Commit 6ae3a8c6 authored by Slugger@Github's avatar Slugger@Github Committed by Derek Battams
Browse files

testing/piawgmgr: new aport

https://github.com/Slugger/piawgmgr
A management service for WireGuard connections to PIA
parent 4b638599
# Contributor: Derek Battams <derek@battams.ca>
# Maintainer: Derek Battams <derek@battams.ca>
pkgname=piawgmgr
pkgver=0.0.0
pkgrel=0
pkgdesc="WireGuard management service for PIA"
url="https://github.com/Slugger/piawgmgr"
arch="noarch"
license="GPL-3.0-or-later"
options="!check" # tests run upstream
depends="wireguard-tools wireguard-lts openjdk8-jre-base sudo iputils"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade $pkgname.pre-deinstall"
subpackages="$pkgname-doc $pkgname-openrc"
source="
piawgmgr.initd
piawgmgr.confd
https://github.com/Slugger/piawgmgr/releases/download/$pkgver/piawgmgr-jar-$pkgver.tgz
piawgmgr
piawgmgr.properties.ref
piawgmgr.properties.sample
piawgmgr.logrotate
piawgmgr.sudoers
piawgmgr.man
"
builddir="$srcdir/"
build() {
return 0
}
package() {
gzip -k "$srcdir"/piawgmgr.man
install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
install -m644 -D "$srcdir"/*.jar "$pkgdir"/usr/share/piawgmgr/piawgmgr.jar
install -m755 -D "$srcdir"/piawgmgr "$pkgdir"/usr/bin/piawgmgr
install -m644 -D "$srcdir"/piawgmgr.properties.ref "$pkgdir"/etc/piawgmgr/piawgmgr.properties.ref
install -m644 -D "$srcdir"/piawgmgr.properties.sample "$pkgdir"/etc/piawgmgr/piawgmgr.properties.sample
install -m644 -D "$srcdir"/piawgmgr.logrotate "$pkgdir"/etc/logrotate.d/piawgmgr
install -m400 -D "$srcdir"/piawgmgr.sudoers "$pkgdir"/etc/sudoers.d/piawgmgr
install -m644 -D "$srcdir"/piawgmgr.man.gz "$pkgdir"/usr/share/man/man1/piawgmgr.gz
}
sha512sums="2730f5a9e35e5a4ed1623d1a75d2c922cc957de111f3cab47f5dac4c1ba7fd4dcd9d2d60cdc444458e2c4d518068fc50aac6d743b0edae97705107943c13a212 piawgmgr.initd
cffc7c0be5368b2ffdcd02cb0f34155754b944077b04e46be210f0cce71275718a0c6ca7dcfd6d57c8f8690a9e8f08b8466cee5e630f947657cf925e8ae99c06 piawgmgr.confd
fc70d961b7795a673106b58ca4094b4d01b000855ac8bfdec10779c87c4e9f3f291291154b23dea998528d9f37a8f10f8337a952448d63c67645a34914698744 piawgmgr-jar-0.0.0.tgz
7c098aa91a0568c825f6d9b47bb0c4824f8e3f72b555a72685d5be64b7ce1aa17b6be9acb4d41e4428bf5b7064067f1fbc236363a643e62ea80dc1a22600d5dd piawgmgr
c190f00cfd0ed8e0e2fb7466c72df16e47aa6cf3b9644ec31b7d931c0d4daafbef5a5ef9210b4a2f714873b0e25b6c080079675dfbb267ce9b135c73c27f6bff piawgmgr.properties.ref
ee6f1cbffae979558ffcfaa5ba936b2ddf0a4540378c75804522447070568da0638ca15441992e2f035a2eb2e82ba8734c2bff471652e48f6186cb6e924d261c piawgmgr.properties.sample
934b996d547ec1d37f7edf0c26bd1b50c4d48120b112bd305aa3ae59c7441a280076b910d63d188b91cea0ce5e2e250855d3e9d4bd2e69dd57dca8ab8cccbc93 piawgmgr.logrotate
f2509e0146789a04e04697fbbf93c904742d1a47b02954957e1f7403ad985c11deaad6ca37b9bfbf9314572a6c90fcbb0b9a168e127b579559012a8cf841de14 piawgmgr.sudoers
6330588a6d55ff2b6a063d6187ef8f9342fa9c09211dc6343a9e2322069d0c0579befbcf7284d294de97c19fc871e2873d54e2a51a0eff8f659ac0b3b4850059 piawgmgr.man"
#!/usr/bin/env sh
# piawgmgr: A Wireguard interface manager for PIA
#
# Copyright (C) 2020 Battams, Derek <derek@battams.ca>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
##############################################################################
##
## piawgmgr start up script for UN*X
##
## borrowed from gradle application plugin with modifications
##
##############################################################################
APP_NAME="piawgmgr"
APP_BASE_NAME=`basename "$0"`
APP_HOME=/usr/share/piawgmgr
# Add default JVM options here. You can also use JAVA_OPTS and PIAWGMGR_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn ( ) {
echo "$*"
}
die ( ) {
echo
echo "$*"
echo
exit 1
}
JARPATH=$APP_HOME/piawgmgr.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
# Escape application args
save ( ) {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=$(save "$@")
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $PIAWGMGR_OPTS -jar "\"$JARPATH\"" "$APP_ARGS"
exec "$JAVACMD" "$@" --spring.config.location=/etc/piawgmgr/piawgmgr.properties
#
# Specifiy any custom JVM options here
#
PIAWGMGR_OPTS=""
#!/sbin/openrc-run
# piawgmgr: A Wireguard interface manager for PIA
#
# Copyright (C) 2020 Battams, Derek <derek@battams.ca>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
name=piawgmgr
command="/usr/bin/$name"
pidfile="/run/$name.pid"
depend() {
need net
after firewall
}
start() {
ebegin "Starting ${name}"
start-stop-daemon --start --quiet --exec "${command}" \
-u ${name} -g ${name} \
--pidfile "${pidfile}" -b -m \
-1 /var/log/${name}/${name}.log \
-2 /var/log/${name}/${name}.err
eend $? "Failed to start ${name}"
}
stop() {
ebegin "Stopping ${name}"
start-stop-daemon --stop --quiet --pidfile "${pidfile}"
eend $? "Failed to stop ${name}"
}
/var/log/piawgmgr/piawgmgr.log {
missingok
notifempty
copytruncate
compress
daily
rotate 5
}
/var/log/piawgmgr/piawgmgr.err {
missingok
notifempty
copytruncate
compress
daily
rotate 5
}
\ No newline at end of file
.TH PIAWGMGR 1
.SH NAME
piawgmgr \- manage PIA WireGuard interfaces
.SH SYNOPSIS
.B piawgmgr
[\fB\-\-list\-regions\fR [\fB\-\-no\-ping\fR] [\fB\-\-raw\-json]]
.SH DESCRIPTION
.B piawgmgr
manages your WireGuard connections with Private Internet Access.
.PP
When started with no arguments, piawgmgr will attempt to start its service
mode by reading /etc/piawgmgr/piawgmgr.properties and create the interfaces
defined in the configuration.
.PP
The alternate execution mode is to invoke with the \-\-list\-regions option,
which will fetch the regions data from PIA and display it to stdout then exit.
This output includes the id for each region, which is needed to configure
interfaces in your configuration file.
.SH OPTIONS
.TP
.BR \-\-list\-regions
Query PIA for all available regions. Print results in tabular form to stdout.
Regions are listed from fastest to slowest ping time sampled.
.TP
.BR \-\-no\-ping
When combined with \fB\-\-list\-regions\fR, just list all available regions
without pinging each of them. This lists all regions much quicker.
.TP
.BR \-\-raw\-json
When combined with \fB\-\-list\-regions\fR, the output is in json format.
The output is the json output fetched from PIA with each region annotated
with a ping property denoting the sampled latency to that region. The
raw json results are not sorted by ping time.
#!/bin/sh
# piawgmgr: A Wireguard interface manager for PIA
#
# Copyright (C) 2020 Battams, Derek <derek@battams.ca>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
SYSCTL=/sbin/sysctl
INSTALL=/usr/bin/install
if [ ! -d /var/log/piawgmgr ]; then
$INSTALL -m700 -o piawgmgr -g piawgmgr -d /var/log/piawgmgr
fi
SYSCTL_IPV4_FWDING=net.ipv4.conf.all.forwarding
IPFWD=`$SYSCTL -n $SYSCTL_IPV4_FWDING`
if [ "$IPFWD" != "1" ]; then
cat << EOF
WARNING: IPv4 packet forwarding is not enabled, this will prevent you from
routing packets outside this system
Set $SYSCTL_IPV4_FWDING=1 to enable packet forwarding, if desired
EOF
fi
SYSCTL_IPV6_STATUS=net.ipv6.conf.all.disable_ipv6
IPV6=`$SYSCTL -n $SYSCTL_IPV6_STATUS`
if [ "$IPV6" != "1" ]; then
cat << EOF
WARNING: IPv6 is not disabled on this system
There is a risk of data leaking while using PIA when IPv6 is enabled. Review
your configuration as needed.
Set $SYSCTL_IPV6_STATUS=1 to disable IPv6, if desired
EOF
fi
WGLTS=`cat /tmp/piawgmgr.wireguard-lts`
if [ "x$WGLTS" == "x" ]; then
echo ">>> You must reboot this system before starting piawgmgr <<<"
fi
\ No newline at end of file
#!/bin/sh
# piawgmgr: A Wireguard interface manager for PIA
#
# Copyright (C) 2020 Battams, Derek <derek@battams.ca>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
/sbin/rc-service -s piawgmgr restart
\ No newline at end of file
#!/bin/sh
# piawgmgr: A Wireguard interface manager for PIA
#
# Copyright (C) 2020 Battams, Derek <derek@battams.ca>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
/sbin/rc-service -s piawgmgr stop
\ No newline at end of file
#!/bin/sh
# piawgmgr: A Wireguard interface manager for PIA
#
# Copyright (C) 2020 Battams, Derek <derek@battams.ca>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Check if the wireguard kernel is installed; tell the user to reboot if it's not
/sbin/apk list -I wireguard-lts > /tmp/piawgmgr.wireguard-lts
SVCUSER=piawgmgr
# Create the service group
/usr/bin/cat /etc/group | grep -q "^$SVCUSER"
RC=$?
if [ "$RC" != "0" ]; then
/usr/sbin/addgroup -S $SVCUSER
fi
# Create the service user
/usr/bin/id $SVCUSER >> /dev/null 2>&1
RC=$?
if [ "$RC" != "0" ]; then
/usr/sbin/adduser -H -D -S -G $SVCUSER -s /sbin/nologin $SVCUSER
fi
\ No newline at end of file
## piawgmgr: A Wireguard interface manager for PIA
##
## Copyright (C) 2020 Battams, Derek <derek@battams.ca>
##
## This program is free software: you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation, either version 3 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program. If not, see <http://www.gnu.org/licenses/>.
#### piawgmgr configuration reference ####
##
## This file documents all of the configuration options for piawgmgr, their
## meaning and their default values.
##
## Options commented out are optional and will be defaulted if not provided.
## Options that are not commented out are required and must be configured
## otherwise piawgmgr WILL NOT START PROPERLY.
##
## Though it is possible to copy this reference file, it might be easier to
## copy the .sample file instead as it provides a barebones config without
## the detailed documentation for all options.
####
#### PIA CONFIGURATION ####
## These options are required and provide your PIA credentials used for
## authentication
# Your PIA login
wgmgr.pia.id=
# Your PIA password
wgmgr.pia.password=
#### PIA WIREGUARD INTERFACE CONFIGURATION ####
## Configuration options for one or more PIA WireGuard interfaces to be
## managed by piawgmgr.
##
## For each WireGuard interface you want to create, you must add an indexed
## interface configuartion. Here, we should define the full configuration
## options for the first interface to be managed by piawgmgr (index 0). To
## add more interfaces, simply repeat the configuration with an incremented
## index for each interface.
##
## piawgmgr will start with no interfaces configured, but you will need to
## restart it after modifying the configuration to add interfaces. A future
## version may handle modifications to the configuration without the need for
## an app restart.
# System name of the interface to be created, must be unique amongst all
# interfaces defined on your system (WireGuard, ethernet, etc.). The value
# shown here is NOT a default, but an example. You must explicitly set this
# value for each interface created.
# REQUIRED
wgmgr.interfaces[0].name=pia0
# The PIA region you wish to create this interface in. You can get a list of
# all available PIA regions by running: piawgmgr --list-regions
# The value shown here is NOT a default, but an example. You must explicitly
# set this value for each interface.
# REQUIRED
#
# A future version of piawgmgr will allow you to specify an underscore for the
# region name. When used, it denotes that piawgmgr should calculate the
# fastest/closest region to you and use that region for this interface.
# THE FASTEST REGION OPTION IS NOT YET IMPLEMENTED, DO NOT TRY TO USE IT
# piawgmgr will fail to create an interface that uses the underscore region
# name at this time.
wgmgr.interfaces[0].region=ca_ontario
# When true, signifies that you wish to enable port forwarding on this
# interface. This will acquire a port with PIA that is port forwarded.
# Enabling port forwarding on an interface DOES NOT create any firewall rules
# to allow the traffic in. The assigned port will be available via a REST
# call to the piawgmgr web services. If you enable port forwarding for an
# interface in a region that does not support it then this setting is ignored.
# THIS FEATURE IS NOT YET IMPLEMENTED AND CURRENTLY HAS NO EFFECT
#wgmgr.interfaces[0].port-forward=false
# When true, the DNS servers received from PIA will be appended to any DNS
# settings you configure with the dns setting of this interface.
# THIS FEATURE IS NOT YET IMPLEMENTED AND CURRENTLY HAS NO EFFECT
#wgmgr.interfaces[0].use-pia-dns=false
# The value specified here is passed thru to the DNS config value in the
# generated wg-quick configuration for this interface. See the man page
# for wg-quick for more details.
#wgmgr.interfaces[0].dns=
# The value specified here is passed thru to the MTU config value in the
# generated wg-quick configuration for this interface. See the man page
# for wg-quick for more details.
#wgmgr.interfaces[0].mtu=
# The value specified here is passed thru to the PersistentKeepAlive config
# value in the generated wg-quick configuration for this interface. See the
# man page for wg-quick for more details.
#
# PIA recommends setting this value to 25 for all interfaces with PIA
# therefore the default value of 25 will be used when not set.
#wgmgr.interfaces[0].persistent-keep-alive=25
# The value specified here is passed thru to the AllowedIPs config value in
# the generated wg-quick configuration for this interface. See the man page
# for wg-quick for more details. When not specified, 0.0.0.0/0 is used.
#wgmgr.interfaces[0].allowed-ips=0.0.0.0/0
# When true AND allowed-ips is set to 0.0.0.0/0, this setting will modify the
# allowed-ips to prevent private IP addresses from being routed thru this
# interface. Does NOT have any effect if you disable route table changes via
# the table config setting.
# THIS FEATURE IS NOT YET IMPLEMENTED AND CURRENTLY HAS NO EFFECT
#wgmgr.interfaces[0].dont-route-rfc1918=false
# The value specified here is passed thru to the Table config value in the
# generated wg-quick configuration for this interface. See the man page for
# wg-quick for more details.
#wgmgr.interfaces[0].table=
# The four settings below are passed thru to the generated wg-quick
# configuration file for this interface. Each option represents an event in
# the lifecycle of a WireGuard interface that you can execute a script/command
# in response to. The values set here are simply passed thru unmodified into
# the generated wg-quick configuration file for this interface. See the man
# page for wg-quick for more details.
#
# As mentioned throughout the docs for piawgmgr, this app is NOT a firewall or
# routing management application. piawgmgr does NOT manage firewalling or
# routing for any PIA interfaces created and managed in this config file. The
# scripts you configure below would be the way to trigger any and all firewall
# and/or routing config changes that are needed on your system to properly and
# securely make use of the connections you are creating and managing with
# piawgmgr. In any scenario that the author can think of, you MUST somehow
# externally configure firewalling/routing to properly and securely utilize
# the connections you are creating here. If you do not trigger some kind of
# firewall and/or routing management using the events below then at the very
# least, none of the interfaces you configure here will work properly.
# At worst, you may have severe security issues, especially if you've enabled
# port forwarding on any of the configured interfaces. piawgmgr IS NOT A
# SECURITY management tool. It simply configures, manages, and maintains
# WireGuard interfaces with PIA on your behalf based on the configuration
# defined in this file. SECURITY IS THE SOLE RESPONSIBILITY OF THE USER.
#wgmgr.interfaces[0].pre-up=
#wgmgr.interfaces[0].post-up=
#wgmgr.interfaces[0].pre-down=
#wgmgr.interfaces[0].post-down=
#### SYSTEM CONFIGURATION ####
## Settings for WireGuard config file location, WireGuard interface management
## and other general system config options.
# Destroy all WireGuard interfaces matching this regex at startup.
#
# Use this setting to auto destroy any possible lingering interfaces at app
# startup. For example, you might name all of your PIA WireGuard interfaces
# as piaX where X is a number. So you might want to tell piawgmgr to always
# destroy such named interfaces on startup to cover the case where you remove
# an interface from your config but forget to destroy the WireGuard interface
# yourself. piawgmgr always destroys and recreates the interfaces referenced
# in your configuration as part of its startup process; this setting is for
# destroying interfaces that are forgotten after being removed from your
# configuration. To manage interfaces named piaX as mentioned above, you
# might want to set this value to: pia\d+
#wgmgr.destroy-matching-interfaces=
# Where piawgmgr will write the WireGuard config files it generates.
#
# You usually do not want to modify this setting unless testing/developing.
#wgmgr.interface-config-dir=/etc/wireguard
\ No newline at end of file
#### piawgmgr configuration sample ####
## A barebones sample configuration file to get you started. Please refer to
## the .ref file for a detailed explanation of these settings along with other
## optional configuration settings you might want to take advantage of.
##
## All options in this sample are the bare minimum required options needed to
## get piawgmgr to start up. You must explicitly set values for the options
## shown in this sample otherwise piawgmgr will not start. See the .ref file
## for additional config options.
####
# PIA creds
wgmgr.pia.id=
wgmgr.pia.password=
# One interface config; repeat with an incremented index for each additional
# interface you want managed by piawgmgr
wgmgr.interfaces[0].name=
wgmgr.interfaces[0].region=
# The 4 settings below are optional, but you probably really, really want to
# set these. See the .ref file and/or the project docs for more details. It
# is usually incorrect to not set at least post-up and pre-down events with
# something that modifies your system's firewall and/or routing unless you're
# configuring a single PIA interface only and want all traffic to route thru
# that lone interface. (Though the single interface config will work with
# absolutely no problems, you probably want to use the official PIA client
# for the single interface config. This application is all about creating
# and managing multiple PIA interfaces concurrently for a policy based
# routing configuration.)
#wgmgr.interfaces[0].pre-up=
#wgmgr.interfaces[0].post-up=
#wgmgr.interfaces[0].pre-down=
#wgmgr.interfaces[0].post-down=
# If you wanted to add an additional interface, just increment the index; the
# name must be unique across all interfaces on your system (not just all
# WireGuard interfaces)
#
# When you start defining multiple interfaces, you need to take control of the
# routing configuration. Do NOT rely on wg-quick to set your routing for these
# interfaces. You probably want to set the table option to 'off' for all
# defined interfaces and make sure that there are event scripts configured to
# properly configure the firewall and routing for your system. Typically you
# are defining multiple interfaces to facilitate policy based routing thru
# multiple PIA connections. This is the purpose of piawgmgr, but as the docs
# repeat over and over, piawgmgr is NOT a firewall manager. You must
# configure the firewall and routing, including desired policy routing, else
# where; usually triggered via the lifecycle events for the WireGuard
# interfaces themselves. See the piawgmgr docs for more information.
wgmgr.interfaces[1].name=
wgmgr.interfaces[1].region=
#wgmgr.interfaces[1].pre-up=
#wgmgr.interfaces[1].post-up=
#wgmgr.interfaces[1].pre-down=
#wgmgr.interfaces[1].post-down=
\ No newline at end of file
piawgmgr ALL=NOPASSWD:/usr/bin/wg, /usr/bin/wg-quick, /bin/mv, /bin/chown root\:root *, /bin/chmod
Markdown is supported
0% or .