aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins')
-rwxr-xr-xsrc/plugins/wireguard/README.md53
1 files changed, 17 insertions, 36 deletions
diff --git a/src/plugins/wireguard/README.md b/src/plugins/wireguard/README.md
index a11356cfde2..48e45eb7760 100755
--- a/src/plugins/wireguard/README.md
+++ b/src/plugins/wireguard/README.md
@@ -2,7 +2,7 @@
## Overview
This plugin is an implementation of [wireguard protocol](https://www.wireguard.com/) for VPP. It allows one to create secure VPN tunnels.
-This implementation is based on [wireguard-openbsd](https://git.zx2c4.com/wireguard-openbsd/), using the implementaiton of *ipip-tunnel*.
+This implementation is based on [wireguard-openbsd](https://git.zx2c4.com/wireguard-openbsd/).
## Crypto
@@ -16,59 +16,40 @@ OpenSSL:
- chachapoly1305
## Plugin usage example
-Usage is very similar to other wireguard implementations.
-### Create connection
-Create keys:
+### Create wireguard interface
```
-> vpp# wg genkey
-> *my_private_key*
-> vpp# wg pubkey <my_private_key>
-> *my_pub_key*
+> vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key]
+> *wg_interface*
+> vpp# set int state <wg_interface> up
+> vpp# set int ip address <wg_interface> <wg_ip4>
```
-Create tunnel:
+### Add a peer configuration:
```
-> vpp# create ipip tunnel src <ip4_src> dst <ip4_dst>
-> *tun_name*
-> vpp# set int state <tun_name> up
-> vpp# set int ip address <tun_name> <tun_ip4>
+> vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> dst-port <port_dst> persistent-keepalive [keepalive_interval]
+> vpp# *peer_idx*
```
-After this we can create wg-device. The UDP port is opened automatically.
-```
-> vpp# wg set device private-key <my_private_key> src-port <my_port>
-```
-
-Now, we can add a peer configuration:
-```
-> vpp# wg set peer public-key <peer_pub_key> endpoint <peer_ip4> allowed-ip <peer_tun_ip4> dst-port <peer_port> tunnel <tun_name> persistent-keepalive <keepalive_interval>
-```
-If you need to add more peers, don't forget to first create another ipip-tunnel.
-Ping.
-```
-> vpp# ping <peer_tun_ip4>
-```
### Show config
-To show device and all peer configurations:
```
-> vpp# show wg
+> vpp# show wireguard interface
+> vpp# show wireguard peer
```
### Remove peer
-Peer can be removed by its public-key.
```
-> vpp# wg remove peer <peer_pub_key>
+> vpp# wireguard peer remove <peer_idx>
```
-This removes the associated ipip tunnel as well
-### Clear all connections
+
+### Delete interface
```
-> vpp# wg remove device
+> vpp# wireguard delete <wg_interface>
```
-## main next steps for improving this implementation
+## Main next steps for improving this implementation
1. Use all benefits of VPP-engine.
-2. Add IP6 support (currently only supports IPv4))
+2. Add IPv6 support (currently only supports IPv4)
3. Add DoS protection as in original protocol (using cookie)