From patchwork Tue May 16 04:09:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 50035 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C384027BBE9; Tue, 16 May 2023 05:11:47 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id F41A327BBE2 for ; Tue, 16 May 2023 05:11:46 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pym1j-0008KK-Mm; Tue, 16 May 2023 00:11:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pym1g-0008JJ-UU for guix-patches@gnu.org; Tue, 16 May 2023 00:11:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pym1g-0002pu-13 for guix-patches@gnu.org; Tue, 16 May 2023 00:11:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pym1f-00023S-SN for guix-patches@gnu.org; Tue, 16 May 2023 00:11:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v3 3/3] services: wireguard: Workaround keep-alives bug. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 16 May 2023 04:11:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.16842102577858 (code B ref 63402); Tue, 16 May 2023 04:11:03 +0000 Received: (at 63402) by debbugs.gnu.org; 16 May 2023 04:10:57 +0000 Received: from localhost ([127.0.0.1]:44876 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pym1Y-00022g-OE for submit@debbugs.gnu.org; Tue, 16 May 2023 00:10:57 -0400 Received: from mail-qv1-f54.google.com ([209.85.219.54]:60648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pym1V-00022C-CR for 63402@debbugs.gnu.org; Tue, 16 May 2023 00:10:54 -0400 Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-61b5a653df7so118446576d6.0 for <63402@debbugs.gnu.org>; Mon, 15 May 2023 21:10:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684210248; x=1686802248; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JcTcv/Aw7Vjf3SttVzvHv8nhjL8pJjQ48Rsechc2B1I=; b=FMmFe/NNU8KdQYJ9flEiGmUrF5CZiIb/Fyj08Op7FYk9gbU501pX+ynxAalTPuYtq+ LvsWKKEUBuHVUQ2qhCAHegWAGbJLzhC/hY1QJ8zARG+qIs6uF01pixWiv4YgrWceEyQu dVRaovajCRXz23tJyZk7rMezlmm6DunA88UAPnolQXzxKRjqd71AWHoXRDHLocZEYCPb ETA6s4ImT1TjqKd1A3e+mM4xYAUt98UN0EjVp9LEmYVflsKja8D9wcK+koRUb6A0yxiz w/CRcNRe5UOTmPSPd8Gg7EorN7GUiioL1Efss7205e9z0+5SC6soI3gFzMZEbhfwB4lt 9zJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684210248; x=1686802248; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JcTcv/Aw7Vjf3SttVzvHv8nhjL8pJjQ48Rsechc2B1I=; b=VPRxegiuPdMMzGQde8X4gpHZZvBTTmTjU7FVr2B6O3PQvC32Z2LmKSiEuoDOyTHSUd whJpp58BPTZxnmAD3WBSevgQUv13fthptd+M2EfRu0L8N7dQBWJNblVsYambWz7ngSE2 Sa0TZD9uY8sniYsTmvbfQErjyq1oCfjZP2sp1WIK+C4S0o3ztaYOSUA0Uo6QKH/cq8Uh qzyphY9oEjEnka2s9zLhIC6d3P8yH4ObnV8dX2Y3SK/mPYp+hhjQ2GzNFXJ4maK0Hc4A eBOZH4tIn41fO3hESdUjojbObJFJmUgm5TVTEoEBBPLT7+pQI4tXHcidINfbBkueUHY7 v9xA== X-Gm-Message-State: AC+VfDwyPcBRN7gfsDu4CvbWpFIBloK0Ck52A5JILt6irrZCFeSljiJF 7HNRXy+h0YcmulcuTqwxEUxzBuPzrCBp2MeU X-Google-Smtp-Source: ACHHUZ7rAYV1XDvJ0b4bfXhRLX5nLCFgsnUTc4YBo7CV8H0RGJ5JHIcgj2MFSrN3EYnv3FVYpyYYMw== X-Received: by 2002:a05:6214:4118:b0:622:7b7f:ed2f with SMTP id kc24-20020a056214411800b006227b7fed2fmr21521992qvb.18.1684210247767; Mon, 15 May 2023 21:10:47 -0700 (PDT) Received: from localhost.localdomain (dsl-205-236-230-106.b2b2c.ca. [205.236.230.106]) by smtp.gmail.com with ESMTPSA id f21-20020a0caa95000000b005f2dba7a5b0sm5367347qvb.132.2023.05.15.21.10.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 May 2023 21:10:47 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 16 May 2023 00:09:08 -0400 Message-Id: <7ae336651ea9af2aa191e99b8f046bfbc24a1335.1684210148.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <76b34e5229e0e97068cb3bd42152f29630a8dbfc.1684210148.git.maxim.cournoyer@gmail.com> References: <76b34e5229e0e97068cb3bd42152f29630a8dbfc.1684210148.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/services/vpn.scm (wireguard-configuration-file): Add the 'persistent-keepalive' option to the PostUp script to workaround a bug. --- gnu/services/vpn.scm | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 3f66db79de..587bfcfc0e 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -774,18 +774,19 @@ (define (wireguard-configuration-file config) (format #f "~@[PersistentKeepalive = ~a~]" keep-alive)))) (string-join (remove string-null? lines) "\n")))) - (define (peers->preshared-keys peer keys) - (let ((public-key (wireguard-peer-public-key peer)) - (preshared-key (wireguard-peer-preshared-key peer))) - (if preshared-key - (cons* public-key preshared-key keys) - keys))) + (define (peers->preshared-keys+keep-alive peer data) + (match-record peer + (public-key preshared-key keep-alive) + (if (or preshared-key keep-alive) + (cons* public-key preshared-key keep-alive data) + data))) (match-record config (wireguard interface addresses port private-key peers dns pre-up post-up pre-down post-down table) (let* ((config-file (string-append interface ".conf")) - (peer-keys (fold peers->preshared-keys (list) peers)) + (peer-keys+keep-alive (fold peers->preshared-keys+keep-alive + '() peers)) (peers (map peer->config peers)) (config (computed-file @@ -805,9 +806,14 @@ (define (wireguard-configuration-file config) #$@(if (null? pre-up) '() (list (format #f "~{PreUp = ~a~%~}" pre-up))) + ;; Duplicate the persistent-keepalive setting here, to + ;; workaround a bug in WireGuard where keep-alives are not + ;; sent when an interface is initially brought up without + ;; a private key. (format #f "PostUp = ~a set %i private-key ~a\ -~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg") -#$private-key '#$peer-keys) +~{ peer ~a~@[ preshared-key ~a~]~@[ persistent-keepalive ~a~]~}" + #$(file-append wireguard "/bin/wg") + #$private-key '#$peer-keys+keep-alive) #$@(if (null? post-up) '() (list (format #f "~{PostUp = ~a~%~}" post-up)))