuard interfaces,
@ -49,7 +49,7 @@ newlines and tabs, meant to be used in scripts.
Shows the current configuration of \fI<interface>\fP in the format described Shows the current configuration of \fI<interface>\fP in the format described
by \fICONFIGURATION FILE FORMAT\fP below. by \fICONFIGURATION FILE FORMAT\fP below.
.TP .TP
\fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] [\fIprivate-key\fP \fI<file-path>\fP] [\fIpreshared-key\fP \fI<file-path>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2>\fP]...] ]... \fBset\fP \fI<interface>\fP [\fIlisten-port\fP \fI<port>\fP] [\fIprivate-key\fP \fI<file-path>\fP] [\fIpreshared-key\fP \fI<file-path>\fP] [\fIpeer\fP \fI<base64-public-key>\fP [\fIremove\fP] [\fIendpoint\fP \fI<ip>:<port>\fP] [\fIpersistent-keepalive\fP \fI<interval seconds>\fP] [\fIallowed-ips\fP \fI<ip1>/<cidr1>\fP[,\fI<ip2>/<cidr2>\fP]...] ]...
Sets configuration values for the specified \fI<interface>\fP. Multiple Sets configuration values for the specified \fI<interface>\fP. Multiple
\fIpeer\fPs may be specified, and if the \fIremove\fP argument is given \fIpeer\fPs may be specified, and if the \fIremove\fP argument is given
for a peer, that peer is removed, not configured. If \fIlisten-port\fP for a peer, that peer is removed, not configured. If \fIlisten-port\fP
@ -66,7 +66,14 @@ you may safely pass in a string by specifying as \fIprivate-key\fP or
layer of symmetric-key cryptography to be mixed into the already existing layer of symmetric-key cryptography to be mixed into the already existing
public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP public-key cryptography, for post-quantum resistance. If \fIallowed-ips\fP
is specified, but the value is the empty string, all allowed ips are removed is specified, but the value is the empty string, all allowed ips are removed
from the peer. from the peer. The use of \fIpersistent-keepalive\fP is optional and is by
default off; setting it to 0 or "off", disables it. Otherwise it represents,
in seconds, between 10 and 3600 inclusive, how often to send an empty UDP
packet to the peer, for the purpose of keeping a stateful firewall or NAT
mapping valid persistently. For example, if the interface very rarely sends
traffic, but it might at anytime receive traffic from a peer, and it is behind
NAT, the interface might benefit from having a persistent keepalive interval
of 25 seconds.
.TP .TP
\fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP \fBsetconf\fP \fI<interface>\fP \fI<configuration-filename>\fP
Sets the current configuration of \fI<interface>\fP to the contents of Sets the current configuration of \fI<interface>\fP to the contents of
@ -134,6 +141,14 @@ Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
port number. This endpoint will be updated automatically to the most recent port number. This endpoint will be updated automatically to the most recent
source IP address and port of correctly authenticated packets from the peer. source IP address and port of correctly authenticated packets from the peer.
Optional. Optional.
.IP \(bu
PersistentKeepalive \(em a seconds interval, between 10 and 3600 inclusive, of
how often to send an empty UDP packet to the peer for the purpose of keeping a
stateful firewall or NAT mapping valid persistently. For example, if the interface
very rarely sends traffic, but it might at anytime receive traffic from a peer,
and it is behind NAT, the interface might benefit from having a persistent keepalive
interval of 25 seconds. If set to 0 or "off", this option is disabled. By default or
when unspecified, this option is off. Optional.
.SH CONFIGURATION FILE FORMAT EXAMPLE .SH CONFIGURATION FILE FORMAT EXAMPLE
This example may be used as a model for writing configuration files. This example may be used as a model for writing configuration files.