change config syntax to match wireguard's config syntax

2025-04-29 19:01:42 +02:00 · 2022-03-29 04:44:49 +01:00 · 2022-03-29 04:44:49 +01:00 · b548a567be
commit b548a567be
parent 4937223047
3 changed files with 105 additions and 93 deletions
--- a/README.md
+++ b/README.md
@ -23,35 +23,21 @@ anything.
 # Sample config file
 ```
-# SelfSecretKey is the secret key of your wireguard peer.
+# The [Interface] and [Peer] configurations follow the same sematics and meaning
-# This should be the same as the PrivateKey in your `client.conf` wireguard setting.
+# of a wg-quick configuration. To understand what these fields mean, please refer to:
-SelfSecretKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=
+# https://wiki.archlinux.org/title/WireGuard#Persistent_configuration
 # https://www.wireguard.com/#simple-network-interface
 [Interface]
 Address = 10.200.200.2/32
 MTU = 1420
 PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=
 DNS = 10.200.200.1
-# SelfEndpoint is the IP of your wireguard peer.
+[Peer]
-SelfEndpoint = 172.16.31.2
+PublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg=
-
+PresharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs=
-# PeerPublicKey is the public key of the wireguard server you want to connect to.
+Endpoint = my.ddns.example.com:51820
-PeerPublicKey = QP+A67Z2UBrMgvNIdHv8gPel5URWNLS4B3ZQ2hQIZlg=
+PersistentKeepalive = 25
 # PeerEndpoint is the endpoint of the wireguard server you want to connect to.
 PeerEndpoint = 172.16.0.1:53
 # DNS is the list of nameservers that will be used by wireproxy.
 # For just a single nameserver:
 DNS = 1.1.1.1
 # For multiple nameservers:
 #DNS = 1.1.1.1, 1.0.0.1
 # KeepAlive is the persistent keep alive interval of the wireguard device.
 # Usually not needed.
 #KeepAlive = 25
 # PreSharedKey is the pre shared key of your wireguard device
 # If you don't know what this is, then you probably don't need it.
 #PreSharedKey = UItQuvLsyh50ucXHfjF0bbR4IIpVBd74lwKc8uIPXXs=
 # MTU is the maximum transmission unit size, By default this is set to 1420.
 # MTU = 1234
 # TCPClientTunnel is a tunnel listening on your machine,
 # and it forwards any TCP traffic received to the specified target via wireguard.
--- a/config.go
+++ b/config.go
@ -120,6 +120,25 @@ func parseCommaSeperatedNetIP(section *ini.Section, keyName string) ([]netip.Add
 	return ips, nil
 }
 func parseCIDRNetIP(section *ini.Section, keyName string) (*netip.Addr, error) {
 	prefixString, err := parseString(section, keyName)
 	if err != nil {
 		return nil, err
 	}
 	prefix, err := netip.ParsePrefix(prefixString)
 	if err != nil {
 		return nil, err
 	}
 	addr := prefix.Addr()
 	if prefix.Bits() != addr.BitLen() {
 		return nil, errors.New("interface address subnet should be /32 for IPv4 and /128 for IPv6")
 	}
 	return &addr, nil
 }
 func resolveIP(ip string) (*net.IPAddr, error) {
 	return net.ResolveIPAddr("ip", ip)
 }
@ -137,76 +156,83 @@ func resolveIPPAndPort(addr string) (string, error) {
 	return net.JoinHostPort(ip.String(), port), nil
 }
-func ParseDeviceConfig(cfg *ini.File) (*DeviceConfig, error) {
+func ParseInterface(cfg *ini.File, device *DeviceConfig) error {
-	config := &DeviceConfig{
+	sections, err := cfg.SectionsByName("Interface")
-		PreSharedKey: "0000000000000000000000000000000000000000000000000000000000000000",
+	if len(sections) != 1 || err != nil {
-		KeepAlive:    0,
+		return errors.New("one and only one [Interface] is expected")
 		MTU:          1420,
 	}
-	section := cfg.Section("")
+	section := sections[0]
-	decoded, err := parseBase64KeyToHex(section, "SelfSecretKey")
+	address, err := parseCIDRNetIP(section, "Address")
 	if err != nil {
-		return nil, err
+		return err
 	}
 	config.SelfSecretKey = decoded
-	decoded, err = parseBase64KeyToHex(section, "PeerPublicKey")
+	device.SelfEndpoint = address
 	privKey, err := parseBase64KeyToHex(section, "PrivateKey")
 	if err != nil {
-		return nil, err
+		return err
 	}
-	config.PeerPublicKey = decoded
+	device.SelfSecretKey = privKey
-	if sectionKey, err := section.GetKey("PreSharedKey"); err == nil {
+	dns, err := parseCommaSeperatedNetIP(section, "DNS")
-		value, err := encodeBase64ToHex(sectionKey.String())
+	if err != nil {
-		if err != nil {
+		return err
 			return nil, err
 		}
 		config.PreSharedKey = value
 	}
 	if sectionKey, err := section.GetKey("KeeyAlive"); err == nil {
 		value, err := sectionKey.Int()
 		if err != nil {
 			return nil, err
 		}
 		config.KeepAlive = value
 	}
 	device.DNS = dns
 	if sectionKey, err := section.GetKey("MTU"); err == nil {
 		value, err := sectionKey.Int()
 		if err != nil {
-			return nil, err
+			return err
 		}
-		config.MTU = value
+		device.MTU = value
 	}
-	decoded, err = parseString(section, "PeerEndpoint")
+	return nil
 }
 func ParsePeer(cfg *ini.File, device *DeviceConfig) error {
 	sections, err := cfg.SectionsByName("Peer")
 	if len(sections) != 1 || err != nil {
 		return errors.New("one and only one [Peer] is expected")
 	}
 	section := sections[0]
 	decoded, err := parseBase64KeyToHex(section, "PublicKey")
 	if err != nil {
-		return nil, err
+		return err
 	}
 	device.PeerPublicKey = decoded
 	if sectionKey, err := section.GetKey("PreSharedKey"); err == nil {
 		value, err := encodeBase64ToHex(sectionKey.String())
 		if err != nil {
 			return err
 		}
 		device.PreSharedKey = value
 	}
 	decoded, err = parseString(section, "Endpoint")
 	if err != nil {
 		return err
 	}
 	decoded, err = resolveIPPAndPort(decoded)
 	if err != nil {
-		return nil, err
+		return err
 	}
-	config.PeerEndpoint = decoded
+	device.PeerEndpoint = decoded
-	selfEndpoint, err := parseCommaSeperatedNetIP(section, "SelfEndpoint")
+	if sectionKey, err := section.GetKey("PersistentKeepalive"); err == nil {
-	if err != nil {
+		value, err := sectionKey.Int()
-		return nil, err
+		if err != nil {
 			return err
 		}
 		device.KeepAlive = value
 	}
 	if len(selfEndpoint) != 1 {
 		return nil, errors.New("SelfEndpoint must be specified with only 1 IP address")
 	}
 	config.SelfEndpoint = &selfEndpoint[0]
-	dns, err := parseCommaSeperatedNetIP(section, "DNS")
+	return nil
 	if err != nil {
 		return nil, err
 	}
 	config.DNS = dns
 	return config, nil
 }
 func parseTCPClientTunnelConfig(section *ini.Section) (*TCPClientTunnelConfig, error) {
@ -322,7 +348,18 @@ func ParseConfig(path string) (*Configuration, error) {
 		return nil, err
 	}
-	device, err := ParseDeviceConfig(cfg)
+	device := &DeviceConfig{
 		PreSharedKey: "0000000000000000000000000000000000000000000000000000000000000000",
 		KeepAlive:    0,
 		MTU:          1420,
 	}
 	err = ParseInterface(cfg, device)
 	if err != nil {
 		return nil, err
 	}
 	err = ParsePeer(cfg, device)
 	if err != nil {
 		return nil, err
 	}
--- a/docker/config
+++ b/docker/config
@ -1,22 +1,11 @@
-# SelfSecretKey is the secret key of your wireguard peer
+[Interface]
-SelfSecretKey = ###Interface - PrivateKey###
+Address = ###Interface - Address###
-# SelfEndpoint is the IP of your wireguard peer
+PrivateKey = ###Interface - PrivateKey###
 SelfEndpoint = ###Interface - Address###
 # DNS is the nameservers that will be used by wireproxy.
 # Multple nameservers can be specified as such: DNS = 1.1.1.1, 1.0.0.1
 DNS = ###Interface - DNS###
-# PeerPublicKey is the public key of the wireguard server you want to connec to
+[Peer]
-PeerPublicKey = ###Peer - PublicKey###
+PublicKey = ###Peer - PublicKey###
-# PeerEndpoint is the endpoint of the wireguard server you want to connec to
+Endpoint = ###Peer - Endpoint###
 PeerEndpoint =  ###Peer - Endpoint###
 # KeepAlive is the persistent keep alive interval of the wireguard device
 # usually not needed
 # KeepAlive = 25
 # PreSharedKey is the pre shared key of your wireguard device
 # if you don't know what this is you don't need it
 # PreSharedKey = 
 # Socks5 create a socks5 proxy on your LAN, and any traffic would be routed via wireguard
 [Socks5]