NAME

wiresep — WireGuard daemon

SYNOPSIS

wiresep [-dnVv] [-f file]

DESCRIPTION

The wiresep daemon runs WireGuard on one or more tunnel interfaces.

If sent a SIGUSR1 signal, wiresep logs statistics.

The arguments are as follows.

-d: Do not daemonize but stay in foreground.
-f file: Use file as the configuration file instead of the default.
-n: Config test mode. No output is shown if there are no errors.
-V: Print the version of WireSep.
-v: Be verbose. Specify once or twice when troubleshooting the network, more is probably only interesting if you're a developer.

KEY FILE FORMAT

The format for both private keys and pre-shared keys is the same. A file should contain only one key which must be encoded in Base64. Any blank line in the file or lines that start with a ‘#’ are ignored, as well as any text that follows a key. The file must be owned by the superuser and may not have any permission bits set for the group or others. Note that both private keys and pre-shared keys can be conveniently generated with wiresep-keygen(1).

FILES

/etc/wiresep/wiresep.conf default configuration file used by wiresep

The following default locations are used for keys if not configured otherwise. Only the private key for an interface is mandatory, all pre-shared keys are optional.

/etc/wiresep/tunN.privkey default location of the private key used for an interface. tunN must correspond to the name of a configured interface.

/etc/wiresep/global.psk default location of a global pre-shared key

/etc/wiresep/tunN.psk default location of an interface specific pre-shared key

/etc/wiresep/tunN.peer.psk default location of a peer specific pre-shared key

Note that tunN and peer should be substituted for the actual name of a configured interface and peer.

EXIT STATUS

The wiresep daemon exits 0 after receiving a TERM signal, or >0 if an error occurs.

AUTHORS

Tim Kuijsten