diff options
| author | Guillaume Le Vaillant <glv@posteo.net> | 2021-04-20 13:29:44 +0200 |
|---|---|---|
| committer | Guillaume Le Vaillant <glv@posteo.net> | 2021-04-20 14:32:53 +0200 |
| commit | 3313f61e18cbb4a89ec6c980b39f8e5fcad2b890 (patch) | |
| tree | e397d4373e7c6cd5145f49ee404e1e8d35a9edf2 | |
| parent | 50d9bccb2fb64d85e691dfc98fa2f02850b496a1 (diff) | |
services: wireguard: Add keep-alive support.
* gnu/services/vpn.scm (<wireguard-peer>): Add 'keep-alive' field.
(wireguard-configuration-file): Use it.
* doc/guix.texi (VPN Services): Document it.
| -rw-r--r-- | doc/guix.texi | 8 | ||||
| -rw-r--r-- | gnu/services/vpn.scm | 13 |
2 files changed, 17 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 2fe7ad3a2a..b9019d5550 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -68,7 +68,7 @@ Copyright @copyright{} 2019 Ivan Petkov@* Copyright @copyright{} 2019 Jakob L. Kreuze@* Copyright @copyright{} 2019 Kyle Andrews@* Copyright @copyright{} 2019 Alex Griffin@* -Copyright @copyright{} 2019, 2020 Guillaume Le Vaillant@* +Copyright @copyright{} 2019, 2020, 2021 Guillaume Le Vaillant@* Copyright @copyright{} 2020 Leo Prikler@* Copyright @copyright{} 2019, 2020 Simon Tournier@* Copyright @copyright{} 2020 Wiktor Żelazny@* @@ -26999,6 +26999,12 @@ The peer public-key represented as a base64 string. A list of IP addresses from which incoming traffic for this peer is allowed and to which incoming traffic for this peer is directed. +@item @code{keep-alive} (default: @code{#f}) +An optional time interval in seconds. A packet will be sent to the +server endpoint once per time interval. This helps receiving +incoming connections from this peer when you are behind a NAT or +a firewall. + @end table @end deftp diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm index 3e315a6df2..6fbe20a849 100644 --- a/gnu/services/vpn.scm +++ b/gnu/services/vpn.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2021 Guillaume Le Vaillant <glv@posteo.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -537,7 +538,9 @@ is truncated and rewritten every minute.") (endpoint wireguard-peer-endpoint (default #f)) ;string (public-key wireguard-peer-public-key) ;string - (allowed-ips wireguard-peer-allowed-ips)) ;list of strings + (allowed-ips wireguard-peer-allowed-ips) ;list of strings + (keep-alive wireguard-peer-keep-alive + (default #f))) ;integer (define-record-type* <wireguard-configuration> wireguard-configuration make-wireguard-configuration @@ -560,16 +563,20 @@ is truncated and rewritten every minute.") (let ((name (wireguard-peer-name peer)) (public-key (wireguard-peer-public-key peer)) (endpoint (wireguard-peer-endpoint peer)) - (allowed-ips (wireguard-peer-allowed-ips peer))) + (allowed-ips (wireguard-peer-allowed-ips peer)) + (keep-alive (wireguard-peer-keep-alive peer))) (format #f "[Peer] #~a PublicKey = ~a AllowedIPs = ~a -~a" +~a~a" name public-key (string-join allowed-ips ",") (if endpoint (format #f "Endpoint = ~a\n" endpoint) + "") + (if keep-alive + (format #f "PersistentKeepalive = ~a\n" keep-alive) "\n")))) (match-record config <wireguard-configuration> |