void/amneziawg-tools
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/amneziawg-tools.git synced 2025-04-04 16:19:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

UAPI changes for Amnezia kernel module (#4)

Browse source 
* UAPI changes for Amnezia kernel module

* Fix indents

* Fix indents

* Fix indents

* Change protocol type

* Change protocol type

* Change protocol type

* Change protocol type

* Revert "Change protocol type"

* K

* Fix wg-quick

* Prepare packaging

* Prepare packaging

* Prepare packaging

* Prepare packaging

* naming convention fix

* Bash completions

* Naming unify

* Naming unify

* SPEC file for RPM build

* SPEC file for RPM build

* SPEC file for RPM build

* SPEC file for RPM build

---------

Co-authored-by: Mark Puha <marko10@inf.elte.hu>
This commit is contained in:
Iurii Egorov 2024-02-02 16:44:20 +03:00 committed by GitHub
parent 3ff2272d00
commit 72776bc507
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
40 changed files with 2018 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -2,8 +2,8 @@
This supplies the main userspace tooling for using and configuring WireGuard
tunnels, including the
[`wg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and
[`wg-quick(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8)
[`awg(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and
[`awg-quick(8)`](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8)
utilities. This project supports Linux, OpenBSD, FreeBSD, macOS, Windows, and
Android.

374
amneziawg-tools.spec Normal file
View file

@ -0,0 +1,374 @@
Name: amneziawg-tools
Version: 1.0.20240201
Release: 1%{?dist}
URL: https://www.wireguard.com/
Summary: Fast, modern, secure VPN tunnel
License: GPLv2
Source0: https://github.com/amnezia-vpn/amneziawg-tools/archive/refs/tags/v%{version}.tar.gz
%{?systemd_requires}
BuildRequires: make
BuildRequires: systemd
BuildRequires: gcc
%description
WireGuard is a novel VPN that runs inside the Linux Kernel and uses
state-of-the-art cryptography (the "Noise" protocol). It aims to be
faster, simpler, leaner, and more useful than IPSec, while avoiding
the massive headache. It intends to be considerably more performant
than OpenVPN. WireGuard is designed as a general purpose VPN for
running on embedded interfaces and super computers alike, fit for
many different circumstances. It runs over UDP.
This package provides the wg binary for controlling WireGuard.
%prep
%autosetup -p1
%build
%set_build_flags
## Start DNS Hatchet
%if (0%{?fedora} && 0%{?fedora} < 33) || (0%{?rhel} && 0%{?rhel} < 9)
pushd contrib/dns-hatchet
./apply.sh
popd
%endif
## End DNS Hatchet
%make_build RUNSTATEDIR=%{_rundir} -C src
%install
%make_install BINDIR=%{_bindir} MANDIR=%{_mandir} RUNSTATEDIR=%{_rundir} \
WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes WITH_SYSTEMDUNITS=yes -C src
%files
%doc README.md contrib
%license COPYING
%{_bindir}/awg
%{_bindir}/awg-quick
%{_sysconfdir}/amnezia/amneziawg/
%{_datadir}/bash-completion/completions/awg
%{_datadir}/bash-completion/completions/awg-quick
%{_unitdir}/awg-quick@.service
%{_unitdir}/awg-quick.target
%{_mandir}/man8/awg.8*
%{_mandir}/man8/awg-quick.8*
%changelog
* Thu Feb 1 2024 Yuri Egorov <ye@amnezia.org> - 1.0.20240201-1
- Update to 1.0.20240201
* Tue Sep 21 2021 Joe Doss <joe@solidadmin.com> - 1.0.20210914-1
- contrib/launchd: fix xml syntax error
- wg-quick: darwin: account for "link#XX" gateways
- ipc: add wireguard-nt support
- ipc: cache windows lookups to avoid O(n^2) with nested lookups
- ipc: remove windows elevation
- ipc: windows: don't display disabled adapters
- ipc: windows: use devpkey instead of nci for name
- wg-quick: android: adjust for android 12
- wg-quick: openbsd: set DNS with resolvd(8)
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.20210424-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Apr 30 2021 Joe Doss <joe@solidadmin.com> - 1.0.20210424-1
- wg-quick: freebsd: check for socket using -S, not -f
- wg-quick: freebsd: do not assume point-to-point interface flag
- wg-quick: freebsd: use ifconfig for determining if interface is up
- wg-quick: kill route monitor when loop terminates
* Mon Mar 15 2021 Joe Doss <joe@solidadmin.com> - 1.0.20210315-1
- Makefile: fix version indicator
- wireguard-tools: const correctness
- wireguard-tools: drag in headers for prototypes
- ipc: uniformly ignore preshared keys that are zero
- wg-quick: freebsd: add kernel support
- ipc: freebsd: add initial FreeBSD support
- wg-quick: freebsd: avoid writing private keys to /tmp
* Tue Feb 23 2021 Joe Doss <joe@solidadmin.com> - 1.0.20210223-1
- wg-quick: android: do not free iterated pointer
- wg-quick: openbsd: no use for userspace support
- embeddable-wg-library: sync latest from netlink.h
- wincompat: recent mingw has inet_ntop/inet_pton
- wincompat: add resource and manifest and enable lto
- wincompat: do not elevate by default
- completion: add help and syncconf completions
- sticky-sockets: do not use SO_REUSEADDR
- man: LOG_LEVEL variables changed name
- ipc: do not use fscanf with trailing \n
- ipc: read trailing responses after set operation
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.20200827-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Oct 02 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200827-2
- Disable contrib/dns-hatchet/apply.sh on Fedora 33+ and RHEL9+
* Sat Aug 29 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200827-1
- Update to 1.0.20200827
- wg-quick: android: use iproute2 to bring up interface instead of ndc
- wg-quick: Revert wait on process substitutions
* Thu Aug 20 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200820-1
- Update to 1.0.20200820
- ipc: split into separate files per-platform
- wincompat: fold random into genkey
- systemd: add reload target to systemd unit
- man: wg-quick: use syncconf instead of addconf for strip example
- pubkey: isblank is a subset of isspace
- ctype: use non-locale-specific ctype.h
- wg-quick: wait on process substitutions
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.20200513-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed May 13 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200513-1
- Update to 1.0.20200513
- Makefile: remember to install all systemd units
- ipc: openbsd: switch to array ioctl interface
* Mon May 11 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200510-1
- Update to 1.0.20200510
- ipc: add support for openbsd kernel implementation
- ipc: cleanup openbsd support
- wg-quick: add support for openbsd kernel implementation
- wg-quick: cleanup openbsd support
- wg-quick: support dns search domains
- Makefile: simplify silent cleaning
- ipc: remove extra space
- git: add gitattributes so tarball doesn't have gitignore files
- terminal: specialize color_mode to stdout only
- wg-quick: android: support application whitelist
- systemd: add wg-quick.target
* Wed Apr 15 2020 Leigh Scott <leigh123linux@gmail.com> - 1.0.20200319-2
- Add missing config directory
- Remove default buildroot BuildRequires
- Simplify doc install
- Remove commented lines
- Use correct macro for bash-completion
* Fri Mar 20 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200319-1
- Update to 1.0.20200319
* Thu Feb 6 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200206-1
- Update to 1.0.20200206
- Remove libmnl dependency
* Tue Jan 21 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200121-1
- Update to 1.0.20200121
- Spec changes to pass Fedora RPM review
* Thu Jan 2 2020 Joe Doss <joe@solidadmin.com> - 1.0.20200102-1
- Update to 1.0.20200102
- Remove patch to fix dns-hatchet path
* Thu Dec 26 2019 Joe Doss <joe@solidadmin.com> - 1.0.20191226-1
- Update to 1.0.20191226
- Split wireguard-tools back into it's own spec file
- Add in patch to fix dns-hatchet path
* Mon Oct 14 2019 Joe Doss <joe@solidadmin.com> - 0.0.20191012-1
- Update to 0.0.20191012
* Mon Sep 16 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190913-1
- Update to 0.0.20190913
* Mon Sep 9 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190905-1
- Update to 0.0.20190905
* Tue Jul 2 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190702-1
- Update to 0.0.20190702
* Sat Jun 1 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190601-1
- Update to 0.0.20190601
* Fri May 31 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190531-1
- Update to 0.0.20190531
* Sat Apr 6 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190406-1
- Update to 0.0.20190406
* Wed Feb 27 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190227-1
- Update to 0.0.20190227
* Thu Jan 24 2019 Joe Doss <joe@solidadmin.com> - 0.0.20190123-1
- Update to 0.0.20190123
* Wed Dec 19 2018 Joe Doss <joe@solidadmin.com> - 0.0.20181218-1
- Update to 0.0.20181218
* Thu Nov 15 2018 Joe Doss <joe@solidadmin.com> - 0.0.20181115-1
- Update to 0.0.20181115
* Sun Oct 14 2018 Joe Doss <joe@solidadmin.com> - 0.0.20181018-1
- Update to 0.0.20181018
* Sun Oct 14 2018 Joe Doss <joe@solidadmin.com> - 0.0.20181007-2
- Add make as a build dependency
* Sun Oct 7 2018 Joe Doss <joe@solidadmin.com> - 0.0.20181007-1
- Update to 0.0.20181007
* Tue Sep 25 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180925-1
- Update to 0.0.20180925
* Tue Sep 18 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180918-2
- Add BuildRequires gcc to fix builds on F29 and Rawhide
* Tue Sep 18 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180918-1
- Update to 0.0.20180918
* Mon Sep 10 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180910-1
- Update to 0.0.20180910
* Wed Sep 5 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180904-1
- Update to 0.0.20180904
* Thu Aug 9 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180809-1
- Update to 0.0.20180809
* Sun Aug 5 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180802-1
- Update to 0.0.20180802
* Wed Jul 18 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180718-1
- Update to 0.0.20180718
* Tue Jul 10 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180708-1
- Update to 0.0.20180708
* Fri Jun 29 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180625-1
- Update to 0.0.20180625
* Wed Jun 20 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180620-1
- Update to 0.0.20180620
* Wed Jun 13 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180613-1
- Update to 0.0.20180613
* Wed May 30 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180531-1
- Update to 0.0.20180531
* Wed May 23 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180524-1
- Update to 0.0.20180524
* Thu May 17 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180519-1
- Update to 0.0.20180519
* Sun May 13 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180513-1
- Update to 0.0.20180513
- Drop support for RHEL 7.4, moving on instead to RHEL 7.5
* Fri Apr 20 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180420-1
- Update to 0.0.20180420
* Sun Apr 15 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180413-1
- Update to 0.0.20180413
* Mon Mar 05 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180304-1
- Update to 0.0.20180304
* Mon Feb 19 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180218-1
- Update to 0.0.20180218
* Sun Feb 04 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180202-1
- Update to 0.0.20180202
* Thu Jan 18 2018 Joe Doss <joe@solidadmin.com> - 0.0.20180118-1
- Update to 0.0.20180118
* Thu Dec 21 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171221-1
- Update to 0.0.20171221
* Tue Dec 12 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171211-1
- Update to 0.0.20171211
* Mon Nov 27 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171127-1
- Update to 0.0.20171127
* Thu Nov 23 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171122-1
- Update to 0.0.20171122
* Sat Nov 11 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171111-1
- Update to 0.0.20171111
* Wed Nov 01 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171101-1
- Update to 0.0.20171101
- Add temporary DNS hatchet to wg-quick
* Thu Oct 26 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171017-1
- Update to 0.0.20171017
* Wed Oct 11 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171011-1
- Update to 0.0.20171011
* Fri Oct 6 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171005-1
- Update to 0.0.20171005
- Update RPM spec URL to www.wireguard.com
* Mon Oct 2 2017 Joe Doss <joe@solidadmin.com> - 0.0.20171001-1
- Update to 0.0.20171001
* Mon Sep 18 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170918-1
- Update to 0.0.20170918
- Drop support for RHEL 7.3, moving on instead to RHEL 7.4.
* Thu Sep 7 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170907-1
- Update to 0.0.20170907
* Wed Aug 9 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170810-1
- Update to 0.0.20170810
* Mon Jul 31 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170726-1
- Update to 0.0.20170726
* Thu Jun 29 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170629-1
- Update to 0.0.20170629
* Tue Jun 13 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170613-1
- Update to 0.0.20170613
* Mon Jun 12 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170612-1
- Update to 0.0.20170612
* Wed May 31 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170531-1
- Update to 0.0.20170531
* Wed May 17 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170517-1
- Update to 0.0.20170517
* Mon Apr 24 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170421-1
- Update to 0.0.20170421
* Mon Apr 10 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170409-1
- Update to 0.0.20170409
* Fri Mar 24 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170324-1
- Update to 0.0.20170324
* Mon Mar 20 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170320.1-1
- Update to 0.0.20170320.1
* Thu Mar 2 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170223-1
- Update to 0.0.20170223
* Thu Feb 16 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170214-1
- Update to 0.0.20170214
* Thu Jan 5 2017 Joe Doss <joe@solidadmin.com> - 0.0.20170105-1
- Update to 0.0.20170105
- Add wg-quick, bash-completion, and systemd service
* Mon Dec 19 2016 Jason A. Donenfeld <jason@zx2c4.com> - 0.0.20161218-1
- Spec adjustments
* Wed Aug 17 2016 Joe Doss <joe@solidadmin.com> - 0.0.20160808-2
- Spec adjustments
* Mon Aug 15 2016 Joe Doss <joe@solidadmin.com> - 0.0.20160808-1
- Initial WireGuard Tools RPM
- Version 0.0.20160808

11
contrib/embeddable-wg-library/wireguard.c
View file

@ -26,7 +26,7 @@
/* wireguard.h netlink uapi: */
#define WG_GENL_NAME "wireguard"
#define WG_GENL_NAME "amneziawg"
#define WG_GENL_VERSION 1
enum wg_cmd {
@ -48,6 +48,15 @@ enum wgdevice_attribute {
WGDEVICE_A_LISTEN_PORT,
WGDEVICE_A_FWMARK,
WGDEVICE_A_PEERS,
WGDEVICE_A_JC,
WGDEVICE_A_JMIN,
WGDEVICE_A_JMAX,
WGDEVICE_A_S1,
WGDEVICE_A_S2,
WGDEVICE_A_H1,
WGDEVICE_A_H2,
WGDEVICE_A_H3,
WGDEVICE_A_H4,
__WGDEVICE_A_LAST
};

11
debian/NEWS vendored Normal file
View file

@ -0,0 +1,11 @@
amneziawg (1.0.20200206-2) unstable; urgency=medium
As of wireguard-linux-compat and wireguard-dkms version 0.0.20200215-2,
we no longer treat installation of the wireguard metapackage as a reason
to try to reload the kernel module upon upgrade.
See the discussion on
https://salsa.debian.org/debian/wireguard-linux-compat/merge_requests/2
for more details.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 24 Feb 2020 10:08:35 -0500

15
debian/TODO vendored Normal file
View file

@ -0,0 +1,15 @@
Debian Packaging work for WireGuard:
* wireguard metapackage should accept a 5.6 (or later) kernel instead
of a module
* consider make check for wg during build: this depends on
scan-build, which is part of clang, but also wants to clean the
build tree first. Currently, we don't do any build-time tests.
* autopkgtest:
- from src/, run "make check" (depending on clang-tools and sparse)
and make sure it looks plausible.
- Can we add other tests?

16
debian/amneziawg-tools.README.Debian vendored Normal file
View file

@ -0,0 +1,16 @@
Using the WireGuard VPN and encrypted network tunnel
====================================================
To use WireGuard, you'll need an additional kernel module which will
probably be built in for Linux 5.6 and later.
On debian systems with a kernel older than 5.6, you should be able to
build and install the kernel module with only:
apt install linux-headers-$(uname -r) wireguard-dkms
Please see https://www.wireguard.com/quickstart for more details on
using WireGuard.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Wed, 15 Jan 2020 10:41:35 -0500

1
debian/amneziawg-tools.examples vendored Normal file
View file

@ -0,0 +1 @@
contrib/*

8
debian/amneziawg-tools.lintian-overrides vendored Normal file
View file

@ -0,0 +1,8 @@
# upstream prefers the less-user-friendly locked-down /etc/wireguard by default
# to avoid leaking local system secrets. I've adjusted the debian package to follow its lead.
# see also https://bugs.debian.org/902831
amneziawg-tools: non-standard-dir-perm etc/amneziawg/ 0700 != 0755
# wg-quick@.service is a generator, not an initscript. On systems with sysvinit,
# the admin probably wants to integrate with something like /etc/network/interfaces
# rather than seeing a new script in /etc/init.d/.
amneziawg-tools: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/awg-quick@.service

839
debian/changelog vendored Normal file
View file

@ -0,0 +1,839 @@
amneziawg (1.0.20210914-1ubuntu2) jammy; urgency=medium
* Add better DEP8 tests (LP: #1952102):
- d/t/control, d/t/wireguard-wgquick: test using network namespaces
and wg-quick
- d/t/netns-mini, d/t/control: test using network namespaces
and wg, taken from the wireguard-linux-compat package
* d/rules: add simple build-time test, taken from the existing
DEP8 test to generate keys (LP: #1952767)
-- Andreas Hasenack <andreas@canonical.com> Tue, 07 Dec 2021 08:33:57 -0300
amneziawg (1.0.20210914-1ubuntu1) devel; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Switch alternative dependency order for the wireguard-modules,
wireguard-dkms alternative.
-- Unit 193 <unit193@ubuntu.com> Tue, 23 Nov 2021 11:41:45 -0500
amneziawg (1.0.20210914-1) unstable; urgency=medium
* New upstream release.
* Update Standards-Version to 4.6.0.
-- Unit 193 <unit193@debian.org> Mon, 27 Sep 2021 21:21:06 -0400
amneziawg (1.0.20210424-1ubuntu1) devel; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Switch alternative dependency order for the wireguard-modules,
wireguard-dkms alternative.
-- Unit 193 <unit193@ubuntu.com> Mon, 16 Aug 2021 14:20:40 -0400
amneziawg (1.0.20210424-1) unstable; urgency=medium
* New upstream release.
- Refresh patch.
-- Unit 193 <unit193@debian.org> Fri, 13 Aug 2021 17:36:52 -0400
amneziawg (1.0.20210223-1ubuntu1) devel; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Switch alternative dependency order for the wireguard-modules,
wireguard-dkms alternative.
-- Unit 193 <unit193@ubuntu.com> Tue, 16 Mar 2021 17:27:19 -0400
amneziawg (1.0.20210223-1) unstable; urgency=medium
* New upstream release.
* d/control:
- Bump dh compat to 13.
- Drop Build-Depend on dkms.
* Update Standards-Version to 4.5.1.
-- Unit 193 <unit193@debian.org> Thu, 25 Feb 2021 02:02:36 -0500
amneziawg (1.0.20200827-1ubuntu1) devel; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Switch alternative dependency order for the wireguard-modules,
wireguard-dkms alternative.
-- Unit 193 <unit193@ubuntu.com> Wed, 30 Sep 2020 18:52:56 -0400
amneziawg (1.0.20200827-1) unstable; urgency=medium
* New upstream release.
-- Unit 193 <unit193@debian.org> Wed, 09 Sep 2020 03:47:59 -0400
amneziawg (1.0.20200820-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Switch alternative dependency order for teh wireguard-modules,
wireguard-dkms alternative.
-- Andy Whitcroft <apw@ubuntu.com> Wed, 26 Aug 2020 10:42:33 +0100
amneziawg (1.0.20200820-1) unstable; urgency=medium
* New upstream release.
-- Unit 193 <unit193@debian.org> Sat, 22 Aug 2020 19:19:51 -0400
amneziawg (1.0.20200513-1ubuntu1) groovy; urgency=medium
* Switch alternative dependency order for the wireguard-modules,
wireguard-dkms alternative. Whichever is first is deemed the
preferred installation candidate when neither is present. When this is
wireguard-modules this is satisfied by installation of a random kernel
which claims support for wireguard regardless of its applicability.
Repeat after me, do not ever depend on a kernel. (LP: #1890201)
-- Andy Whitcroft <apw@ubuntu.com> Mon, 03 Aug 2020 22:24:05 +0100
amneziawg (1.0.20200513-1) unstable; urgency=medium
* New upstream release.
- Drop upstream patch.
* d/control: Lower 'openresolv | resolvconf' to suggests.
-- Unit 193 <unit193@debian.org> Fri, 15 May 2020 18:32:16 -0400
amneziawg (1.0.20200510-1) unstable; urgency=medium
[ Daniel Kahn Gillmor ]
* Add Unit193 to Uploaders
* wrap-and-sort -ast
* prefer wireguard-modules (from a kernel package) over wireguard-dkms
* keygen test only needs wireguard-tools package, not wireguard metapackage
[ Jason A. Donenfeld ]
* debian: tests: replace ncat-client with keygen
* debian: control: set Recommends order same as Depends order
[ Unit 193 ]
* New upstream release.
- Refresh patch.
- Grab an upstream commit to install wg-quick.target.
* d/control:
- Update my email address.
- Recommend openresolv | resolvconf. (Closes: #930735)
* d/copyright: Update attribution.
* d/wireguard-tools.lintian-overrides: Drop override about .gitignore.
-- Unit 193 <unit193@debian.org> Tue, 12 May 2020 01:33:42 -0400
amneziawg (1.0.20200319-1) unstable; urgency=medium
[ Unit 193 ]
* New upstream release.
* d/watch: Update to find new releases.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 21 Mar 2020 21:30:26 -0400
amneziawg (1.0.20200206-2) unstable; urgency=medium
* add NEWS file documenting that the metapackage will no longer cause a
reload.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 24 Feb 2020 10:08:35 -0500
amneziawg (1.0.20200206-1) unstable; urgency=medium
* new upstream release.
* d/copyright: note import of bits from libmnl
* refresh patches
* drop libmnl-dev from build-deps
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 06 Feb 2020 14:06:44 -0500
amneziawg (1.0.20200121-2) unstable; urgency=medium
* Transfer module reload postinst script to wireguard-dkms package
* standards-version: bump to 4.5.0 (no changes needed)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 22 Jan 2020 13:16:57 -0500
amneziawg (1.0.20200121-1) unstable; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 21 Jan 2020 10:12:22 -0500
amneziawg (1.0.20200102-1) unstable; urgency=medium
* new upstream release
* drop wireguard-dkms binary package, now supplied by the
wireguard-linux-compat source package
* refresh patches
* drop lintian override of version-substvar-for-external-package
* ship examples from new upstream path
* update debian/copyright
* avoid using git during build to override src/version.h
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 15 Jan 2020 11:25:16 -0500
amneziawg (0.0.20191219-1) unstable; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 19 Dec 2019 11:33:41 -0500
amneziawg (0.0.20191212-1) unstable; urgency=medium
* new upstream release
* encourage nftables instead of iptables
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 12 Dec 2019 10:53:37 -0500
amneziawg (0.0.20191206-1) unstable; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 06 Dec 2019 17:32:38 -0500
amneziawg (0.0.20191127-2) unstable; urgency=medium
* wireguard-tools now Recommends: iptables because of wg-quick
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 04 Dec 2019 10:46:36 -0500
amneziawg (0.0.20191127-1) unstable; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 02 Dec 2019 09:44:34 -0500
amneziawg (0.0.20191012-1) unstable; urgency=medium
* new upstream release
* d/clean: clean up generated assembler
* more notes about autopkgtest
* standards-version: bump to 4.4.1 (no changes needed)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 15 Oct 2019 17:41:38 +0200
amneziawg (0.0.20190913-1) unstable; urgency=medium
* new upstream release
* verbose build to satisfy compiler-flags-hidden complaint from bls
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 26 Sep 2019 10:29:32 +0200
amneziawg (0.0.20190905-1) unstable; urgency=medium
* new upstream release
* refresh patches
* include ${perl:Depends} in wireguard-dkms
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 08 Sep 2019 15:42:09 -0400
amneziawg (0.0.20190702-3) unstable; urgency=medium
* clean up wireguard-modules versioned dependency (Closes: #930432)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 19 Aug 2019 20:52:22 -0400
amneziawg (0.0.20190702-2) unstable; urgency=medium
* Work around faulty siphash backport (Closes: #934763)
* standards-version: bump to 4.4.0 (no changes needed)
* override package-supports-alternative-init-but-no-init.d-script for
wireguard-tools
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 19 Aug 2019 18:07:59 -0400
amneziawg (0.0.20190702-1) unstable; urgency=medium
* new upstream version
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Jul 2019 09:02:32 -0400
amneziawg (0.0.20190601-1) unstable; urgency=medium
* new upstream version
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 17 Jun 2019 12:25:58 -0400
amneziawg (0.0.20190406-1) unstable; urgency=medium
* New upstream version
* refresh patches
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 08 Apr 2019 17:09:41 -0400
amneziawg (0.0.20190227-1) unstable; urgency=medium
* New upstream version
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 01 Mar 2019 13:34:53 -0500
amneziawg (0.0.20190123-1) unstable; urgency=medium
[ Fabian Grünbichler ]
* wireguard.postinst: Add module reload on upgrade (Closes: #913446)
[ Daniel Kahn Gillmor ]
* New upstream version (Closes: #919232)
* Tighten dependencies and description of wireguard metapackage
* Fine-tune module reload code on wireguard.postinst
* Standards-Version: bump to 4.3.0 (no changes needed)
* Update debian/copyright
* override lintian warning version-substvar-for-external-package
* move to debhelper-compat 12
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 28 Jan 2019 14:31:53 -0500
amneziawg (0.0.20181218-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 18 Dec 2018 13:50:07 -0500
amneziawg (0.0.20181119-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 19 Nov 2018 13:30:22 -0500
amneziawg (0.0.20181115-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 15 Nov 2018 17:47:30 -0500
amneziawg (0.0.20181018-1) unstable; urgency=medium
* new upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 18 Oct 2018 09:42:59 -0400
amneziawg (0.0.20181007-1) unstable; urgency=medium
* new upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 18 Oct 2018 09:42:44 -0400
amneziawg (0.0.20180925-1) unstable; urgency=medium
* new upstream snapshot release
* d/copyright: update for licensing tweaks
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 27 Sep 2018 17:02:13 -0400
amneziawg (0.0.20180918-1) unstable; urgency=medium
* new upstream snapshot release
* d/copyright: note zinc change to MIT license
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 19 Sep 2018 15:44:54 -0400
amneziawg (0.0.20180910-1) unstable; urgency=medium
* new upstream snapshot release
* d/copyright update for new code sources
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 12 Sep 2018 00:28:31 -0400
amneziawg (0.0.20180904-2) unstable; urgency=medium
* dkms: use upstream version instead of debian version (closes: #906019)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 06 Sep 2018 13:08:44 -0400
amneziawg (0.0.20180904-1) unstable; urgency=medium
* New upstream snapshot release
* Standards-Version: bump to 4.2.1 (no changes needed)
* debian/copyright: update move of sources to zinc
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 05 Sep 2018 16:24:17 -0400
amneziawg (0.0.20180809-1) unstable; urgency=medium
* Standards-Version: bump to 4.2.0 (no changes needed)
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 05 Sep 2018 16:24:06 -0400
amneziawg (0.0.20180802-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 03 Aug 2018 09:31:12 -0400
amneziawg (0.0.20180731-2) unstable; urgency=medium
* ship /etc/wireguard mode 0700 by default (closes: #902831)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 31 Jul 2018 18:00:49 -0400
amneziawg (0.0.20180731-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 31 Jul 2018 15:42:42 -0400
amneziawg (0.0.20180718-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 31 Jul 2018 15:42:30 -0400
amneziawg (0.0.20180708-1) unstable; urgency=medium
* New upstream snapshot release
* Standards-Version: bumped to 4.1.5 (no changes needed)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 09 Jul 2018 15:03:15 -0400
amneziawg (0.0.20180625-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 25 Jun 2018 14:02:58 -0400
amneziawg (0.0.20180620-1) unstable; urgency=medium
* new upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 21 Jun 2018 10:25:55 -0400
amneziawg (0.0.20180613-3) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTCBFS (Closes: #900891) Thanks, Helmut Grohne!
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 18 Jun 2018 14:35:37 -0400
amneziawg (0.0.20180613-2) unstable; urgency=medium
* avoid requiring glibc-2.25 for wireguard-tools (Closes: #901802)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 18 Jun 2018 14:18:31 -0400
amneziawg (0.0.20180613-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 14 Jun 2018 09:59:56 -0400
amneziawg (0.0.20180531-1) unstable; urgency=medium
* New upstream snapshot release
* update debian/copyright
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 01 Jun 2018 16:08:33 -0400
amneziawg (0.0.20180524-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 24 May 2018 10:38:53 -0400
amneziawg (0.0.20180519-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 21 May 2018 13:42:17 -0400
amneziawg (0.0.20180513-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 14 May 2018 17:28:50 -0400
amneziawg (0.0.20180420-1) unstable; urgency=medium
* New upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 14 May 2018 17:28:31 -0400
amneziawg (0.0.20180413-1) unstable; urgency=medium
* New upstream snapshot release
* Standards-Version: bump to 4.1.4 (no changes needed)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 20 Apr 2018 12:43:32 -0700
amneziawg (0.0.20180304-1) unstable; urgency=medium
* new upstream snapshot release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 16 Mar 2018 01:31:06 +0000
amneziawg (0.0.20180218-1) unstable; urgency=medium
* new upstream snapshot release
* update Jason's signing key
* d/control: set Rules-Requires-Root: no
* convert packaging VCS branchnames to DEP-14
* d/copyright: embeddable-wg-library is LGPL-2.1+
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 20 Feb 2018 14:51:20 -0800
amneziawg (0.0.20180202-1) unstable; urgency=medium
* new upstream snapshot release
* loosen versioned dependencies of wireguard metapackage
* d/copyright: update
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 02 Feb 2018 15:26:24 -0500
amneziawg (0.0.20180118-1) unstable; urgency=medium
* New upstream snapshot release
* d/copyright: update
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 19 Jan 2018 00:04:53 -0500
amneziawg (0.0.20171221-5) unstable; urgency=medium
* New debian package for source-only upload
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 13 Jan 2018 11:35:16 -0500
amneziawg (0.0.20171221-4) unstable; urgency=medium
* d/copyright: annotate a few additional files
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 12 Jan 2018 16:51:08 -0500
amneziawg (0.0.20171221-3) unstable; urgency=medium
* make inter-package recommendations tightly versioned
* add new wireguard metapackage
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 11 Jan 2018 17:48:05 -0500
amneziawg (0.0.20171221-2) unstable; urgency=medium
* wrap-and-sort -ast
* standards-version: bump to 4.1.3 (no changes needed)
* move to debhelper 11
* move Vcs to salsa.debian.org
* clean up lintian-overrides
* include upstream changelog
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 08 Jan 2018 16:30:38 -0500
amneziawg (0.0.20171221-1) unstable; urgency=medium
* New upstream release
* drop workaround curve25519_generate.js, fixed upstream
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 20 Dec 2017 22:13:31 -0500
amneziawg (0.0.20171211-1) unstable; urgency=medium
* New upstream release
* refresh patches
* Standards-Version: bump to 4.1.2 (no changes needed)
* examples: avoid shipping pre-generated javascript artifact
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 11 Dec 2017 20:56:53 -0500
amneziawg (0.0.20171127-1) unstable; urgency=medium
* New upstream release.
* d/copyright: annotate new assembler
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Nov 2017 17:29:39 -0500
amneziawg (0.0.20171111-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 11 Nov 2017 18:32:19 +0800
amneziawg (0.0.20171101-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 07 Nov 2017 02:05:29 +0100
amneziawg (0.0.20171017-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 22 Oct 2017 10:11:26 -0400
amneziawg (0.0.20171011-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 11 Oct 2017 10:22:23 -0400
amneziawg (0.0.20171005-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 06 Oct 2017 15:29:08 -0700
amneziawg (0.0.20171001+dfsg1-1) unstable; urgency=medium
* New upstream release
- use dfsg-free version of upstream release, dropping accidentally
shipped contrib/examples/sticky-sockets/a.out
- subsequent releases should not need dfsg-free cleanup
* Standards-Version: bump to 4.1.1 (no changes needed)
* move wireguard-dkms to Section: kernel (thanks, Lintian!)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 02 Oct 2017 10:08:23 -0700
amneziawg (0.0.20170918-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 18 Sep 2017 13:13:43 -0400
amneziawg (0.0.20170907-1) unstable; urgency=medium
* New upstream release
* Standards-Version: bump to 4.1.0 (no changes needed)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 07 Sep 2017 10:58:53 -0400
amneziawg (0.0.20170810-1) unstable; urgency=medium
* New upstream release
* Standards-Version: bumped to 4.0.1 (Priority: extra -> optional)
* added autopkgtest to wireguard demo server
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 10 Aug 2017 20:48:34 -0400
amneziawg (0.0.20170726-1) unstable; urgency=medium
* New upstream release
* switch documentation/metadata from wireguard.io to wireguard.com,
following upstream
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 26 Jul 2017 11:52:36 -0400
amneziawg (0.0.20170706-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 06 Jul 2017 18:24:04 -0400
amneziawg (0.0.20170629-1) unstable; urgency=medium
* New upstream release
* bumped Standards-Version to 4.0.0 (no changes needed)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 05 Jul 2017 15:14:20 -0400
amneziawg (0.0.20170613-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 14 Jun 2017 13:38:22 -0400
amneziawg (0.0.20170531-2) unstable; urgency=medium
* add systemd to build-dependencies to learn systemdsystemunitdir
(thanks, Lintian!)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 31 May 2017 15:15:07 -0400
amneziawg (0.0.20170531-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 31 May 2017 11:48:41 -0400
amneziawg (0.0.20170517-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 17 May 2017 15:36:03 -0400
amneziawg (0.0.20170421-2) unstable; urgency=medium
* update/correct debian/copyright
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 25 Apr 2017 12:56:14 -0400
amneziawg (0.0.20170421-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 24 Apr 2017 10:00:55 -0400
amneziawg (0.0.20170409-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 10 Apr 2017 01:50:46 -0400
amneziawg (0.0.20170324-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 24 Mar 2017 00:46:22 -0400
amneziawg (0.0.20170320.1-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 20 Mar 2017 11:43:36 -0400
amneziawg (0.0.20170223-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 23 Feb 2017 11:29:01 -0500
amneziawg (0.0.20170214-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 14 Feb 2017 08:51:02 -0500
amneziawg (0.0.20170213-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 13 Feb 2017 19:06:05 -0500
amneziawg (0.0.20170115-1) unstable; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 06 Feb 2017 04:40:14 -0500
amneziawg (0.0.20170105-1) UNRELEASED; urgency=medium
* New upstream release
- adds wg-quick
- adds bash tab completion for wg
- adds systemd .service template for wg-quick
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 11 Jan 2017 23:19:09 -0500
amneziawg (0.0.20161230-1) unstable; urgency=medium
* New upstream release.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 03 Jan 2017 02:21:26 -0500
amneziawg (0.0.20161223-1) unstable; urgency=medium
* New upstream release.
* use uptream's install-dkms Makefile target and dkms.conf instead of
maintaining our own.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 24 Dec 2016 16:58:46 -0500
amneziawg (0.0.20161218-1) unstable; urgency=medium
* New upstream release.
* Move from experimental to unstable. Upstream isn't committed to a
long-term stable branch, so we should keep this from migrating to
stretch, but it has stabilized enough for wider distribution.
* Note: we are not using upstream's install-dkms Makefile target.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 22 Dec 2016 08:25:15 -0500
amneziawg (0.0.20161129-experimental1) experimental; urgency=medium
* new upstream release
* generate src/version.h from debian package version instead of git
repo.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 05 Dec 2016 23:01:22 -0500
amneziawg (0.0.20161116.1-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 17 Nov 2016 08:07:52 +0900
amneziawg (0.0.20161110-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 10 Nov 2016 12:25:50 -0800
amneziawg (0.0.20161105-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 06 Nov 2016 01:47:35 -0400
amneziawg (0.0.20161103-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 04 Nov 2016 10:34:52 -0400
amneziawg (0.0.20161102-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 02 Nov 2016 12:52:58 -0400
amneziawg (0.0.20161025-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 25 Oct 2016 10:05:12 -0400
amneziawg (0.0.20161014-experimental1) experimental; urgency=medium
* new upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 24 Oct 2016 14:04:50 -0400
amneziawg (0.0.20160808-experimental2) experimental; urgency=medium
[ Jason A. Donenfeld ]
* properly ship self-tests (Closes: #833961)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 12 Aug 2016 01:45:04 -0400
amneziawg (0.0.20160808-experimental1) experimental; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 08 Aug 2016 16:54:39 -0400
amneziawg (0.0.20160722-experimental1) experimental; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 22 Jul 2016 17:21:11 -0400
amneziawg (0.0.20160711-experimental1) experimental; urgency=medium
* New upstream release
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 12 Jul 2016 13:20:26 +0200
amneziawg (0.0.20160708.1-experimental1) experimental; urgency=medium
* New upstream release
* build-depend on pkg-config
* ship upstream examples
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 08 Jul 2016 23:13:54 +0200
amneziawg (0.0.20160630-experimental2) experimental; urgency=medium
* avoid shipping example/demo scripts at request of upstream
* limit wireguard-tools to only linux platforms, since it makes no sense
elsewhere.
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 02 Jul 2016 10:32:49 -0400
amneziawg (0.0.20160630-experimental1) experimental; urgency=medium
* First package upload (Closes: #829107)
-- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 30 Jun 2016 12:50:33 -0400

3
debian/clean vendored Normal file
View file

@ -0,0 +1,3 @@
src/*.o
src/*.d
src/wg

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
9

57
debian/control vendored Normal file
View file

@ -0,0 +1,57 @@
Source: amneziawg
Section: net
Priority: optional
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
XSBC-Original-Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Uploaders:
Unit 193 <unit193@debian.org>,
Build-Depends:
debhelper,
pkg-config,
systemd,
Standards-Version: 4.6.0
Homepage: https://www.wireguard.com
Vcs-Git: https://github.com/amnezia-vpn/amnezia-wg-tools.git
Vcs-Browser: https://github.com/amnezia-vpn/amnezia-wg-tools
Rules-Requires-Root: no
Package: amneziawg
Architecture: all
Depends:
amneziawg-dkms (>= 0.0.20200121-2) | amneziawg-modules (>= 0.0.20191219),
amneziawg-tools (>= ${source:Version}),
${misc:Depends},
Description: fast, modern, secure kernel VPN tunnel (metapackage)
WireGuard is a novel VPN that runs inside the Linux Kernel and uses
state-of-the-art cryptography (the "Noise" protocol). It aims to be
faster, simpler, leaner, and more useful than IPSec, while avoiding
the massive headache. It intends to be considerably more performant
than OpenVPN. WireGuard is designed as a general purpose VPN for
running on embedded interfaces and super computers alike, fit for
many different circumstances. It runs over UDP.
.
This metapackage explicitly depends on both the kernel module and the
userspace tooling.
Package: amneziawg-tools
Architecture: linux-any
Depends:
${misc:Depends},
${shlibs:Depends},
Recommends:
nftables | iptables,
amneziawg-modules (>= 0.0.20171001) | amneziawg-dkms (>= 0.0.20191219),
Suggests: openresolv | resolvconf,
Description: fast, modern, secure kernel VPN tunnel (userland utilities)
WireGuard is a novel VPN that runs inside the Linux Kernel and uses
state-of-the-art cryptography (the "Noise" protocol). It aims to be
faster, simpler, leaner, and more useful than IPSec, while avoiding
the massive headache. It intends to be considerably more performant
than OpenVPN. WireGuard is designed as a general purpose VPN for
running on embedded interfaces and super computers alike, fit for
many different circumstances. It runs over UDP.
.
This package contains command-line tools to interact with the
WireGuard kernel module. Currently, it provides only a single tool:
.
awg: set and retrieve configuration of WireGuard interfaces

85
debian/copyright vendored Normal file
View file

@ -0,0 +1,85 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: WireGuard command-line tools
Source: https://www.wireguard.com/
Upstream-Contact: WireGuard mailing list <wireguard@lists.zx2c4.com>
Files: *
Copyright: 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>
License: GPL-2
Files: contrib/external-tests/python/main.py
Copyright: 2018 Piotr Lizonczyk <plizonczyk.public@gmail.com>
License: MIT
Files: src/netlink.h contrib/embeddable-wg-library/*
Copyright: 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>
2008-2012 Pablo Neira Ayuso <pablo@netfilter.org>
License: LGPL-2.1+
Files: src/curve25519-fiat32.h
Copyright: 2015-2016 The fiat-crypto Authors.
2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>
License: GPL-2 or MIT
Files: src/curve25519-hacl64.h
Copyright: 2016-2017 INRIA and Microsoft Corporation.
2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>
License: GPL-2 or MIT
Files: src/uapi/openbsd/net/if_wg.h
Copyright: 2020 Matt Dunwoodie <ncon@noconroy.net>
2020 Jason A. Donenfeld <Jason@zx2c4.com>
License: ISC
Files: debian/*
Copyright: 2016-2020 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
License: GPL-2
License: GPL-2
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2.
.
On Debian systems, the complete text of the GNU General Public License
version 2 can be found in file "/usr/share/common-licenses/GPL-2".
License: LGPL-2.1+
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; version 2.1 or later.
.
On Debian systems, the complete text of the GNU Lesser General Public
License version 2.1 can be found in file
"/usr/share/common-licenses/LGPL-2.1".
License: MIT
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
.
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
License: ISC
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

4
debian/files vendored Normal file
View file

@ -0,0 +1,4 @@
amneziawg-tools-dbgsym_1.0.20210914-1ubuntu2_amd64.ddeb debug optional automatic=yes
amneziawg-tools_1.0.20210914-1ubuntu2_amd64.deb net optional
amneziawg_1.0.20210914-1ubuntu2_all.deb net optional
amneziawg_1.0.20210914-1ubuntu2_amd64.buildinfo net optional

6
debian/gbp.conf vendored Normal file
View file

@ -0,0 +1,6 @@
[DEFAULT]
debian-branch = debian/master
upstream-tag = v%(version)s
[buildpackage]
compression = xz

21
debian/patches/0001-Avoid-using-git-during-build.patch vendored Normal file
View file

@ -0,0 +1,21 @@
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 15 Jan 2020 11:23:27 -0500
Subject: Avoid using git during build
---
src/Makefile | 4 ----
1 file changed, 4 deletions(-)
--- a/src/Makefile 2021-08-13 17:36:03.385973646 -0400
+++ b/src/Makefile 2021-08-13 17:36:03.369973776 -0400
@@ -48,10 +48,6 @@
ifeq ($(DEBUG),yes)
CFLAGS += -g
endif
-WIREGUARD_TOOLS_VERSION = $(patsubst v%,%,$(shell GIT_DIR="$(PWD)/../.git" git describe --dirty 2>/dev/null))
-ifneq ($(WIREGUARD_TOOLS_VERSION),)
-CFLAGS += -D'WIREGUARD_TOOLS_VERSION="$(WIREGUARD_TOOLS_VERSION)"'
-endif
ifeq ($(PLATFORM),freebsd)
LDLIBS += -lnv
endif

35
debian/patches/0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch vendored Normal file
View file

@ -0,0 +1,35 @@
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 18 Jun 2018 14:11:10 -0400
Subject: Avoid requiring glibc 2.25 for wireguard-tools
Upstream's instructions (https://www.wireguard.com/install/) suggest
enabling the debian unstable repository to run wireguard.
Without this patch, the current version of wireguard-tools will end up
with a dependency on glibc 2.25 because of the invocation of
getentropy.
We avoid this situation (and fall through to the syscall interface
for the Linux kernel) by omitting the test here.
If we move wireguard into testing (and from there to
stretch-backports) then i think we can convince upstream to change
their installation instructions to refer to stretch-backports, and we
can remove this patch.
---
src/genkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/genkey.c b/src/genkey.c
index d1bb643..6cdee42 100644
--- a/src/genkey.c
+++ b/src/genkey.c
@@ -40,7 +40,7 @@ static inline bool __attribute__((__warn_unused_result__)) get_random_bytes(uint
return false;
}
-#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) || (defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25)))
+#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12)
if (!getentropy(out, len))
return true;
#endif

2
debian/patches/series vendored Normal file
View file

@ -0,0 +1,2 @@
0001-Avoid-using-git-during-build.patch
0002-Avoid-requiring-glibc-2.25-for-wireguard-tools.patch

38
debian/rules vendored Executable file
View file

@ -0,0 +1,38 @@
#!/usr/bin/make -f
include /usr/share/dpkg/default.mk
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
export DEB_VERSION_UPSTREAM
AMNEZIAWG_ARGS = WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes WITH_SYSTEMDUNITS=yes V=1
%:
dh $@
override_dh_auto_build-arch:
dh_auto_build --sourcedirectory=src -- $(AMNEZIAWG_ARGS)
override_dh_auto_install-arch:
$(MAKE) -C src DESTDIR=../debian/amneziawg-tools $(AMNEZIAWG_ARGS) install
override_dh_fixperms:
dh_fixperms -Xetc/amnezia
override_dh_installexamples:
dh_installexamples -Xexternal-tests
define test_wg
set -x; set -e; \
echo "Testing command $1" && \
a="$$(src/wg $1)" && b="$$(src/wg $1)" && \
echo "a=$$a b=$$b" && \
test -n "$$a" && \
test -n "$$b" && \
test "$$a" != "$$b"
endef
override_dh_auto_test:
test "$$(head -c 32 /dev/zero | base64 | src/wg pubkey)" = "L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q="
$(call test_wg,genpsk)
$(call test_wg,genkey)

1
debian/source/format vendored Normal file
View file

@ -0,0 +1 @@
3.0 (quilt)

17
debian/tests/control vendored Normal file
View file

@ -0,0 +1,17 @@
Tests: keygen
Restrictions: superficial
Depends:
wireguard-tools,
Tests: wg-quick
Restrictions: needs-root, isolation-machine, allow-stderr
Depends:
iproute2,
@,
Tests: netns-mini
Restrictions: needs-root, isolation-machine
Depends:
iproute2,
iputils-ping,
@,

5
debian/tests/keygen vendored Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
set -e
[[ $(head -c 32 /dev/zero | base64 | wg pubkey) == "L+V9o0fNYkMVKNqsX7spBzD/9oSvxM/C7ZCZX1jLO3Q=" ]]
[[ $(wg genpsk) != "$(wg genpsk)" ]]

55
debian/tests/netns-mini vendored Executable file
View file

@ -0,0 +1,55 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
set -e
exec 3>&1
netns0="wg-test-$$-0"
netns1="wg-test-$$-1"
netns2="wg-test-$$-2"
pretty() { echo -e "\x1b[32m\x1b[1m[+] ${1:+NS$1: }${2}\x1b[0m" >&3; }
pp() { pretty "" "$*"; "$@"; }
n1() { pretty 1 "$*"; ip netns exec $netns1 "$@"; }
n2() { pretty 2 "$*"; ip netns exec $netns2 "$@"; }
ip0() { pretty 0 "ip $*"; ip -n $netns0 "$@"; }
ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; }
ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; }
cleanup() {
set +e
exec 2>/dev/null
ip0 link del dev wg0
ip1 link del dev wg0
ip2 link del dev wg0
local to_kill="$(ip netns pids $netns0) $(ip netns pids $netns1) $(ip netns pids $netns2)"
[[ -n $to_kill ]] && kill $to_kill
pp ip netns del $netns1
pp ip netns del $netns2
pp ip netns del $netns0
exit
}
trap cleanup EXIT
ip netns del $netns0 2>/dev/null || true
ip netns del $netns1 2>/dev/null || true
ip netns del $netns2 2>/dev/null || true
pp ip netns add $netns0
pp ip netns add $netns1
pp ip netns add $netns2
ip0 link set up dev lo
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns1
ip0 link add dev wg0 type wireguard
ip0 link set wg0 netns $netns2
ip1 addr add 192.168.241.1/24 dev wg0
ip2 addr add 192.168.241.2/24 dev wg0
key1="$(pp wg genkey)"
key2="$(pp wg genkey)"
pub1="$(pp wg pubkey <<<"$key1")"
pub2="$(pp wg pubkey <<<"$key2")"
n1 wg set wg0 private-key <(echo "$key1") listen-port 1 peer "$pub2" allowed-ips 192.168.241.2/32
n2 wg set wg0 private-key <(echo "$key2") listen-port 2 peer "$pub1" allowed-ips 192.168.241.1/32
ip1 link set up dev wg0
ip2 link set up dev wg0
n2 wg set wg0 peer "$pub1" endpoint 127.0.0.1:1
n2 ping -c 10 -f -W 1 192.168.241.1

171
debian/tests/wg-quick vendored Executable file
View file

@ -0,0 +1,171 @@
#!/bin/bash
set -e
set -o pipefail
LEFT_NS="left_ns"
LEFT_GW="10.0.5.1/24"
LEFT_PORT=3001
LEFT_INT="10.0.1.1/24"
WG_LEFT_INTERFACE="wg_left"
WG_LEFT_INTERFACE_CONF="/etc/wireguard/${WG_LEFT_INTERFACE}.conf"
RIGHT_NS="right_ns"
RIGHT_GW="10.0.5.2/24"
RIGHT_PORT=3002
RIGHT_INT="10.0.1.2/24"
WG_RIGHT_INTERFACE="wg_right"
WG_RIGHT_INTERFACE_CONF="/etc/wireguard/${WG_RIGHT_INTERFACE}.conf"
cleanup() {
if [ $? -ne 0 ]; then
echo "Some test failed, here is some debugging"
dmesg -T | grep wireguard
fi
rm -f "${WG_LEFT_INTERFACE_CONF}" "${WG_RIGHT_INTERFACE_CONF}"
ip netns delete "${LEFT_NS}" &>/dev/null
ip netns delete "${RIGHT_NS}" &>/dev/null
}
trap cleanup EXIT
setup() {
umask 0077
echo "Generating keys"
LEFT_PRIVKEY="$(wg genkey)"
RIGHT_PRIVKEY="$(wg genkey)"
LEFT_PUBKEY="$(wg pubkey <<<"${LEFT_PRIVKEY}")"
RIGHT_PUBKEY="$(wg pubkey <<<"${RIGHT_PRIVKEY}")"
echo "Generating wireguard config"
cat > "${WG_LEFT_INTERFACE_CONF}" <<-EOF
[Interface]
ListenPort = ${LEFT_PORT}
PrivateKey = ${LEFT_PRIVKEY}
Address = ${LEFT_GW}
[Peer]
PublicKey = ${RIGHT_PUBKEY}
AllowedIPs = ${RIGHT_GW%%/*}/32
Endpoint = ${RIGHT_INT%%/*}:${RIGHT_PORT}
EOF
cat > "${WG_RIGHT_INTERFACE_CONF}" <<-EOF
[Interface]
ListenPort = ${RIGHT_PORT}
PrivateKey = ${RIGHT_PRIVKEY}
Address = ${RIGHT_GW}
[Peer]
PublicKey = ${LEFT_PUBKEY}
AllowedIPs = ${LEFT_GW%%/*}/32
Endpoint = ${LEFT_INT%%/*}:${LEFT_PORT}
EOF
echo "Cleaning up old namespaces"
ip netns delete "${LEFT_NS}" &> /dev/null || true
ip netns delete "${RIGHT_NS}" &> /dev/null || true
echo "Creating new namespaces ${LEFT_NS} and ${RIGHT_NS} and adding loopback interface to them"
ip netns add "${LEFT_NS}"
ip netns exec "${LEFT_NS}" ip link set dev lo up
ip netns add "${RIGHT_NS}"
ip netns exec "${RIGHT_NS}" ip link set dev lo up
echo "Creating veth interface connecting both namespaces"
ip link add p1 netns "${LEFT_NS}" type veth peer p2 netns "${RIGHT_NS}"
ip -n "${LEFT_NS}" addr add "${LEFT_INT}" dev p1
ip -n "${LEFT_NS}" link set p1 up
ip -n "${RIGHT_NS}" addr add "${RIGHT_INT}" dev p2
ip -n "${RIGHT_NS}" link set p2 up
echo "Bringing up LEFT wireguard interface in namespace ${LEFT_NS}"
ip netns exec "${LEFT_NS}" wg-quick up "${WG_LEFT_INTERFACE}"
echo "Bringing up RIGHT wireguard interface in namespace ${RIGHT_NS}"
ip netns exec "${RIGHT_NS}" wg-quick up "${WG_RIGHT_INTERFACE}"
}
show_config() {
echo "${LEFT_NS} namespace:"
ip netns exec "${LEFT_NS}" wg showconf "${WG_LEFT_INTERFACE}"
echo
echo "${RIGHT_NS} namespace:"
ip netns exec "${RIGHT_NS}" wg showconf "${WG_RIGHT_INTERFACE}"
}
test_stats() {
local -i ret
local output=""
# to be run after the ping tests
# by now, we MUST have "transfer" and "last handshake"
for ns in "${LEFT_NS}" "${RIGHT_NS}"; do
echo "Namespace ${ns}"
output=$(ip netns exec "${ns}" wg show)
echo "${output}" | grep -E "latest handshake:" || {
ret=$?
echo "Missing \"latest handshake\" from stats in namespace ${ns}"
echo "Got this output:"
echo "${output}"
return $ret
}
echo "${output}" | grep -E "transfer:.*received.*sent" || {
ret=$?
echo "Missing \"transfer\" stats in namespace ${ns}"
echo "Got this output:"
echo "${output}"
return $ret
}
done
}
test_gw_ping() {
echo "Pinging right gateway, from ${LEFT_NS} namespace"
ip netns exec "${LEFT_NS}" ping -W 2 -c 1 "${RIGHT_GW%%/*}" || return $?
echo
echo "Pinging left gateway, from ${RIGHT_NS} namespace"
ip netns exec "${RIGHT_NS}" ping -W 2 -c 1 "${LEFT_GW%%/*}" || return $?
}
test_wireguard_ping() {
echo "Pinging right wireguard IP from ${LEFT_NS} namespace"
ip netns exec "${LEFT_NS}" ping -W 2 -c 1 "${RIGHT_INT%%/*}" || return $?
echo
echo "Pinging left wireguard IP from ${RIGHT_NS} namesapce"
ip netns exec "${RIGHT_NS}" ping -W 2 -c 1 "${LEFT_INT%%/*}" || return $?
}
echo "Setting things up"
setup || {
echo "Failed vpn test setup"
exit 1
}
echo
echo "This is the config"
show_config
echo
echo "Testing gateway ping"
test_gw_ping || {
echo "Failed gateway ping"
exit 1
}
echo
echo "Testing wireguard interface ping"
test_wireguard_ping || {
echo "Failed wireguard interface ping"
exit 1
}
echo
echo "Testing vpn stats"
test_stats || {
echo "Failed to verify vpn stats"
exit 1
}

52
debian/upstream/signing-key.asc vendored Normal file
View file

@ -0,0 +1,52 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE0yIvABEADc7Zn9kj02BBd1JQMtyidTHLbY2JnmMlGFx2pwoBCuw3ObDo3G
s7GDxhiK7KoupaUbPklp8NSk914kusr0IOfCcis6lINOKEt3v31yJOpZzWxa0Wha
DXUDWVJc4XhKSdg1LeNtFpLIl1CuOtmaMdOaH8lpKkr/5sL4FeG0g/a3R3ZOzOOj
zoGAx79pyhp92L/qo5FfATTzmD2Pq9m6rxcftiO312gpT7ztKlWvsDmc4iJyyL54
1m57zSkG5aJqFexwW3C/iJOCSAiY/r6QTmqkbVA2BSSPANOXX9v0A1GX1rcayywR
w7qZelYpaH6pBLUioI2mmnO432kxK2UKrxd3+1wz1G+fg3GWjaabruVnR+KBV4uJ
Q140o6oj/r9k1Busl6elyDeFAdmO6D6i9Pj90oXJIEk0/wxf+DPmag8lVmxEH1CL
ST0M1t68sR38VhNSeyTdcwnsW20D1Ag55aGk3ZN5eXDIw3ccGzFPBfV3w5wfGwWz
idMmAQMxAmhnQCqwSjIXzv1Gv4NeVGze+/t28zUQInTZyZmxi5niMiz0NUeLqREX
bepmUJulYPeXrty/6/7N6jkakXp7kNGIK2Zigadca/18x9H5DgEXHl0eW7ZOgSUH
qQmmnvNNrArhYXlckYapIAZhwLJDGgv3ZhRyYRCEQ9BktVcE0+2R6zb3GQARAQAB
tCRKYXNvbiBBLiBEb25lbmZlbGQgPEphc29uQHp4MmM0LmNvbT6JAlUEEwECAD8C
GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEEq5lC5tSkz8NBJiCnSfxwEqXe
A64FAlp2RGIFCRLnu/IACgkQSfxwEqXeA67KJg//QxU7sM0SCN97+bu/Z7cRAffx
MW+X84rRZRrZvAwkDutTSsvSaBn3dwF5VEnCB25q3px4ybjl0bJF7Klp0RVOBJZo
FEo5BivXH9Ib6eCBn3EGk9g/K9ZZtJP44yF5oW/WZGjlTQdo/plYTd/8COkNA9LX
z3f59ljvQaJNMOUBxnMJVqgvNufbdQehS5dbimhDn5CmBfC7mEpMbrlC7e0O43yl
Tu+BuNssvrX/d3hU7zCYVDDZjVgqSY78YMpvre9xj1WdSdCx9FHo97UcGRHAlm2m
IFIunvZB4s2nWafYAjZ2mg0/gEmn6pIUO+yTSziscoZOedwYDY6FRR26YDjDebF3
oy5AqgfF8pYACtaKRShJjEfncJhZGKYshuZbuRtXs3yfIQi3QT2MCaCpcZ7C2llS
/ire0qpq1Fp8a6tcyY/8ycr5fp7FO+SHPAQ9tnCZvej7N8guEF/LxkiekxQtkAYM
Fk3Ve4ihFpfy+vT7eF4k95nd067dOwWC+wo/RZMpl5ZBxZJ1ZNzR/Uf9WQ+26KpN
V3pu1cWuh4wjq9auz4MbU/sUMoC69HLDzxgPr8B0aKyU16nyy882R3Xp/SpKqhak
2l95vVi+vjz5YJ9xwoELQCGyb0HscmwNktOqNuev2tze7DpBq6SouK7mibVc9nhD
s9cpv6qFWLLPG9nXC2G5Ag0ETTIi8AEQAL7FzsM9ztt7nCWg8CD8uT5JB0rwGcZT
GZLKSHZAySNO1Gb0Zl0sKkp77UbBy1Unc7VAHmvfFVyUk8xuvkju/kKrLXu3xHNZ
tdIu/o/db4KgDi+ty7YyOrQrmT2a8/Gv5bwAdbtnYvK3i5FMC52iYK+Jd5I4TNAR
ajl+BaJXeuZ99Lf3GiBdkxVQ9B2Q9avUhwkqN0eYUHrZhGgsQ48LfFSnDS7RxBOY
3XX8/+28EqpQjDvHe34vVQXQ6xwusH1ZqD8Q9w1c+DkvS7aqa7pGMRVgcrejYp6e
rcXH4G5S/tzIqcnA0wTX3570grpsSNM1lIQ43f5mcfYuSdIpE0YiHwKVlvBiHnq/
elyVZEB6Ul00SuW8FbsnrC/w6EFO1Mw1W8nFPHAM2hBuMXYgb4nwNxfFcT0X7Bt1
1dxIZo3isTRckzwkoXjwB09w1QQK5VvDh4vRS8mCEWRKq3jIZACxYq0wvCMwfbzj
SpFwXlz3VEYAqOxZvbrOQ+0e8YBkrqxpygBI+Gw/yQMkh1KPUtswNyLzoQ4+Mul1
fDvpAJ44wIFZDnIrr77xzfJ7h6Br0m6o5TinaF87Oxd1QsrY2ba0UfEza8atMmN/
kwcHdzW4lvJyzzGr+skvhsMdTj/qdyVmCyr/F6FoUyGrq9C+Ww3iXjSbV5g5i/Ol
qurBVLPww8zdABEBAAGJAjwEGAECACYCGwwWIQSrmULm1KTPw0EmIKdJ/HASpd4D
rgUCWnZEdAUJEue8BAAKCRBJ/HASpd4DrlguEACoHU3QB6p7bTY2HdEMRTpz0+pe
E+OYJdB8/1JKqtW/odkTCQmodcJD1AO0jw5NGcFr0SyIzgXxrxFgCBTNGDNIoE+D
gw9Nm6sXwDkeuoyEWHMGPdAYA0da8R9VHmJAG9ezMlHzggpgXMR5DTs16usIqrhG
/gGEgvQWKl3snE+IDiGPLR8VwgF6g1dNEXvwCKhvnM700CBrQqbbmlL+JNVD0q8K
qgtGaf1vqdoDWTalsrqfHLusRUoJOLkJcnaxJnx7mGoBQSjGLuDWlQhg+laQr/H+
pgTbOAvfTPLIMQNUJDPg4FenoG2uMlAadDEKJnsyo0jblPuaE7b9VBIFAHgrRO2/
Dgi3/3lUC/srZtPWp+yde10BgFadCgz/jbcfoD2Uq8uOJ8notSFHkqwu5UH/T0qZ
Dd8H4HIgDCrIgOt2WaIriP/317xv5nqDCT/m7yKVxn/Uabu4GW5BFgLv1jUCrmNK
eLGNYnN6xg1djR9hrD7Bvoi4fOU+EnrDmslXr1XZzjrn5ricsY5ezyD1lKPFXEnM
X3gdVkKVzsBx0ZmhkFGiu1qZzGeWfLMDPNHmAZLN7Ovl/oEv7aVfWzzAaAy4kHPJ
utFoKSYJ9MjfAiFlY9XiihNMJ2ZL8csKEGNE6AC0fiArfzh6WBMUU0xFRlVE/D8/
UqdkAOEzK8aNJzzwqg==
=cPUl
-----END PGP PUBLIC KEY BLOCK-----

4
debian/watch vendored Normal file
View file

@ -0,0 +1,4 @@
version=4
opts=mode=git,pgpmode=gittag \
https://github.com/amnezia-vpn/amnezia-wg-tools.git \
refs/tags/v?([\d\.]+)

15
src/Makefile
View file

@ -92,18 +92,19 @@ clean:
$(RM) wg *.o *.d $(wildcard wincompat/*.o wincompat/*.lib wincompat/*.dll)
install: wg
@install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/wg"
@install -v -d "$(DESTDIR)$(MANDIR)/man8" && install -v -m 0644 man/wg.8 "$(DESTDIR)$(MANDIR)/man8/wg.8"
@install -v -d "$(DESTDIR)$(BINDIR)" && install -v -m 0755 wg "$(DESTDIR)$(BINDIR)/awg"
@install -v -d "$(DESTDIR)$(MANDIR)/man8" && install -v -m 0644 man/wg.8 "$(DESTDIR)$(MANDIR)/man8/awg.8"
@[ "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -v -m 0644 completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg"
install -v -d "$(DESTDIR)$(BASHCOMPDIR)" && install -v -m 0644 completion/wg.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/awg"
@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
install -v -m 0755 wg-quick/$(PLATFORM).bash "$(DESTDIR)$(BINDIR)/wg-quick" && install -v -m 0700 -d "$(DESTDIR)$(SYSCONFDIR)/wireguard"
install -v -m 0755 wg-quick/$(PLATFORM).bash "$(DESTDIR)$(BINDIR)/awg-quick" && install -v -m 0700 -d "$(DESTDIR)$(SYSCONFDIR)/amnezia/amneziawg"
@[ "$(WITH_WGQUICK)" = "yes" ] || exit 0; \
install -v -m 0644 man/wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/wg-quick.8"
install -v -m 0644 man/wg-quick.8 "$(DESTDIR)$(MANDIR)/man8/awg-quick.8"
@[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_BASHCOMPLETION)" = "yes" ] || exit 0; \
install -v -m 0644 completion/wg-quick.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/wg-quick"
install -v -m 0644 completion/wg-quick.bash-completion "$(DESTDIR)$(BASHCOMPDIR)/awg-quick"
@[ "$(WITH_WGQUICK)" = "yes" -a "$(WITH_SYSTEMDUNITS)" = "yes" ] || exit 0; \
install -v -d "$(DESTDIR)$(SYSTEMDUNITDIR)" && install -v -m 0644 systemd/* "$(DESTDIR)$(SYSTEMDUNITDIR)/"
install -v -d "$(DESTDIR)$(SYSTEMDUNITDIR)" && install -v -m 0644 systemd/wg-quick.target "$(DESTDIR)$(SYSTEMDUNITDIR)/awg-quick.target" && \
install -v -m 0644 systemd/wg-quick@.service "$(DESTDIR)$(SYSTEMDUNITDIR)/awg-quick@.service"
check: clean
scan-build --html-title=wireguard-tools -maxloop 100 --view --keep-going $(MAKE) wg

6
src/completion/wg-quick.bash-completion
View file

@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
_wg_quick_completion() {
_awg_quick_completion() {
local p i a search_paths old_glob
search_paths=( /etc/wireguard )
@ -27,7 +27,7 @@ _wg_quick_completion() {
COMPREPLY+=( "${a[@]}" )
elif [[ ${COMP_WORDS[1]} == down ]]; then
if [[ $OSTYPE == *openbsd* || $OSTYPE == *darwin* ]]; then
for i in /var/run/wireguard/*.name; do
for i in /var/run/amneziawg/*.name; do
i="${i##*/}"; i="${i%.name}"
mapfile -t a < <(compgen -W "$i" -- "${COMP_WORDS[2]}")
COMPREPLY+=( "${a[@]}" )
@ -40,4 +40,4 @@ _wg_quick_completion() {
eval "$old_glob"
}
complete -o filenames -o nosort -F _wg_quick_completion wg-quick
complete -o filenames -o nosort -F _awg_quick_completion awg-quick

4
src/completion/wg.bash-completion
View file

@ -1,7 +1,7 @@
# SPDX-License-Identifier: GPL-2.0
# Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
_wg_completion() {
_awg_completion() {
local a
if [[ $COMP_CWORD -eq 1 ]]; then
@ -96,4 +96,4 @@ _wg_completion() {
COMPREPLY+=( $(compgen -W "${words[*]}" -- "${COMP_WORDS[COMP_CWORD]}") )
}
complete -o nosort -F _wg_completion wg
complete -o nosort -F _awg_completion awg

54
src/ipc-freebsd.h
View file

@ -91,64 +91,64 @@ static int kernel_get_device(struct wgdevice **device, const char *ifname)
dev->flags |= WGDEVICE_HAS_LISTEN_PORT;
}
}
if (nvlist_exists_number(nvl_device, "junk_packet_count")) {
number = nvlist_get_number(nvl_device, "junk_packet_count");
if (nvlist_exists_number(nvl_device, "jc")) {
number = nvlist_get_number(nvl_device, "jc");
if (number <= UINT16_MAX){
dev->junk_packet_count = number;
dev->flags |= WGDEVICE_HAS_JC;
}
}
if (nvlist_exists_number(nvl_device, "junk_packet_min_size")) {
number = nvlist_get_number(nvl_device, "junk_packet_min_size");
if (nvlist_exists_number(nvl_device, "jmin")) {
number = nvlist_get_number(nvl_device, "jmin");
if (number <= UINT16_MAX){
dev->junk_packet_min_size = number;
dev->flags |= WGDEVICE_HAS_JMIN;
}
}
if (nvlist_exists_number(nvl_device, "junk_packet_max_size")) {
number = nvlist_get_number(nvl_device, "junk_packet_max_size");
if (nvlist_exists_number(nvl_device, "jmax")) {
number = nvlist_get_number(nvl_device, "jmax");
if (number <= UINT16_MAX){
dev->junk_packet_max_size = number;
dev->flags |= WGDEVICE_HAS_JMAX;
}
}
if (nvlist_exists_number(nvl_device, "init_packet_junk_size")) {
number = nvlist_get_number(nvl_device, "init_packet_junk_size");
if (nvlist_exists_number(nvl_device, "s1")) {
number = nvlist_get_number(nvl_device, "s1");
if (number <= UINT16_MAX){
dev->init_packet_junk_size = number;
dev->flags |= WGDEVICE_HAS_S1;
}
}
if (nvlist_exists_number(nvl_device, "response_packet_junk_size")) {
number = nvlist_get_number(nvl_device, "response_packet_junk_size");
if (nvlist_exists_number(nvl_device, "s2")) {
number = nvlist_get_number(nvl_device, "s2");
if (number <= UINT16_MAX){
dev->response_packet_junk_size = number;
dev->flags |= WGDEVICE_HAS_S2;
}
}
if (nvlist_exists_number(nvl_device, "init_packet_magic_header")) {
number = nvlist_get_number(nvl_device, "init_packet_magic_header");
if (nvlist_exists_number(nvl_device, "h1")) {
number = nvlist_get_number(nvl_device, "h1");
if (number <= UINT32_MAX){
dev->init_packet_magic_header = number;
dev->flags |= WGDEVICE_HAS_H1;
}
}
if (nvlist_exists_number(nvl_device, "response_packet_magic_header")) {
number = nvlist_get_number(nvl_device, "response_packet_magic_header");
if (nvlist_exists_number(nvl_device, "h2")) {
number = nvlist_get_number(nvl_device, "h2");
if (number <= UINT32_MAX){
dev->response_packet_magic_header = number;
dev->flags |= WGDEVICE_HAS_H2;
}
}
if (nvlist_exists_number(nvl_device, "underload_packet_magic_header")) {
number = nvlist_get_number(nvl_device, "underload_packet_magic_header");
if (nvlist_exists_number(nvl_device, "h3")) {
number = nvlist_get_number(nvl_device, "h3");
if (number <= UINT32_MAX){
dev->underload_packet_magic_header = number;
dev->flags |= WGDEVICE_HAS_H3;
}
}
if (nvlist_exists_number(nvl_device, "transport_packet_magic_header")) {
number = nvlist_get_number(nvl_device, "transport_packet_magic_header");
if (nvlist_exists_number(nvl_device, "h4")) {
number = nvlist_get_number(nvl_device, "h4");
if (number <= UINT32_MAX){
dev->transport_packet_magic_header = number;
dev->flags |= WGDEVICE_HAS_H4;
@ -337,23 +337,23 @@ static int kernel_set_device(struct wgdevice *dev)
if (dev->flags & WGDEVICE_HAS_LISTEN_PORT)
nvlist_add_number(nvl_device, "listen-port", dev->listen_port);
if (dev->flags & WGDEVICE_HAS_JC)
nvlist_add_number(nvl_device, "junk_packet_count", dev->junk_packet_count);
nvlist_add_number(nvl_device, "jc", dev->junk_packet_count);
if (dev->flags & WGDEVICE_HAS_JMIN)
nvlist_add_number(nvl_device, "junk_packet_min_size", dev->junk_packet_min_size);
nvlist_add_number(nvl_device, "jmin", dev->junk_packet_min_size);
if (dev->flags & WGDEVICE_HAS_JMAX)
nvlist_add_number(nvl_device, "junk_packet_max_size", dev->junk_packet_max_size);
nvlist_add_number(nvl_device, "jmax", dev->junk_packet_max_size);
if (dev->flags & WGDEVICE_HAS_S1)
nvlist_add_number(nvl_device, "init_packet_junk_size", dev->init_packet_junk_size);
nvlist_add_number(nvl_device, "s1", dev->init_packet_junk_size);
if (dev->flags & WGDEVICE_HAS_S2)
nvlist_add_number(nvl_device, "response_packet_junk_size", dev->response_packet_junk_size);
nvlist_add_number(nvl_device, "s2", dev->response_packet_junk_size);
if (dev->flags & WGDEVICE_HAS_H1)
nvlist_add_number(nvl_device, "init_packet_magic_header", dev->init_packet_magic_header);
nvlist_add_number(nvl_device, "h1", dev->init_packet_magic_header);
if (dev->flags & WGDEVICE_HAS_H2)
nvlist_add_number(nvl_device, "response_packet_magic_header", dev->response_packet_magic_header);
nvlist_add_number(nvl_device, "h2", dev->response_packet_magic_header);
if (dev->flags & WGDEVICE_HAS_H3)
nvlist_add_number(nvl_device, "underload_packet_magic_header", dev->underload_packet_magic_header);
nvlist_add_number(nvl_device, "h3", dev->underload_packet_magic_header);
if (dev->flags & WGDEVICE_HAS_H4)
nvlist_add_number(nvl_device, "transport_packet_magic_header", dev->transport_packet_magic_header);
nvlist_add_number(nvl_device, "h4", dev->transport_packet_magic_header);
if (dev->flags & WGDEVICE_HAS_FWMARK)
nvlist_add_number(nvl_device, "user-cookie", dev->fwmark);
if (dev->flags & WGDEVICE_REPLACE_PEERS)

54
src/ipc-linux.h
View file

@ -459,41 +459,59 @@ static int parse_device(const struct nlattr *attr, void *data)
break;
case WGDEVICE_A_PEERS:
return mnl_attr_parse_nested(attr, parse_peers, device);
case WGDEVICE_HAS_JC:
if (!mnl_attr_validate(attr, MNL_TYPE_U16))
case WGDEVICE_A_JC:
if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
device->junk_packet_count = mnl_attr_get_u16(attr);
device->flags |= WGDEVICE_HAS_JC;
}
break;
case WGDEVICE_HAS_JMIN:
if (!mnl_attr_validate(attr, MNL_TYPE_U16))
case WGDEVICE_A_JMIN:
if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
device->junk_packet_min_size = mnl_attr_get_u16(attr);
device->flags |= WGDEVICE_HAS_JMIN;
}
break;
case WGDEVICE_HAS_JMAX:
if (!mnl_attr_validate(attr, MNL_TYPE_U16))
case WGDEVICE_A_JMAX:
if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
device->junk_packet_max_size = mnl_attr_get_u16(attr);
device->flags |= WGDEVICE_HAS_JMAX;
}
break;
case WGDEVICE_HAS_S1:
if (!mnl_attr_validate(attr, MNL_TYPE_U16))
case WGDEVICE_A_S1:
if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
device->init_packet_junk_size = mnl_attr_get_u16(attr);
device->flags |= WGDEVICE_HAS_S1;
}
break;
case WGDEVICE_HAS_S2:
if (!mnl_attr_validate(attr, MNL_TYPE_U16))
case WGDEVICE_A_S2:
if (!mnl_attr_validate(attr, MNL_TYPE_U16)) {
device->response_packet_junk_size = mnl_attr_get_u16(attr);
device->flags |= WGDEVICE_HAS_S2;
}
break;
case WGDEVICE_HAS_H1:
if (!mnl_attr_validate(attr, MNL_TYPE_U32))
case WGDEVICE_A_H1:
if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
device->init_packet_magic_header = mnl_attr_get_u32(attr);
device->flags |= WGDEVICE_HAS_H1;
}
break;
case WGDEVICE_HAS_H2:
if (!mnl_attr_validate(attr, MNL_TYPE_U32))
case WGDEVICE_A_H2:
if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
device->response_packet_magic_header = mnl_attr_get_u32(attr);
device->flags |= WGDEVICE_HAS_H2;
}
break;
case WGDEVICE_HAS_H3:
if (!mnl_attr_validate(attr, MNL_TYPE_U32))
case WGDEVICE_A_H3:
if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
device->underload_packet_magic_header = mnl_attr_get_u32(attr);
device->flags |= WGDEVICE_HAS_H3;
}
break;
case WGDEVICE_HAS_H4:
if (!mnl_attr_validate(attr, MNL_TYPE_U32))
case WGDEVICE_A_H4:
if (!mnl_attr_validate(attr, MNL_TYPE_U32)) {
device->transport_packet_magic_header = mnl_attr_get_u32(attr);
device->flags |= WGDEVICE_HAS_H4;
}
break;
}

2
src/ipc-uapi-unix.h
View file

@ -14,7 +14,7 @@
#include <sys/stat.h>
#include <sys/un.h>
#define SOCK_PATH RUNSTATEDIR "/wireguard/"
#define SOCK_PATH RUNSTATEDIR "/amneziawg/"
#define SOCK_SUFFIX ".sock"
static FILE *userspace_interface_file(const char *iface)

12
src/systemd/wg-quick@.service
View file

@ -2,9 +2,9 @@
Description=WireGuard via wg-quick(8) for %I
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
PartOf=wg-quick.target
Documentation=man:wg-quick(8)
Documentation=man:wg(8)
PartOf=awg-quick.target
Documentation=man:awg-quick(8)
Documentation=man:awg(8)
Documentation=https://www.wireguard.com/
Documentation=https://www.wireguard.com/quickstart/
Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
@ -13,9 +13,9 @@ Documentation=https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/wg-quick up %i
ExecStop=/usr/bin/wg-quick down %i
ExecReload=/bin/bash -c 'exec /usr/bin/wg syncconf %i <(exec /usr/bin/wg-quick strip %i)'
ExecStart=/usr/bin/awg-quick up %i
ExecStop=/usr/bin/awg-quick down %i
ExecReload=/bin/bash -c 'exec /usr/bin/awg syncconf %i <(exec /usr/bin/awg-quick strip %i)'
Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
[Install]

2
src/uapi/linux/linux/wireguard.h
View file

@ -131,7 +131,7 @@
#ifndef _WG_UAPI_WIREGUARD_H
#define _WG_UAPI_WIREGUARD_H
#define WG_GENL_NAME "wireguard"
#define WG_GENL_NAME "amneziawg"
#define WG_GENL_VERSION 1
#define WG_KEY_LEN 32

26
src/wg-quick/android.c
View file

@ -41,6 +41,7 @@
static bool is_exiting = false;
static bool binder_available = false;
static unsigned int sdk_version;
static bool is_asecurity_on = false;
static void *xmalloc(size_t size)
{
@ -632,7 +633,10 @@ static void auto_su(int argc, char *argv[])
static void add_if(const char *iface)
{
cmd("ip link add %s type wireguard", iface);
if (is_asecurity_on)
cmd("amneziawg-go %s", iface);
else
cmd("ip link add %s type wireguard", iface);
}
static void del_if(const char *iface)
@ -1256,6 +1260,24 @@ static void parse_options(char **iface, char **config, unsigned int *mtu, char *
} else if (!strncasecmp(clean, "MTU=", 4) && j > 4) {
*mtu = atoi(clean + 4);
continue;
} else if (!strncasecmp(clean, "Jc=", 3) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "Jmin=", 5) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "Jmax=", 5) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "S1=", 3) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "S2=", 3) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "H1=", 3) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "H2=", 3) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "H3=", 3) && j > 4 {
is_asecurity_on = true;
} else if (!strncasecmp(clean, "H4=", 3) && j > 4 {
is_asecurity_on = true;
}
}
*config = concat_and_free(*config, "", line);
@ -1300,4 +1322,4 @@ int main(int argc, char *argv[])
return 1;
}
return 0;
}
}

0
src/wg-quick/wg → src/wg-quick/awg
View file

18
src/wg-quick/darwin.bash
View file

@ -41,7 +41,7 @@ die() {
[[ ${BASH_VERSINFO[0]} -ge 4 ]] || die "Version mismatch: bash ${BASH_VERSINFO[0]} detected, when bash 4+ required"
CONFIG_SEARCH_PATHS=( /etc/wireguard /usr/local/etc/wireguard )
CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg )
parse_options() {
local interface_section=0 line key value stripped path v
@ -110,10 +110,10 @@ auto_su() {
get_real_interface() {
local interface diff
wg show interfaces >/dev/null
[[ -f "/var/run/wireguard/$INTERFACE.name" ]] || return 1
interface="$(< "/var/run/wireguard/$INTERFACE.name")"
[[ -n $interface && -S "/var/run/wireguard/$interface.sock" ]] || return 1
diff=$(( $(stat -f %m "/var/run/wireguard/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) ))
[[ -f "/var/run/amneziawg/$INTERFACE.name" ]] || return 1
interface="$(< "/var/run/amneziawg/$INTERFACE.name")"
[[ -n $interface && -S "/var/run/amneziawg/$interface.sock" ]] || return 1
diff=$(( $(stat -f %m "/var/run/amneziawg/$interface.sock" 2>/dev/null || echo 200) - $(stat -f %m "/var/run/wireguard/$INTERFACE.name" 2>/dev/null || echo 100) ))
[[ $diff -ge 2 || $diff -le -2 ]] && return 1
REAL_INTERFACE="$interface"
echo "[+] Interface for $INTERFACE is $REAL_INTERFACE" >&2
@ -121,9 +121,9 @@ get_real_interface() {
}
add_if() {
export WG_TUN_NAME_FILE="/var/run/wireguard/$INTERFACE.name"
mkdir -p "/var/run/wireguard/"
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" utun
export WG_TUN_NAME_FILE="/var/run/amneziawg/$INTERFACE.name"
mkdir -p "/var/run/amneziawg/"
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" utun
get_real_interface
}
@ -519,4 +519,4 @@ fi
[[ -n $LAUNCHED_BY_LAUNCHD ]] && wait
exit 0
exit 0

29
src/wg-quick/freebsd.bash
View file

@ -28,6 +28,8 @@ CONFIG_FILE=""
PROGRAM="${0##*/}"
ARGS=( "$@" )
IS_ASESCURITY_ON=0
cmd() {
echo "[#] $*" >&3
"$@"
@ -38,7 +40,7 @@ die() {
exit 1
}
CONFIG_SEARCH_PATHS=( /etc/wireguard /usr/local/etc/wireguard )
CONFIG_SEARCH_PATHS=( /etc/amnezia/amneziawg /usr/local/etc/amnezia/amneziawg )
unset ORIGINAL_TMPDIR
make_temp() {
@ -96,6 +98,17 @@ parse_options() {
PostDown) POST_DOWN+=( "$value" ); continue ;;
SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
esac
case "$key" in
Jc);&
Jmin);&
Jmax);&
S1);&
S2);&
H1);&
H2);&
H3);&
H4) IS_ASESCURITY_ON=1;;
esac
fi
WG_CONFIG+="$line"$'\n'
done < "$CONFIG_FILE"
@ -116,7 +129,11 @@ auto_su() {
add_if() {
local ret rc
if ret="$(cmd ifconfig wg create name "$INTERFACE" 2>&1 >/dev/null)"; then
local cmd="ifconfig wg create name "$INTERFACE""
if [[ $IS_ASESCURITY_ON == 1 ]]; then
cmd="amneziawg-go "$INTERFACE"";
fi
if ret="$(cmd $cmd 2>&1 >/dev/null)"; then
return 0
fi
rc=$?
@ -125,7 +142,7 @@ add_if() {
return $rc
fi
echo "[!] Missing WireGuard kernel support ($ret). Falling back to slow userspace implementation." >&3
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE"
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE"
}
del_routes() {
@ -154,8 +171,8 @@ del_routes() {
del_if() {
[[ $HAVE_SET_DNS -eq 0 ]] || unset_dns
if [[ -S /var/run/wireguard/$INTERFACE.sock ]]; then
cmd rm -f "/var/run/wireguard/$INTERFACE.sock"
if [[ -S /var/run/amneziawg/$INTERFACE.sock ]]; then
cmd rm -f "/var/run/amneziawg/$INTERFACE.sock"
else
cmd ifconfig "$INTERFACE" destroy
fi
@ -484,4 +501,4 @@ else
exit 1
fi
exit 0
exit 0

38
src/wg-quick/linux.bash
View file

@ -40,7 +40,7 @@ die() {
parse_options() {
local interface_section=0 line key value stripped v
CONFIG_FILE="$1"
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/amnezia/amneziawg/$CONFIG_FILE.conf"
[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
[[ $CONFIG_FILE =~ (^|/)([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
CONFIG_FILE="$(readlink -f "$CONFIG_FILE")"
@ -87,11 +87,11 @@ auto_su() {
add_if() {
local ret
if ! cmd ip link add "$INTERFACE" type wireguard; then
if ! cmd ip link add "$INTERFACE" type amneziawg; then
ret=$?
[[ -e /sys/module/wireguard ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" >/dev/null && exit $ret
echo "[!] Missing WireGuard kernel module. Falling back to slow userspace implementation." >&2
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-wireguard-go}" "$INTERFACE"
[[ -e /sys/module/amneziawg ]] || ! command -v "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" >/dev/null && exit $ret
echo "[!] Missing WireGuard (Amnezia VPN) kernel module. Falling back to slow userspace implementation." >&2
cmd "${WG_QUICK_USERSPACE_IMPLEMENTATION:-amneziawg-go}" "$INTERFACE"
fi
}
@ -99,7 +99,7 @@ del_if() {
local table
[[ $HAVE_SET_DNS -eq 0 ]] || unset_dns
[[ $HAVE_SET_FIREWALL -eq 0 ]] || remove_firewall
if [[ -z $TABLE || $TABLE == auto ]] && get_fwmark table && [[ $(wg show "$INTERFACE" allowed-ips) =~ /0(\ |$'\n'|$) ]]; then
if [[ -z $TABLE || $TABLE == auto ]] && get_fwmark table && [[ $(awg show "$INTERFACE" allowed-ips) =~ /0(\ |$'\n'|$) ]]; then
while [[ $(ip -4 rule show 2>/dev/null) == *"lookup $table"* ]]; do
cmd ip -4 rule delete table $table
done
@ -132,7 +132,7 @@ set_mtu_up() {
[[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue
output="$(ip route get "${BASH_REMATCH[1]}" || true)"
[[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) && $(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
done < <(wg show "$INTERFACE" endpoints)
done < <(awg show "$INTERFACE" endpoints)
if [[ $mtu -eq 0 ]]; then
read -r output < <(ip route show default || true) || true
[[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) && $(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) && ${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
@ -180,7 +180,7 @@ add_route() {
get_fwmark() {
local fwmark
fwmark="$(wg show "$INTERFACE" fwmark)" || return 1
fwmark="$(awg show "$INTERFACE" fwmark)" || return 1
[[ -n $fwmark && $fwmark != off ]] || return 1
printf -v "$1" "%d" "$fwmark"
return 0
@ -199,7 +199,7 @@ remove_firewall() {
for iptables in iptables ip6tables; do
restore="" found=0
while read -r line; do
[[ $line == "*"* || $line == COMMIT || $line == "-A "*"-m comment --comment \"wg-quick(8) rule for $INTERFACE\""* ]] || continue
[[ $line == "*"* || $line == COMMIT || $line == "-A "*"-m comment --comment \"awg-quick(8) rule for $INTERFACE\""* ]] || continue
[[ $line == "-A"* ]] && found=1
printf -v restore '%s%s\n' "$restore" "${line/#-A/-D}"
done < <($iptables-save 2>/dev/null)
@ -216,7 +216,7 @@ add_default() {
while [[ -n $(ip -4 route show table $table 2>/dev/null) || -n $(ip -6 route show table $table 2>/dev/null) ]]; do
((table++))
done
cmd wg set "$INTERFACE" fwmark $table
cmd awg set "$INTERFACE" fwmark $table
fi
local proto=-4 iptables=iptables pf=ip
[[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6
@ -224,7 +224,7 @@ add_default() {
cmd ip $proto rule add table main suppress_prefixlength 0
cmd ip $proto route add "$1" dev "$INTERFACE" table $table
local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
local marker="-m comment --comment \"awg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd
printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable"
printf -v nftcmd '%sadd chain %s %s preraw { type filter hook prerouting priority -300; }\n' "$nftcmd" "$pf" "$nftable"
printf -v nftcmd '%sadd chain %s %s premangle { type filter hook prerouting priority -150; }\n' "$nftcmd" "$pf" "$nftable"
@ -248,7 +248,7 @@ add_default() {
}
set_config() {
cmd wg setconf "$INTERFACE" <(echo "$WG_CONFIG")
cmd awg setconf "$INTERFACE" <(echo "$WG_CONFIG")
}
save_config() {
@ -278,7 +278,7 @@ save_config() {
done
old_umask="$(umask)"
umask 077
current_config="$(cmd wg showconf "$INTERFACE")"
current_config="$(cmd awg showconf "$INTERFACE")"
trap 'rm -f "$CONFIG_FILE.tmp"; exit' INT TERM EXIT
echo "${current_config/\[Interface\]$'\n'/$new_config}" > "$CONFIG_FILE.tmp" || die "Could not write configuration file"
sync "$CONFIG_FILE.tmp"
@ -302,8 +302,8 @@ cmd_usage() {
CONFIG_FILE is a configuration file, whose filename is the interface name
followed by \`.conf'. Otherwise, INTERFACE is an interface name, with
configuration found at /etc/wireguard/INTERFACE.conf. It is to be readable
by wg(8)'s \`setconf' sub-command, with the exception of the following additions
configuration found at /etc/amnezia/INTERFACE.conf. It is to be readable
by awg(8)'s \`setconf' sub-command, with the exception of the following additions
to the [Interface] section, which are handled by $PROGRAM:
- Address: may be specified one or more times and contains one or more
@ -319,7 +319,7 @@ cmd_usage() {
- SaveConfig: if set to \`true', the configuration is saved from the current
state of the interface upon shutdown.
See wg-quick(8) for more info and examples.
See awg-quick(8) for more info and examples.
_EOF
}
@ -335,7 +335,7 @@ cmd_up() {
done
set_mtu_up
set_dns
for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(wg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do
for i in $(while read -r _ i; do for i in $i; do [[ $i =~ ^[0-9a-z:.]+/[0-9]+$ ]] && echo "$i"; done; done < <(awg show "$INTERFACE" allowed-ips) | sort -nr -k 2 -t /); do
add_route "$i"
done
execute_hooks "${POST_UP[@]}"
@ -343,7 +343,7 @@ cmd_up() {
}
cmd_down() {
[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
[[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
execute_hooks "${PRE_DOWN[@]}"
[[ $SAVE_CONFIG -eq 0 ]] || save_config
del_if
@ -353,7 +353,7 @@ cmd_down() {
}
cmd_save() {
[[ " $(wg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
[[ " $(awg show interfaces) " == *" $INTERFACE "* ]] || die "\`$INTERFACE' is not a WireGuard interface"
save_config
}

35
src/wg-quick/openbsd.bash
View file

@ -27,6 +27,7 @@ SAVE_CONFIG=0
CONFIG_FILE=""
PROGRAM="${0##*/}"
ARGS=( "$@" )
IS_ASESCURITY_ON=0
cmd() {
echo "[#] $*" >&3
@ -41,7 +42,7 @@ die() {
parse_options() {
local interface_section=0 line key value stripped
CONFIG_FILE="$1"
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,15}$ ]] && CONFIG_FILE="/etc/amnezia/amneziawg/$CONFIG_FILE.conf"
[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
[[ $CONFIG_FILE =~ (^|/)([a-zA-Z0-9_=+.-]{1,15})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
CONFIG_FILE="$(readlink -f "$CONFIG_FILE")"
@ -68,6 +69,17 @@ parse_options() {
PostDown) POST_DOWN+=( "$value" ); continue ;;
SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
esac
case "$key" in
Jc);&
Jmin);&
Jmax);&
S1);&
S2);&
H1);&
H2);&
H3);&
H4) IS_ASESCURITY_ON=1;;
esac
fi
WG_CONFIG+="$line"$'\n'
done < "$CONFIG_FILE"
@ -106,14 +118,19 @@ add_if() {
while true; do
local -A existing_ifs="( $(wg show interfaces | sed 's/\([^ ]*\)/[\1]=1/g') )"
local index ret
for ((index=0; index <= 2147483647; ++index)); do [[ -v existing_ifs[wg$index] ]] || break; done
if ret="$(cmd ifconfig wg$index create description "wg-quick: $INTERFACE" 2>&1)"; then
REAL_INTERFACE="wg$index"
return 0
if [[ $IS_ASESCURITY_ON == 1 ]]; then
cmd "amneziawg-go "$INTERFACE"";
return $?
else
for ((index=0; index <= 2147483647; ++index)); do [[ -v existing_ifs[wg$index] ]] || break; done
if ret="$(cmd ifconfig wg$index create description "wg-quick: $INTERFACE" 2>&1)"; then
REAL_INTERFACE="wg$index"
return 0
fi
[[ $ret == *"ifconfig: SIOCIFCREATE: File exists"* ]] && continue
echo "$ret" >&3
return 1
fi
[[ $ret == *"ifconfig: SIOCIFCREATE: File exists"* ]] && continue
echo "$ret" >&3
return 1
done
}
@ -478,4 +495,4 @@ else
exit 1
fi
exit 0
exit 0