From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id +JsfEIMCY2ToXgEASxT56A (envelope-from ) for ; Tue, 16 May 2023 06:11:47 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id UKsnD4MCY2TVcAAAG6o9tA (envelope-from ) for ; Tue, 16 May 2023 06:11:47 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ED164428A3 for ; Tue, 16 May 2023 06:11:46 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pym1j-0008KK-Mm; Tue, 16 May 2023 00:11:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pym1g-0008JJ-UU for guix-patches@gnu.org; Tue, 16 May 2023 00:11:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pym1g-0002pu-13 for guix-patches@gnu.org; Tue, 16 May 2023 00:11:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pym1f-00023S-SN for guix-patches@gnu.org; Tue, 16 May 2023 00:11:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#63402] [PATCH v3 3/3] services: wireguard: Workaround keep-alives bug. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 16 May 2023 04:11:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63402 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 63402@debbugs.gnu.org Cc: Maxim Cournoyer Received: via spool by 63402-submit@debbugs.gnu.org id=B63402.16842102577858 (code B ref 63402); Tue, 16 May 2023 04:11:03 +0000 Received: (at 63402) by debbugs.gnu.org; 16 May 2023 04:10:57 +0000 Received: from localhost ([127.0.0.1]:44876 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pym1Y-00022g-OE for submit@debbugs.gnu.org; Tue, 16 May 2023 00:10:57 -0400 Received: from mail-qv1-f54.google.com ([209.85.219.54]:60648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pym1V-00022C-CR for 63402@debbugs.gnu.org; Tue, 16 May 2023 00:10:54 -0400 Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-61b5a653df7so118446576d6.0 for <63402@debbugs.gnu.org>; Mon, 15 May 2023 21:10:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684210248; x=1686802248; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JcTcv/Aw7Vjf3SttVzvHv8nhjL8pJjQ48Rsechc2B1I=; b=FMmFe/NNU8KdQYJ9flEiGmUrF5CZiIb/Fyj08Op7FYk9gbU501pX+ynxAalTPuYtq+ LvsWKKEUBuHVUQ2qhCAHegWAGbJLzhC/hY1QJ8zARG+qIs6uF01pixWiv4YgrWceEyQu dVRaovajCRXz23tJyZk7rMezlmm6DunA88UAPnolQXzxKRjqd71AWHoXRDHLocZEYCPb ETA6s4ImT1TjqKd1A3e+mM4xYAUt98UN0EjVp9LEmYVflsKja8D9wcK+koRUb6A0yxiz w/CRcNRe5UOTmPSPd8Gg7EorN7GUiioL1Efss7205e9z0+5SC6soI3gFzMZEbhfwB4lt 9zJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684210248; x=1686802248; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JcTcv/Aw7Vjf3SttVzvHv8nhjL8pJjQ48Rsechc2B1I=; b=VPRxegiuPdMMzGQde8X4gpHZZvBTTmTjU7FVr2B6O3PQvC32Z2LmKSiEuoDOyTHSUd whJpp58BPTZxnmAD3WBSevgQUv13fthptd+M2EfRu0L8N7dQBWJNblVsYambWz7ngSE2 Sa0TZD9uY8sniYsTmvbfQErjyq1oCfjZP2sp1WIK+C4S0o3ztaYOSUA0Uo6QKH/cq8Uh qzyphY9oEjEnka2s9zLhIC6d3P8yH4ObnV8dX2Y3SK/mPYp+hhjQ2GzNFXJ4maK0Hc4A eBOZH4tIn41fO3hESdUjojbObJFJmUgm5TVTEoEBBPLT7+pQI4tXHcidINfbBkueUHY7 v9xA== X-Gm-Message-State: AC+VfDwyPcBRN7gfsDu4CvbWpFIBloK0Ck52A5JILt6irrZCFeSljiJF 7HNRXy+h0YcmulcuTqwxEUxzBuPzrCBp2MeU X-Google-Smtp-Source: ACHHUZ7rAYV1XDvJ0b4bfXhRLX5nLCFgsnUTc4YBo7CV8H0RGJ5JHIcgj2MFSrN3EYnv3FVYpyYYMw== X-Received: by 2002:a05:6214:4118:b0:622:7b7f:ed2f with SMTP id kc24-20020a056214411800b006227b7fed2fmr21521992qvb.18.1684210247767; Mon, 15 May 2023 21:10:47 -0700 (PDT) Received: from localhost.localdomain (dsl-205-236-230-106.b2b2c.ca. [205.236.230.106]) by smtp.gmail.com with ESMTPSA id f21-20020a0caa95000000b005f2dba7a5b0sm5367347qvb.132.2023.05.15.21.10.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 May 2023 21:10:47 -0700 (PDT) From: Maxim Cournoyer Date: Tue, 16 May 2023 00:09:08 -0400 Message-Id: <7ae336651ea9af2aa191e99b8f046bfbc24a1335.1684210148.git.maxim.cournoyer@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <76b34e5229e0e97068cb3bd42152f29630a8dbfc.1684210148.git.maxim.cournoyer@gmail.com> References: <76b34e5229e0e97068cb3bd42152f29630a8dbfc.1684210148.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1684210307; a=rsa-sha256; cv=none; b=O+vawqDbrU4tIJpJwc7f13Fj9dS//R14qEF8+Q1bktaslq6SMOlQu4/ttNx5f2KPkMVjIa SBL3sAxRVlJqbwSpkwRlsEk/ly/NLt7iC/3ZK2bVuMpZa9bIjgC2av1BSSTpLdlZ1WS1Yt ctb5vjYjh+HSNMU39wn21eBwHhNhHw0ku7a3KRA6HEREGNJOH+qtbpJnQvebnyXJ6pOOMB hjYhXmVM5eVHta8ieQI+ivT6yOQNlu65RbVN+PgDLbX06JygoH5DIVr6vx77odrPZztlAL W7CTjZqRR4+/4fYrHQL5eqFYIMFWJPfApgywAz4MtcmmjHW+zYDo7+6f9bazCA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b="FMmFe/NN"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1684210307; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=JcTcv/Aw7Vjf3SttVzvHv8nhjL8pJjQ48Rsechc2B1I=; b=stOK5Y3bLRCHnrP9vZsfeLzt3jD2HzX7jUFyfiO3bu7QdsXiCpXvlLvEmYNANOgqOvwQ2W gvKTYQDyeCyj9QZNm7IM+DISIaAuyosAxel4/muz2s9i2dbH5CVWC0N/MjSqHSS3qQ96KW N2HQ4wOFnYZK/goKdZtSB86EbP7PsucIS+QeElj0065YaVe1AMOyRdPsqP6xo5cRz2KHuD OtG6gANNyo7dZ4Yr5Mkot84Bsho12xY8YZqKiCu0fiYNdcWJb8/nWM27F56a/9oIx6pCTH f4g3btbha2jy5fEgcUO9bi04FWj4PW00Vd+Ll5xR1z2WYx/b0LAAIWm/NYD2Kg== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b="FMmFe/NN"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 6.31 X-Spam-Score: 6.31 X-Migadu-Queue-Id: ED164428A3 X-TUID: qHoeRBmUHX/3 * gnu/services/vpn.scm (wireguard-configuration-file): Add the 'persistent-keepalive' option to the PostUp script to workaround a bug. --- gnu/services/vpn.scm | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 3f66db79de..587bfcfc0e 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -774,18 +774,19 @@ (define (wireguard-configuration-file config) (format #f "~@[PersistentKeepalive = ~a~]" keep-alive)))) (string-join (remove string-null? lines) "\n")))) - (define (peers->preshared-keys peer keys) - (let ((public-key (wireguard-peer-public-key peer)) - (preshared-key (wireguard-peer-preshared-key peer))) - (if preshared-key - (cons* public-key preshared-key keys) - keys))) + (define (peers->preshared-keys+keep-alive peer data) + (match-record peer + (public-key preshared-key keep-alive) + (if (or preshared-key keep-alive) + (cons* public-key preshared-key keep-alive data) + data))) (match-record config (wireguard interface addresses port private-key peers dns pre-up post-up pre-down post-down table) (let* ((config-file (string-append interface ".conf")) - (peer-keys (fold peers->preshared-keys (list) peers)) + (peer-keys+keep-alive (fold peers->preshared-keys+keep-alive + '() peers)) (peers (map peer->config peers)) (config (computed-file @@ -805,9 +806,14 @@ (define (wireguard-configuration-file config) #$@(if (null? pre-up) '() (list (format #f "~{PreUp = ~a~%~}" pre-up))) + ;; Duplicate the persistent-keepalive setting here, to + ;; workaround a bug in WireGuard where keep-alives are not + ;; sent when an interface is initially brought up without + ;; a private key. (format #f "PostUp = ~a set %i private-key ~a\ -~{ peer ~a preshared-key ~a~}" #$(file-append wireguard "/bin/wg") -#$private-key '#$peer-keys) +~{ peer ~a~@[ preshared-key ~a~]~@[ persistent-keepalive ~a~]~}" + #$(file-append wireguard "/bin/wg") + #$private-key '#$peer-keys+keep-alive) #$@(if (null? post-up) '() (list (format #f "~{PostUp = ~a~%~}" post-up))) -- 2.39.2